Vulnerability Index: Year 2018

Use-after-free vulnerability in older versions of PHP allows remote code execution Memory Corruption and Denial of Service Vulnerability in Juniper Networks Junos OS Denial of Service Vulnerability in Juniper Networks Junos OS High CPU Consumption Denial of Service Vulnerability in Junos OS Vulnerability: Traffic Forwarding Instead of Dropping on QFX and EX Series Switches Vulnerability: Denial of Service in BBE Subscriber Management Daemon due to VLAN Authentication Requests Denial of Service and Code Injection Vulnerability in Junos OS Unauthenticated Root Login Vulnerability in Juniper Networks Junos OS Firewall Bypass Vulnerability in Juniper Networks SRX Series Devices Unauthorized SSH Access Vulnerability in Juniper Networks Junos Space Security Director Reflected XSS Vulnerability in Junos Space: Remote Code Injection and Data Theft Privilege Escalation Vulnerability in Junos Space Authenticated File Retrieval Vulnerability in Juniper Networks Junos Space Network Management Platform Memory Leakage Vulnerability in Juniper Networks ScreenOS Devices Unrestricted Access to AppFormix Debug Console Allows Execution of System Commands with Root Privilege Junos OS CLNP Datagram Vulnerability Denial of Service Vulnerability in Junos OS NAT-PT Feature on SRX Series Devices Vulnerability: Bypassing Firewall Rules and Information Disclosure in SRX Series Devices with IDP Policies Junos OS SNMP MIB-II Subagent Daemon (mib2d) Denial of Service Vulnerability Vulnerability: Denial of Service in Junos OS due to Malformed BGP UPDATE Vulnerability: Weak MacSec Key Configuration in Juniper Devices MBuf Leak Vulnerability in Junos Devices with VPLS Routing Insecure File and Directory Permissions in JSNAPy Automation Tool Privilege Escalation Vulnerability in Juniper Networks Junos OS Vulnerability: Credential Capture Risk in SRX Series Devices with HTTP/HTTPS Pass-Through Authentication Stateless firewall filter configuration not taking effect after Junos OS device reboot or upgrade Vulnerability: RSVP PATH Message DoS in Junos OS 16.1 versions prior to 16.1R3 Broadcast Storm Vulnerability in Junos OS 15.1 and Later Releases Denial of Service Vulnerability in Juniper Networks Junos OS with MPC7/8/9 or PTX-FPC3 (FPC-P1, FPC-P2) and PTX1K Vulnerability: Bypass of Stateless Firewall Filter via Crafted UDP/IP Packets over MPLS Crafted BGP UPDATE Vulnerability in Junos OS Denial of Service Vulnerability in Juniper Networks Junos OS JDHCPD Daemon Unintended Open Network Install Environment (ONIE) Partition Vulnerability in QFX5200 and QFX10002 Devices Vulnerability: Denial of Service and Remote Code Execution in Junos OS BGP NOTIFICATION Processing Hardcoded Credentials in Juniper Networks Contrail Service Orchestration Allow Unauthorized Access to Cassandra Hardcoded Credentials in Juniper Networks Contrail Service Orchestration Grafana Service Hardcoded Cryptographic Certificates and Keys Vulnerability in Juniper Networks Contrail Service Orchestrator Hardcoded Credentials in Juniper Networks Contrail Service Orchestration Allow Unauthorized Access to Keystone Information Disclosure Vulnerability in Juniper Networks CSO Versions Prior to 4.0.0 Denial of Service and Remote Code Execution Vulnerability in Juniper Networks Junos OS Insecure SSHD Configuration in Juniper NFX Series Devices Allows Remote Unauthenticated Access Denial of Service and Remote Code Execution Vulnerability in Junos OS Reflected Cross-Site Scripting Vulnerability in Juniper Networks Junos Space Persistent Cross-Site Scripting Vulnerability in Junos Space Security Director Memory Exhaustion Vulnerability in Juniper Routing Protocols Daemon (RPD) with JET Support NULL Pointer Dereference Vulnerability in Juniper Networks Junos OS Denial of Service Vulnerability in Juniper Networks Junos OS RPD Denial of Service Vulnerability in Junos OS SIP ALG Component Remote Unauthenticated Root Access via Enabled RSH Service and Disabled PAM Authentication on Junos OS Authentication Bypass Vulnerability in Juniper Networks Junos OS on vSRX Series Vulnerability: Egress Interface Congestion and Routing Protocol Packet Drops on QFX5000 Series and EX4600 Switches Denial of Service Vulnerability in Junos OS DHCPv6 Server L2ALD Daemon Crash Due to Duplicate MAC Address Vulnerability Vulnerability: DHCP Option 50 IP Address Assignment Spoofing Kernel Crash and Reboot Vulnerability in Junos OS 15.1 and Later on MX Series Persistent Cross-Site Scripting Vulnerability in Juniper Networks ScreenOS 6.3.0 Improper Input Validation Vulnerability in Juniper Networks Junos OS Denial of Service Vulnerability in Junos OS Telnetd Service Denial of Service Vulnerability in J-Web Service Denial of Service (DoS) Vulnerability in Junos OS 17.3R3 Cisco Unified Customer Voice Portal Application Server Denial of Service Vulnerability Cisco Web Security Appliance (WSA) FTP Server Authentication Bypass Vulnerability Cisco Industrial Ethernet 4010 Series Switches CLI Command Vulnerability Unauthenticated Remote Access Vulnerability in Cisco Policy Suite (CPS) PCRF Cisco NX-OS System Software Management Interface ACL Bypass Vulnerability Cisco Identity Services Engine (ISE) Web-Based Management Interface DOM Cross-Site Scripting Vulnerability Vulnerability: Improper Deletion of User Accounts in Cisco NX-OS System Software Cisco Web Security Appliance (WSA) Reflected Cross-Site Scripting (XSS) Vulnerability IPv6 Ingress Packet Processing Vulnerability in Cisco UCS Central Software Privilege Escalation Vulnerability in Cisco AsyncOS on Email Security and Content Security Appliances Privilege Escalation in Cisco Prime Infrastructure's RBAC Functionality Cisco Prime Infrastructure Open Redirect Vulnerability Cross-Site Scripting (XSS) Vulnerability in Cisco WAP150 and WAP361 Access Points Command Injection Vulnerability in Cisco D9800 Network Transport Receiver's Web Management GUI XML External Entity (XXE) Injection Vulnerability in Cisco AnyConnect Secure Mobility Client Profile Editor Cisco ASA SSL VPN Double Free Memory Vulnerability Denial of Service Vulnerability in Cisco NX-OS Software Pong Tool Buffer Overflow Vulnerability in Cisco WebEx Network Recording Player for ARF Files Remote Code Execution Vulnerability in Cisco WebEx Network Recording Player for ARF Files Insufficient Protection of Database Tables in Cisco Unified Communications Manager Allows Unauthorized Data Access ConfD Server Unauthorized Information Access Vulnerability Unauthenticated Remote Code Execution Vulnerability in Cisco Prime Service Catalog Out-of-Band XXE Injection Vulnerability in Cisco WebEx Meetings Server Root Account Access Vulnerability in Cisco WebEx Meetings Server Persistent Access Vulnerability in Cisco WebEx Meetings Server Unauthenticated Remote Access Vulnerability in Cisco WebEx Meetings Server Arbitrary Code Execution Vulnerability in Cisco WebEx Clients Arbitrary Command Execution Vulnerability in Cisco UCS Central Software Vulnerability: Token Re-signing Exploit in Cisco node-jose Library Arbitrary Command Execution Vulnerability in Cisco StarOS CLI Cisco Policy Suite RADIUS Authentication Bypass Vulnerability Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerability in Cisco Unified Communications Manager Web Interface Improper Display of User-Account Tokens in Cisco Spark Account Services SQL Injection Vulnerability in Cisco Unified Communications Manager Authentication Bypass Vulnerability in Cisco Elastic Services Controller Software Vulnerability: Local File Overwrite in Cisco StarOS CLI Cisco IOS and IOS XE Software Diagnostic Shell Path Traversal Vulnerability Insecure Key Generation Vulnerability in Cisco Unified Communications Domain Manager Arbitrary Code Execution and Root Privilege Vulnerability in Cisco RV132W and RV134W Routers Unauthenticated Remote Access to Configuration Parameters in Cisco RV132W and RV134W Routers Cisco Data Center Analytics Framework Web Interface XSS Vulnerability Cisco Data Center Analytics Framework Web Interface XSS Vulnerability Vulnerability in Cisco Elastic Services Controller Software Allows Unauthorized Administrative Access RSA-Encrypted Nonce Disclosure Vulnerability in Cisco IOS Software and Cisco IOS XE Software Cisco IOS XR Software FIB Code Denial of Service Vulnerability Cisco Policy Suite RADIUS Authentication Module Username Validity Disclosure Vulnerability Cisco Unified Communications Manager Information Disclosure Vulnerability IPv6 Fragment Header Extension Vulnerability in Cisco ASR 9000 Series Cisco Prime Network TCP Throttling Denial of Service Vulnerability Cisco Firepower System Software: Bypass of File Policies via BitTorrent Protocol Cisco Unified Customer Voice Portal (CVP) IVR Connection Disconnection Denial of Service Vulnerability Authenticated Remote Attacker Can Bypass Spam Quarantine in Cisco Email Security Appliance and Cisco Content Security Management Appliance Hard-coded Account Password Vulnerability in Cisco Prime Collaboration Provisioning (PCP) Software 11.6 Cross-Site Scripting (XSS) Vulnerability in Cisco Prime Data Center Network Manager Cisco Data Center Analytics Framework Application Reflected XSS Vulnerability Cross-Site Request Forgery (CSRF) Vulnerability in Cisco Data Center Analytics Framework Application Java Deserialization Remote Code Execution Vulnerability in Cisco Secure Access Control System (ACS) Cross-Site Request Forgery Vulnerability in Cisco UCS Director and IMC Supervisor Software DOM-based Stored XSS Vulnerability in Cisco Integrated Management Controller Supervisor Software and Cisco UCS Director Software Static Credential Vulnerability in Cisco IOS XE Software Cisco IOS and IOS XE Software QoS Subsystem Buffer Overflow Vulnerability Privilege Escalation Vulnerability in Cisco IOS XE Software Denial of Service Vulnerability in Cisco Integrated Services Module for VPN (ISM-VPN) Cisco Catalyst 4500 and 4500-X Series Switches BFD DoS Vulnerability Cisco Smart Install Remote Code Execution Vulnerability Zone-Based Firewall Code Denial of Service Vulnerability in Cisco IOS XE Software IKEv2 Memory Leak and Reload Vulnerability IKEv1 Implementation Vulnerability in Cisco IOS Software and Cisco IOS XE Software Allows Remote DoS Attack Cisco IOS XE Software SNMP Double Free Vulnerability GET MIB Object ID Denial of Service Vulnerability in Cisco Catalyst Switches Cisco IOS Software 802.1x Multi-Auth Bypass Vulnerability Vulnerability in Cisco IOS XE Software Allows Interface Queue Wedge via Crafted IPv6 Packets Cisco IOS XE Software IGMP Packet-Processing Memory Leak Vulnerability Buffer Overflow Vulnerabilities in Cisco LLDP Subsystem Multiple Privilege Escalation Vulnerabilities in Cisco IOS XE Software Cisco IOS XE Software Vulnerability: Denial of Service in Cisco Umbrella Integration Smart Install Remote Code Execution Vulnerability Cisco IOS Software and Cisco IOS XE Software DHCP Option 82 Encapsulation Functionality Denial of Service Vulnerability Cisco IOS Software and Cisco IOS XE Software DHCPv4 Option 82 Information Restoration Denial of Service Vulnerability Cisco IOS and IOS XE Software DHCP Option 82 Encapsulation DoS Vulnerability LLDP Subsystem Format String Vulnerability Multiple Privilege Escalation Vulnerabilities in Cisco IOS XE Software Denial of Service Vulnerability in Cisco Catalyst 3850 and 3650 Series Switches Denial of Service Vulnerabilities in Cisco IOS Software Login Enhancements Denial of Service Vulnerabilities in Cisco IOS Software Login Enhancements Improper Authentication Vulnerability in Cisco Policy Suite for Mobile and Diameter Routing Agent Software Arbitrary Command Injection Vulnerabilities in Cisco IOS XE Software Vulnerability in Cisco IOS XE Software CLI Parser Allows Unauthorized Access and Command Execution Vulnerability in Cisco IOS XE Software CLI Parser Allows Unauthorized Access and Arbitrary Command Execution Arbitrary Command Injection Vulnerabilities in Cisco IOS XE Software Multiple Cross-Site Scripting (XSS) Vulnerabilities in Cisco IOS XE Software Web UI Title: Cisco Identity Services Engine (ISE) Admin Portal Vulnerability: Unauthorized Access to Privileged Account Information Cross-Site Scripting (XSS) Vulnerabilities in Cisco IOS XE Software Web UI Recursive Route Injection Vulnerability in Cisco IOS Software and Cisco IOS XE Software Multiple Cross-Site Scripting (XSS) Vulnerabilities in Cisco IOS XE Software Web UI Arbitrary Command Injection Vulnerabilities in Cisco IOS XE Software Arbitrary Command Injection Vulnerabilities in Cisco IOS XE Software Cisco IOS XE Software REST API Authorization Bypass Vulnerability Arbitrary File Write Vulnerability in Cisco IOS XE Software Web UI Vulnerability in VLAN Trunking Protocol (VTP) Subsystem of Cisco IOS Software and Cisco IOS XE Software Allows for Database Corruption and Denial of Service Insufficient Protection of Database Tables in Cisco Unified Communications Manager Allows Unauthorized Data Access Cross-Site Scripting (XSS) Vulnerability in Cisco Jabber Client Framework (JCF) Allows Remote Code Execution Reflected Cross-Site Scripting (XSS) Vulnerability in Cisco Prime Service Catalog Cisco Jabber Client Framework (JCF) Cross-Site Scripting (XSS) Vulnerability Denial of Service (DoS) Vulnerability in ClamAV PDF Parsing Cisco Unity Connection SMTP Relay Mail Relay Vulnerability Weak Login Controls in Cisco Prime Collaboration Provisioning Tool Web Portal Allows for Denial of Service Attacks Cross-Site Scripting (XSS) Vulnerability in Cisco Prime Collaboration Provisioning Tool Cisco Unified Communications Manager Web-Based Management Interface Reflected Cross-Site Scripting Vulnerability Cisco Secure Access Control Server XML External Entities (XXE) Vulnerability Cisco Registered Envelope Service Cross-Site Scripting Vulnerability Cisco 550X Series Stackable Managed Switches SNMP DoS Vulnerability Cross-Site Request Forgery (CSRF) Vulnerability in Cisco Data Center Network Manager Cisco Identity Services Engine CLI Command Input Validation Vulnerability Cisco Identity Services Engine (ISE) Web-Based Management Interface Cross-Site Scripting (XSS) Vulnerability Cisco Identity Services Engine (ISE) Credential Reset Functionality Privilege Escalation Vulnerability Cisco ISE Command Injection Vulnerability Cisco Identity Services Engine (ISE) Web Management Interface Cross-Site Request Forgery (CSRF) Vulnerability Cisco Identity Services Engine (ISE) Web Management Interface Cross-Site Request Forgery (CSRF) Vulnerability Command Injection Vulnerability in Cisco StarOS CLI Cisco Secure Access Control Server XML External Entities (XXE) Vulnerability Cisco UCS Director Web-Based Management Interface XSS Vulnerability Cross-Site Scripting (XSS) Vulnerability in Cisco Videoscape AnyRes Live Web Interface Cisco ISE CLI Command Injection Vulnerability Undocumented Static User Credentials Vulnerability in Cisco DNA Center Software Reflected Cross-Site Scripting Vulnerability in Cisco Security Manager's DesktopServlet Arbitrary Command Execution Vulnerability in Cisco StarOS CLI SQL Injection Vulnerability in Cisco AppDynamics App iQ Platform Vulnerability in Default SSH User Account Management for Cisco Aironet Access Points SSL VPN Client Certificate Authentication Bypass Vulnerability in Cisco ASA Cisco ASA Ingress Flow Creation CPU Utilization DoS Vulnerability Session Fixation Vulnerability in Cisco AnyConnect Secure Mobility Client, ASA Software, and FTD Software Cisco Firepower Threat Defense (FTD) Software Denial of Service Vulnerability Vulnerability in Cisco ASA and FTD Software Allows Remote DoS Attack Cisco Firepower System Software SSL Packet Reassembly Denial of Service Vulnerability Cisco Aironet Access Points PPTP Denial of Service Vulnerability Denial of Service Vulnerability in Cisco Wireless LAN Controller Bypassing Malware Detection in Cisco AMP for Endpoints macOS Connector Vulnerability in Role-Based Resource Checking Functionality of Cisco UCS Director Interface Forwarding Denial of Service Vulnerability in Cisco StarOS for ASR 5700 Series and VPC System Software Denial of Service Vulnerabilities in Cisco ASA and FTD Software Cisco IOS XR Software UDP Broadcast Forwarding Function Denial of Service Vulnerability Cisco Adaptive Security Appliance WebVPN Interface Cross-Site Scripting Vulnerability Cisco Firepower System Software Vulnerability: Bypassing File Action Policy for SMB2 and SMB3 Protocols Bypassing File Action Policy in Cisco Firepower System Software Cisco 5500 and 8500 Series Wireless LAN Controller (WLC) Software REST API Information Disclosure Vulnerability Vulnerability in Web Authentication Clients for Cisco Wireless LAN Controller and Aironet Access Points Cisco Wireless LAN Controller (WLC) Software GUI Configuration DoS Vulnerability Denial of Service Vulnerability in Cisco Aironet 1800 Series Access Points Vulnerability in Central Web Authentication with FlexConnect Access Points for Cisco Aironet Series APs Cross-Site Scripting (XSS) Vulnerability in Cisco ASA SSL VPN Portal IPv4 Fragment Reassembly DoS Vulnerability in Cisco Wireless LAN Controllers Arbitrary Command Execution Vulnerability in Cisco Secure ACS Cisco Firepower System Software Detection Engine Bypass Vulnerability Cross-Site Request Forgery (CSRF) Vulnerability in Cisco Industrial Ethernet Switches Cisco Packet Data Network Gateway Denial of Service Vulnerability Cisco IOS XE Software Denial of Service Vulnerability Arbitrary File Upload Vulnerability in Cisco Prime Products Cross-Site Request Forgery (CSRF) Vulnerability in Cisco MATE Collector Web Interface Unauthenticated Remote Access to Sensitive Data in Cisco MATE Live Web Interface Unauthenticated Remote Access Vulnerability in Cisco Meeting Server Unauthenticated Access to Internal Interfaces in Cisco Meeting Server (CMS) Vulnerability in Cisco WebEx Network Recording Player for ARF Files Allows Remote Code Execution Insufficient Protection of Database Tables in Cisco Unified Communications Manager Web Framework Insufficient Protection of Database Tables in Cisco Unified Communications Manager Web Framework Insecure Default Configuration in Cisco DNA Center Allows Unauthorized Access and Privilege Escalation Cisco DNA Center CORS Policy Overly Permissive Vulnerability Cisco IoT-FND Web-Based Management Interface CSRF Vulnerability Authentication Bypass Vulnerability in Cisco DNA Center API Gateway Cisco Firepower System Software SSL Engine Denial of Service Vulnerability Denial of Service (DoS) Vulnerability in Cisco StarOS IPsec Manager Arbitrary Command Execution Vulnerability in Cisco Network Services Orchestrator (NSO) CLI Parser Cisco Identity Services Engine (ISE) Support Tunnel Unauthorized Access Vulnerability Cross-Site Scripting (XSS) Vulnerability in Cisco WebEx Connect IM Cisco Identity Services Engine (ISE) EAP-TLS Certificate Validation Vulnerability Improper Cross-Origin Domain Protection in Cisco Firepower System Software Management Console Vulnerability in Cisco Enterprise NFVIS SCP Server Allows Unauthorized Shell Access Cisco Meeting Server RTP Bitstream Processing Denial of Service Vulnerability Cisco Firepower System Software TLS Connection Setup Vulnerability Title: Cisco IOS and IOS XE Software TCP Socket Code Vulnerability: Remote Device Reload Cisco Firepower System Software TLS TCP Connection Setup Vulnerability Remote Code Execution Vulnerability in Cisco Meraki MR, MS, MX, Z1, and Z3 Devices Exhaustion of Disk Space Vulnerability in Cisco Prime Service Catalog Cisco IOS XR Software Netconf Interface Denial of Service Vulnerability Arbitrary Code Execution Vulnerability in Cisco WebEx Network Recording Player for ARF Files Memory Read Vulnerability in Cisco WebEx Recording Format (WRF) Player Cross-Site Scripting Vulnerability in Cisco Identity Services Engine Logs Component Denial of Service Vulnerability in Cisco SocialMiner TCP Stack Cisco NX-OS SNMP Application Restart Vulnerability Buffer Overflow Vulnerability in Cisco NX-OS Software Allows Arbitrary Code Execution and System Takeover Vulnerability in Role-Based Access Control (RBAC) for Cisco NX-OS Software Allows Unauthorized Execution of CLI Commands Unauthenticated Administrator Account Creation Vulnerability in Cisco FXOS and NX-OS Software Cisco NX-OS Software BGP Update Message Denial of Service Vulnerability Cisco ASA Web Interface Denial of Service and Information Disclosure Vulnerability Cisco Firepower Threat Defense Software SSL Traffic Bypass Vulnerability Buffer Overflow Vulnerability in Cisco FXOS and UCS Fabric Interconnect Software Cisco NX-OS SNMP Reload Vulnerability Arbitrary File Creation and Execution Vulnerability in Cisco FXOS Buffer Overflow Vulnerability in Cisco NX-OS Software's NX-API Feature Buffer Overflow Vulnerability in Cisco FXOS and UCS Fabric Interconnect Software Vulnerability in Cisco Discovery Protocol Allows Arbitrary Code Execution or DoS Cisco Fabric Services Component Vulnerability Cisco Fabric Services Denial of Service Vulnerability Command-Injection Vulnerability in Cisco NX-OS Software Command-Injection Vulnerability in Cisco NX-OS Software Allows Arbitrary Command Execution Cisco Fabric Services Remote Code Execution Vulnerability Cisco NX-OS CLI Command and SNMP MIB Memory Exhaustion Vulnerability Cisco Fabric Services Component Vulnerability Cisco Fabric Services Denial of Service Vulnerability Cisco Fabric Services Remote Code Execution Vulnerability Command-injection exploit in Cisco NX-OS Software's NX-API feature Arbitrary Code Execution Vulnerability in Cisco Fabric Services Cisco IOS XE Software AAA Authentication Bypass Vulnerability Cisco IP Phone SIP Call-Handling DoS Vulnerability Privilege Escalation Vulnerability in Cisco Prime Collaboration Provisioning (PCP) Insufficient Validation in Password Reset Function of Cisco Prime Collaboration Provisioning (PCP) Allows Unauthorized Access Insufficient Validation in Password Recovery Function of Cisco Prime Collaboration Provisioning (PCP) Allows Unauthorized Access Arbitrary SQL Query Execution Vulnerability in Cisco Prime Collaboration Provisioning (PCP) Cisco Prime Collaboration Provisioning (PCP) Open RMI System Access Vulnerability Vulnerability in Cisco Prime Collaboration Provisioning Allows Unauthorized Modification of Sensitive Data Path Traversal Vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) Web Management Interface Command Injection Vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) Cisco IP Phone SIP Call-Handling Denial of Service Vulnerability Cross-Frame Scripting Vulnerability in Cisco TelePresence Server Software Cross-Site Scripting (XSS) Vulnerability in Cisco Identity Services Engine (ISE) Web Framework Cross-Site Scripting (XSS) Vulnerability in Cisco Unified Communications Manager and Cisco Unified Presence SNMP Read Data Vulnerability in Cisco WAAS Software Command Execution with Elevated Privileges in Cisco NX-OS Software via NX-API Vulnerability Cisco Discovery Protocol Subsystem Denial of Service Vulnerability SIP Ingress Packet Processing Denial of Service Vulnerability Cisco FireSIGHT System Software VPN Configuration Bypass Vulnerability Certificate Bypass Vulnerability in Cisco AnyConnect Network Access Manager and Secure Mobility Client Improper Logging of Authentication Data in Cisco Prime Collaboration Provisioning Privilege Escalation in Cisco Prime Collaboration Provisioning Batch Provisioning Arbitrary Command Execution Vulnerability in Cisco NX-OS Software Arbitrary Command Execution Vulnerability in Cisco UCS Software Cisco Identity Services Engine (ISE) Web-Based Management Interface Cross-Site Scripting (XSS) Vulnerability Cross-Site Scripting (XSS) Vulnerability in Cisco Unified Communications Manager (Unified CM) Web Framework Command Injection Vulnerability in Cisco IP Phone Series Cisco SD-WAN Solution Configuration and Monitoring Service Buffer Overflow Vulnerability Cisco SD-WAN Solution Configuration and Management Service Vulnerability Arbitrary Command Execution Vulnerability in Cisco SD-WAN Solution Arbitrary Command Execution Vulnerability in Cisco SD-WAN Solution Cisco SD-WAN Solution Zero Touch Provisioning Service Denial of Service Vulnerability Arbitrary Command Injection Vulnerability in Cisco SD-WAN Zero Touch Provisioning (ZTP) Subsystem Arbitrary Command Injection Vulnerability in Cisco SD-WAN CLI Arbitrary File Overwrite Vulnerability in Cisco SD-WAN Solution Arbitrary Command Injection Vulnerability in Cisco SD-WAN Solution Arbitrary Command Injection Vulnerability in Cisco SD-WAN Solution's tcpdump Utility Privilege Escalation Vulnerability in Cisco WAAS Disk Check Tool Cisco Web Security Appliance (WSA) Vulnerability: Bypassing Layer 4 Traffic Monitor (L4TM) Functionality Cross-Site Scripting (XSS) Vulnerability in Cisco Unity Connection Web Framework Cross-Frame Scripting Vulnerability in Cisco Unified Communications Manager Web UI Cross-Site Scripting (XSS) Vulnerability in Cisco WebEx Web Framework Cross-Site Scripting (XSS) Vulnerability in Cisco WebEx Web Framework Cisco TelePresence Video Communication Server (VCS) Expressway File Descriptor Handling Denial of Service Vulnerability Session Fixation Vulnerability in Cisco Meeting Server Web-Based Management Interface HWP Integer Overflow Vulnerability in ClamAV PDF Object Length Check Vulnerability in ClamAV BIOS Authentication Bypass Vulnerability in Cisco 5000 Series Enterprise Network Compute System and UCS E-Series Servers Cross-Site Request Forgery Vulnerability in Cisco Unified Communications Manager IM & Presence Service Cross-Site Request Forgery (CSRF) Vulnerability in Cisco Unified Communications Domain Manager Cisco Firepower Management Center Cross-Site Request Forgery Vulnerability Cisco Web Security Appliance (WSA) Reflected Cross-Site Scripting (XSS) Vulnerability Cisco Registered Envelope Service Cross-Site Scripting (XSS) Vulnerability Insufficient Security Restrictions in Cisco DNA Center Allow Unauthorized Access to Sensitive Log Files Vulnerability in Cisco StarOS Reassembly Logic for Fragmented IPv4 Packets Cisco Firepower System Software SSL Inspection Policy Memory Exhaustion Vulnerability Denial of Service Vulnerability in Cisco Meeting Server Web Admin Interface Cisco Nexus 9000 Series Fabric Switches DHCPv6 Memory Exhaustion Vulnerability Denial of Service Vulnerability in Cisco AnyConnect Secure Mobility Client for Windows Desktop Unauthenticated Remote Access Vulnerability in Cisco Policy Suite Undocumented Static User Credentials Vulnerability in Cisco Policy Suite Cluster Manager Unauthenticated Access Vulnerability in Cisco Policy Suite Unauthenticated Remote Access Vulnerability in Cisco Policy Suite OSGi Interface Denial of Service Vulnerability in Cisco Nexus Switches' Precision Time Protocol (PTP) Feature Multiple Arbitrary Code Execution Vulnerabilities in Cisco Webex Network Recording Player Multiple Vulnerabilities in Cisco Webex Network Recording Player for ARF and WRF Files Denial of Service Vulnerability in Cisco Aironet Series Access Points Software Session Hijacking Vulnerability in Cisco Wireless LAN Controller (WLC) Software Cisco FireSIGHT System Software FTP File Policy Bypass Vulnerability Cisco FireSIGHT System Software URL-Based Access Control Bypass Vulnerability Cisco Firepower System Software SSL Parsing DoS Vulnerability Cross-Site Scripting (XSS) Vulnerability in Cisco Unified Communications Domain Manager Software Arbitrary Code Execution Vulnerability in Cisco Webex Teams Cross-Site Scripting (XSS) Vulnerability in Cisco Wireless LAN Controller (WLC) Software Cisco Small Business SPA514G IP Phones Denial of Service Vulnerability DOM-based XSS Vulnerability in Cisco Webex Web Framework Cisco Prime Collaboration Provisioning Password Change DoS Vulnerability Insufficient Access Control Permissions in Cisco Policy Suite CLI Policy Builder Interface Authorization Bypass Vulnerability Remote Code Execution Vulnerability in Cisco Cloud Services Platform 2100 Denial of Service Vulnerability in Cisco FXOS and NX-OS Software via LLDP Cross-Site Scripting (XSS) Vulnerability in Cisco Unified Communications Manager IM and Presence Service Software Denial of Service Vulnerability in Cisco AMP for Endpoints Mac Connector Software on Apple macOS 10.12 Cisco Finesse Web Management Interface SSRF Vulnerability Cleartext Password Retrieval Vulnerability in Cisco Finesse Web Interface Cross-Site Scripting (XSS) Vulnerabilities in Cisco Unified Contact Center Express (Unified CCX) Web Interface Cross-Site Scripting (XSS) Vulnerabilities in Cisco Unified Contact Center Express (Unified CCX) Web Interface Cross-Site Request Forgery Vulnerability in Cisco Unified Contact Center Express (Unified CCX) Web Interface Cleartext Password Retrieval Vulnerability in Cisco Unified Contact Center Express Arbitrary SQL Query Execution Vulnerability in Cisco RV180W and RV220W Routers Directory Path Traversal Vulnerability in Cisco RV180W and RV220W Routers Cisco Web Security Appliance (WSA) Web-Based Management Interface XSS Vulnerability Persistent XSS Vulnerability in Cisco Small Business 300 Series Managed Switches Reflected Cross-Site Scripting (XSS) Vulnerability in Cisco Small Business 300 Series Managed Switches Denial of Service Vulnerability in Cisco Unified Communications Manager and TelePresence Server Cisco AsyncOS Software Web Proxy Denial of Service Vulnerability Cisco Unified Communications Manager Web-Based Management Interface Reflected Cross-Site Scripting Vulnerability EAPOL Downgrade Vulnerability in Cisco Small Business Wireless Access Points Cisco Identity Services Engine (ISE) Web Management Interface Cross-Site Request Forgery (CSRF) Vulnerability Cisco Secure Access Control Server XML External Entities (XXE) Vulnerability EAPOL Denial of Service Vulnerability in Cisco Small Business Wireless Access Points Cisco Wireless LAN Controller (WLC) Software Web Interface Information Disclosure Vulnerability TACACS Authentication Bypass Vulnerability in Cisco Wireless LAN Controller Software Cisco ASR 9000 Series Aggregation Services Router Software LPTS DoS Vulnerability Bypassing Attachment Filtering in Cisco Email Security Appliances (ESA) Directory Traversal Vulnerability in Cisco Wireless LAN Controller Software Allows Unauthorized Access to Sensitive Information Cisco Prime Access Registrar TCP SYN Packet Handling Denial of Service Vulnerability Vulnerability in Cisco Webex Meetings Client for Windows Allows Local Privilege Escalation and Remote Code Execution Buffer Overflow Vulnerability in Cisco RV Series Routers Arbitrary Command Execution Vulnerability in Cisco RV Series Routers Improper Access Control in Cisco RV Series Routers Directory Traversal Vulnerability in Cisco RV Series Routers Command Injection Vulnerability in Cisco DNA Center CronJob Scheduler API Privilege Escalation Vulnerability in Cisco Web Security Appliance (WSA) Cisco Thor Decoder Stack-based Buffer Overflow Vulnerability Arbitrary Command Execution Vulnerability in Cisco IMC Software Arbitrary Command Execution Vulnerability in Cisco IMC Software Cisco SD-WAN Solution Error Reporting Feature Privilege Escalation Vulnerability Arbitrary Command Injection Vulnerability in Cisco SD-WAN Solution CLI Zero Touch Provisioning Vulnerability: Unauthorized Access to Sensitive Data in Cisco SD-WAN Solution Insufficient Authentication Configurations in Cisco Umbrella API: Cross-Organization Data Exposure and Modification Vulnerability Cross-Organization Data Access and Modification Vulnerability in Cisco Webex Teams Privilege Escalation Vulnerability in Cisco Umbrella Enterprise Roaming Client (ERC) Privilege Escalation Vulnerability in Cisco Umbrella Enterprise Roaming Client (ERC) Cross-Site Request Forgery (CSRF) Vulnerability in Cisco Meeting Server Web Management Interface Command Execution Vulnerability in Cisco Data Center Network Manager Denial of Service (DoS) Vulnerability in Cisco IOS Access Points Software CAPWAP Protocol Memory Disclosure Vulnerability CAPWAP Protocol Denial of Service Vulnerability Stored XSS Vulnerability in Cisco Packaged Contact Center Enterprise Web-Based Management Interface CSRF Vulnerability in Cisco Packaged Contact Center Enterprise Web Management Interface Cross-Site Request Forgery (CSRF) Vulnerability in Cisco Industrial Network Director Bypassing Content Filters in Cisco Email Security Appliance Critical Authentication Bypass Vulnerability in Cisco DNA Center's Identity Management Service Cisco Jabber Client Framework (JCF) Local File Corruption Vulnerability Cross-Site Scripting (XSS) Vulnerability in Cisco Data Center Network Manager Cross-Site Request Forgery (CSRF) Vulnerability in Cisco Tetration Analytics Web Management Interface Cross-Site Scripting (XSS) Vulnerability in Cisco Tetration Analytics Web Interface Vulnerability in Cisco Firepower System Software Allows Unauthorized Execution of CLI Commands with Root Privileges Command Injection Vulnerability in Cisco Cloud Services Platform 2100 Web Management Interface Cisco Firepower System Software SMBv2 and SMBv3 Protocol Implementation Memory Exhaustion Vulnerability Cisco NX-OS Software SNMP Packet Processor Denial of Service Vulnerability Cisco Webex Player Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerability in Cisco Prime Collaboration Assurance Web Interface Insufficient Authorization Checks in Cisco Enterprise NFVIS Web Interface Allow Remote Reboot or Shutdown File Read Vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) REST API Arbitrary Script Injection Vulnerability in Cisco IP Phone 8800 Series Software Cisco Enterprise NFV Infrastructure Software (NFVIS) User Management DoS Vulnerability Incomplete Validation in Cisco Network Plug and Play Server Component Allows Unauthorized Access to Configuration Data Directory Traversal Vulnerability in Cisco Data Center Network Manager Software Cross-Site Scripting (XSS) Vulnerability in Cisco Small Business 300 Series Managed Switches OSPFv3 Denial of Service Vulnerability IPv6 Hop-by-Hop Options Handling Vulnerability in Cisco IOS and IOS XE Software Unchanged Default Access Credentials in Cisco Energy Management Suite (CEMS) PostgreSQL Database Double-Free-In-Memory Handling Vulnerability in Cisco IOS XE Software Buffer Overflow Vulnerability in Cisco IOS XE Software Web Framework Cisco IOS XE Software CDP Memory Leak Vulnerability IPsec Driver Code Vulnerability: Remote Device Reload Exploit Cisco IOS Software Precision Time Protocol Denial of Service Vulnerability Cisco Unified Communications Manager Web Interface Vulnerability: Clear Text Digest Credentials Exposure Cluster Management Protocol (CMP) Message Denial of Service Vulnerability Cisco IOS XE Software NAT SIP ALG Reload Vulnerability Privilege Escalation Vulnerability in Cisco IOS XE Software Race condition vulnerability in Cisco IOS XE Software's errdisable per VLAN feature leads to DoS Privilege Escalation Vulnerability in Cisco IOS XE Software Stored XSS Vulnerability in Cisco Prime Network Control System Cisco Jabber Client Framework (JCF) Cross-Site Scripting (XSS) Vulnerability Vulnerability: Unauthorized SSH Access to Cisco IOS and IOS XE Devices via VRF Instance Denial of Service Vulnerability in Cisco ISR G2 and ISR4451-X Routers XMLTooling-C Vulnerability: Remote Information Disclosure and Impersonation via Crafted DTD Buffer Overflow Vulnerability in ARM mbed TLS Remote Code Execution and Heap Corruption Vulnerability in ARM mbed TLS XML Signature Wrapping Vulnerability in Shibboleth XMLTooling-C Directory-authority protocol-list subprotocol mishandles misformatted relay descriptor leading to denial of service Use-After-Free Vulnerability in Tor 0.3.2.x Allows Remote Denial of Service Race Condition Vulnerability in Johnathan Nightingale Beep through 1.3.4 Allows Local Privilege Escalation Use-after-free vulnerability in remctld before 3.14 allows for arbitrary command execution Cookie Injection Vulnerability in GNU Wget before 1.19.5 Memory-cache side-channel vulnerability in Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 during ECDSA signature signing process (ROHNP) Arbitrary File Overwrite Vulnerability in D-Mod Extractor Timing-based side-channel attack vulnerability in ARM mbed TLS Cache-based Side-Channel Attack on ARM mbed TLS Incomplete HTML Escaping in Xapian::MSet::snippet() Leads to Cross-Site Scripting Vulnerability Heap-based Buffer Overflow in Curl SMTP Escape EOB Function APT InRelease File Verification Vulnerability Potential Command Injection Vulnerability in zsh Rate Limit Override Vulnerability in Mediawiki 1.31 Information Disclosure Vulnerability in Mediawiki's Special:Redirect/logid BotPasswords Bypassing CentralAuth Account Lock Vulnerability Arbitrary OS Command Execution Vulnerability in Nootka 1.4.4 and Earlier Untrusted Search Path Vulnerability in FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.11 and Earlier: Privilege Escalation via Trojan Horse DLL Arbitrary Web Script Injection Vulnerability in EPG Search Result Viewer (kkcald) 0.7.21 and Earlier CSRF Vulnerability in epg search result viewer (kkcald) 0.7.21 and Earlier Buffer Overflow Vulnerability in EPG Search Result Viewer (kkcald) 0.7.19 and Earlier Arbitrary Code Injection Vulnerability in WP Retina 2x Plugin Arbitrary OS Command Execution Vulnerability in I-O DATA DEVICE's MagicalFinder Arbitrary Web Script Injection Vulnerability in MTS Simple Booking C and MTS Simple Booking Business Arbitrary OS Command Execution in MP Form Mail CGI eCommerce Edition Ver 2.0.13 and Earlier Untrusted Search Path Vulnerability in FLET'S Azukeru Backup Tool v1.5.2.6 and Earlier Untrusted Search Path Vulnerability in FLET'S v4/v6 Address Selection Tool Untrusted Search Path Vulnerability in Anshin Net Security for Windows Version 16.0.1.44 and Earlier Unverified X.509 Certificate Vulnerability in LINE for iOS 7.1.3 to 7.1.5 Cross-Site Scripting Vulnerability in FS010W Firmware FS010W_00_V1.3.0 and Earlier CSRF Vulnerability in FS010W Firmware Allows Authentication Hijacking Authentication Bypass and Command Execution Vulnerability in Buffalo WXR-1900DHP2 Firmware Ver.2.48 and Earlier Arbitrary Code Execution Vulnerability in Buffalo WXR-1900DHP2 Firmware Ver.2.48 and Earlier Arbitrary OS Command Execution Vulnerability in Buffalo WXR-1900DHP2 Firmware Ver.2.48 and Earlier Remote Code Execution Vulnerability in Jubatus 1.0.2 and Earlier Arbitrary File Read Vulnerability in Jubatus 1.0.2 and Earlier Remote Image Display Vulnerability in Cybozu Office 10.0.0 to 10.7.0 Arbitrary Web Script Injection Vulnerability in Cybozu Office 10.0.0 to 10.7.0 Authentication Bypass Vulnerability in Cybozu Office 10.0.0 to 10.7.0 Denial of Service Vulnerability in Cybozu Office 10.0.0 to 10.7.0 Cybozu Garoon SQL Injection Vulnerability Access Privilege Bypass in Cybozu Garoon 3.0.0 to 4.2.6 Access Restriction Bypass Vulnerability in Cybozu Garoon 3.0.0 to 4.2.6 Access Restriction Bypass Vulnerability in Cybozu Garoon 3.0.0 to 4.2.6 Unspecified Cross-Site Scripting Vulnerability in ArsenoL Version 0.5 Cross-Site Scripting Vulnerability in PHP 2chBBS Version bbs18c Cross-Site Scripting Vulnerability in QQQ SYSTEMS ver2.24 via quiz.cgi Cross-Site Scripting Vulnerability in QQQ SYSTEMS ver2.24 via quiz_op.cgi Cross-Site Scripting Vulnerability in QQQ SYSTEMS ver2.24 Arbitrary Command Execution Vulnerability in QQQ SYSTEMS Version 2.24 Untrusted Search Path Vulnerability in ViX Version 2.21.148.0 Buffer Overflow Vulnerability in Tiny FTP Daemon Ver0.52d Arbitrary File Read Vulnerability in WebProxy Version 1.7.8 Untrusted Search Path Vulnerability in Jtrim Installer Untrusted Search Path Vulnerability in WinShot Installer Allows Privilege Escalation Arbitrary OS Command Execution in LXR Versions 1.0.0 to 2.3.0 Arbitrary Code Injection Vulnerability in WP All Import Plugin for WordPress Arbitrary Code Injection Vulnerability in WP All Import Plugin for WordPress Bypassing Access Restriction to View Closed Space Title in Cybozu Garoon 4.0.0 to 4.6.0 Arbitrary Code Injection Vulnerability in Cybozu Garoon 3.0.0 to 4.6.0 Access Restriction Bypass Vulnerability in Cybozu Garoon 3.5.0 to 4.6.1 Arbitrary Code Injection Vulnerability in Cybozu Garoon 3.0.0 to 4.6.1 Untrusted Search Path Vulnerability in PhishWall Client Firefox and Chrome Edition for Windows Ver. 5.1.26 and Earlier Unverified SSL Certificates in iRemoconWiFi App for Android Allow Man-in-the-Middle Attacks Authentication Bypass and Command Execution Vulnerability in Buffalo WZR-1750DHP2 Ver.2.30 and Earlier Arbitrary Code Execution Vulnerability in Buffalo WZR-1750DHP2 Ver.2.30 and Earlier Arbitrary OS Command Execution Vulnerability in Buffalo WZR-1750DHP2 Ver.2.30 and Earlier Stored Cross-Site Scripting Vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1: Arbitrary Web Script Injection in 'E-mail Details Screen' Reflected Cross-Site Scripting Vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 via 'System Settings' Arbitrary Web Script Injection Vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 Address Bar Spoofing Vulnerability in Hatena Bookmark App for iOS Version 3.0 to 3.70 Untrusted Search Path Vulnerability in PhishWall Client Internet Explorer Edition Untrusted Search Path Vulnerability in SoundEngine Free Installer Privilege Escalation via Untrusted Search Path Vulnerability in FLET'S VIRUS CLEAR Easy Setup & Application Tool Session Fixation Vulnerability in EC-CUBE (versions 3.0.0 to 3.0.15) Arbitrary Web Script Injection Vulnerability in Cybozu Office 10.0.0 to 10.8.0 Authentication Bypass Vulnerability in Cybozu Office 10.0.0 to 10.8.0 Access Restriction Bypass Vulnerability in Cybozu Office 10.0.0 to 10.8.0 Arbitrary PHP Code Execution Vulnerability in SiteBridge Inc. Joruri Gw Ver 3.2.0 and Earlier Arbitrary OS Command Execution in baserCMS (Versions 4.1.0.1 and earlier, 3.0.15 and earlier) Arbitrary Web Script Injection Vulnerability in baserCMS Arbitrary File Upload Vulnerability in baserCMS Access Restriction Bypass in baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions Access Restriction Bypass Vulnerability in baserCMS Arbitrary Web Script Injection Vulnerability in baserCMS Remote File Disclosure Vulnerability in baserCMS Cross-Site Scripting Vulnerability in Events Manager Plugin for WordPress (prior to version 5.9) Arbitrary Code Injection Vulnerability in WP Google Map Plugin Arbitrary Code Injection Vulnerability in PixelYourSite Plugin for WordPress Arbitrary Code Injection Vulnerability in Open Graph for Facebook, Google+, and Twitter Card Tags Plugin for WordPress Untrusted search path vulnerability in CELSYS, Inc CLIP STUDIO series: Remote privilege escalation via Trojan horse DLL Cross-site Scripting Vulnerability in ASUS RT-AC87U Firmware (prior to version 3.0.0.4.378.9383) Arbitrary Code Injection Vulnerability in ASUS RT-AC68U Firmware Cross-site Scripting Vulnerability in ASUS RT-AC1200HP Firmware Authentication Bypass Vulnerability in IIJ SmartKey App for Android Version 2.1.0 and Earlier Arbitrary Code Injection Vulnerability in Ultimate Member Plugin for WordPress Directory Traversal Vulnerability in Ultimate Member Plugin for WordPress (Versions prior to 2.0.4) Unrestricted File Upload Vulnerability in Ultimate Member Plugin for WordPress Directory Traversal Vulnerability in Ultimate Member Plugin for WordPress (Versions prior to 2.0.4) Bypassing Access Restriction in Ultimate Member Plugin for WordPress Bypassing Access Restriction in Ultimate Member Plugin for WordPress Unverified SSL Certificates Vulnerability in KINEPASS App Untrusted Search Path Vulnerability in Microsoft OneDrive: Privilege Escalation via Trojan Horse DLL Untrusted Search Path Vulnerability in Microsoft OneDrive Installer Untrusted Search Path Vulnerability in Skype for Windows Untrusted Search Path Vulnerability in Skype Installer for Windows Untrusted Search Path Vulnerability in Visual Studio Community Installer Untrusted Search Path Vulnerability in Visual Studio Code Installer Untrusted Search Path Vulnerability in IExpress Self-Extracting Archives Untrusted Search Path Vulnerability in Visual C++ Redistributable Installer Untrusted Search Path Vulnerability in PlayMemories Home Installer Untrusted Search Path Vulnerability in axpdfium v0.01 Arbitrary Code Injection in Email Subscribers & Newsletters Plugin Cross-Site Scripting Vulnerability in Site Reviews Plugin (Versions prior to 2.15.3) Remote Code Execution Vulnerability in Pixelpost v1.7.3 and Earlier Cross-Site Scripting Vulnerability in Pixelpost v1.7.3 and Earlier Pixelpost v1.7.3 and Earlier: Remote SQL Injection Vulnerability SQL Injection Vulnerability in Cybozu Garoon Notifications Application Buffer Overflow Vulnerability in H2O Version 2.2.4 and Earlier Untrusted Search Path Vulnerability in LINE for Windows: Privilege Escalation via Trojan Horse DLL Zenphoto 1.4.14 and Earlier: Local File Inclusion Vulnerability with Remote Code Execution and Information Disclosure Unverified X.509 Certificates in ANA App for iOS Version 4.0.22 and Earlier Arbitrary Code Injection in 5000 Trillion Yen Converter v1.0.6 Unspecified Remote Access Bypass Vulnerability in NEC Platforms Calsos CSDX and CSDJ Series Products Arbitrary web script injection vulnerability in NEC Platforms Calsos CSDX and CSDJ series products ChamaNet MemoCGI Directory Traversal Vulnerability Cross-Site Scripting Vulnerability in Mailman 2.1.26 and Earlier Privilege Escalation via Untrusted Search Path Vulnerability in Glary Utilities Installer Untrusted Search Path Vulnerability in LOGICOOL Game Software Allows Privilege Escalation Untrusted Search Path Vulnerability in LOGICOOL CONNECTION UTILITY SOFTWARE Unverified SSL Certificates in DHC Online Shop App for Android Allow Man-in-the-Middle Attacks Untrusted Search Path Vulnerability in Multiple Yayoi 17 Series Products Untrusted Search Path Vulnerability in Multiple Yayoi 17 Series Products Arbitrary OS Command Execution Vulnerability in Aterm WG1200HP Firmware Ver1.0.31 and Earlier Arbitrary OS Command Execution Vulnerability in Aterm WG1200HP Firmware Ver1.0.31 and Earlier Arbitrary OS Command Execution Vulnerability in Aterm WG1200HP Firmware Ver1.0.31 and Earlier Arbitrary OS Command Execution Vulnerability in Aterm WG1200HP Firmware Ver1.0.31 and Earlier Arbitrary OS Command Execution Vulnerability in Aterm W300P Ver1.0.13 and Earlier Arbitrary OS Command Execution Vulnerability in Aterm W300P Ver1.0.13 and Earlier Arbitrary OS Command Execution Vulnerability in Aterm W300P Ver1.0.13 and Earlier Buffer Overflow Vulnerability in Aterm W300P Ver1.0.13 and Earlier: Arbitrary Code Execution via HTTP Request and Response Buffer Overflow Vulnerability in Aterm W300P Ver1.0.13 and Earlier: Arbitrary Code Execution via submit-url Parameter Arbitrary OS Command Execution in Aterm HC100RC Ver1.0.1 and Earlier Arbitrary OS Command Execution Vulnerability in Aterm HC100RC Ver1.0.1 and Earlier Arbitrary OS Command Execution in Aterm HC100RC Ver1.0.1 and Earlier Arbitrary OS Command Execution in Aterm HC100RC Ver1.0.1 and Earlier via export.cgi encKey Parameter Arbitrary OS Command Execution in Aterm HC100RC Ver1.0.1 and Earlier via import.cgi encKey Parameter Arbitrary OS Command Execution in Aterm HC100RC Ver1.0.1 and Earlier Buffer Overflow in Aterm HC100RC Ver1.0.1 and Earlier: Arbitrary Code Execution via netWizard.cgi Parameters Buffer Overflow in Aterm HC100RC Ver1.0.1 and Earlier: Arbitrary Code Execution via tools_system.cgi Parameters Arbitrary Script Injection in FV Flowplayer Video Player 6.1.2 to 6.6.4 Arbitrary OS Command Execution in Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 Buffer Overflow Vulnerability in ORCA (Online Receipt Computer Advantage) Software Remote PHP Code Execution Vulnerability in MTAppjQuery 1.8.1 and Earlier Explzh v.7.58 Directory Traversal Vulnerability CSRF Vulnerability in WL-330NUL Firmware Prior to 3.0.0.46 Untrusted Search Path Vulnerability in ChatWork Desktop App Installer for Windows Untrusted Search Path Vulnerability in Canon IT Solutions Inc. Software Installers Unverified SSL Certificates in LINE MUSIC for Android Allow Man-in-the-Middle Attacks Buffer Overflow Vulnerability in YOKOGAWA Products' License Management Function Arbitrary Code Injection Vulnerability in GROWI v.3.1.11 and Earlier Arbitrary Code Injection through Cross-Site Scripting in GROWI v.3.1.11 and earlier Arbitrary Code Injection Vulnerability in GROWI v.3.1.11 and Earlier Arbitrary Code Injection via App Settings in GROWI v.3.1.11 and Earlier Untrusted Search Path Vulnerability in Digital Paper App Installer Arbitrary Web Script Injection Vulnerability in EC-CUBE and GMO-PG Payment Modules Arbitrary PHP Code Execution Vulnerability in EC-CUBE and GMO-PG Payment Modules Directory Traversal Vulnerability in Older Versions of Software Allows File Manipulation via Crafted ATC File Arbitrary File Creation Vulnerability in Versions 2.8.4.0 and Earlier and 3.3.0.0 and Earlier via ATC File Arbitrary OS Command Execution and Information Leakage in I-O DATA Network Cameras Arbitrary Code Execution Vulnerability in I-O DATA Network Cameras Hardcoded Credentials Vulnerability in I-O DATA Network Cameras NoMachine App for Android 5.0.63 and earlier: Environment Variable Alteration Vulnerability Arbitrary Script Injection in Yamaha Routers and NVR500 Arbitrary Script Injection Vulnerability in Yamaha Routers and NVR500 Untrusted Search Path Vulnerability in INplc SDK Installer Buffer Overflow Vulnerability in INplc-RT 3.08 and Earlier: Remote Code Execution Authentication Bypass Vulnerability in INplc-RT 3.08 and Earlier Authentication Bypass Vulnerability in INplc-RT 3.08 and Earlier Privilege Escalation Vulnerability in INplc-RT 3.08 and Earlier: Arbitrary Code Execution Arbitrary Code Injection through Cross-Site Scripting in Movable Type versions prior to Ver. 6.3.1 Arbitrary File Read Vulnerability in Cybozu Garoon 3.5.0 to 4.6.3 Arbitrary Script Execution Vulnerability in AttacheCase ver.2.8.4.0 and Earlier Arbitrary Script Execution Vulnerability in AttacheCase ver.3.3.0.0 and Earlier Authentication Bypass and Arbitrary Command Execution in BN-SDWBP3 Firmware Arbitrary OS Command Execution Vulnerability in BN-SDWBP3 Firmware Version 1.0.9 and Earlier BN-SDWBP3 Firmware Buffer Overflow Vulnerability Arbitrary Web Script Injection Vulnerability in FXC Inc. Network Devices Hard-coded Credentials Vulnerability in Denbun by NEOJAPAN Inc. Hard-coded Credentials Vulnerability in Denbun by NEOJAPAN Inc. Session Management Vulnerability in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) Buffer Overflow Vulnerability in Denbun POP and IMAP Versions V3.3P R4.0 and Earlier, Allowing Remote Code Execution or DoS via Cookie Data Denbun Buffer Overflow Vulnerability in Multipart/Form-Data Parsing Denbun POP Version V3.3P R4.0 and Earlier SQL Injection Vulnerability Remote Code Execution Vulnerability in Denbun by NEOJAPAN Inc. (Versions V3.3P R4.0 and earlier, V3.3I R4.0 and earlier) Arbitrary Web Script Injection Vulnerability in Denbun by NEOJAPAN Inc. Open Redirect Vulnerability in SEIKO EPSON Printers and Scanners HTTP Header Injection Vulnerability in SEIKO EPSON Printers and Scanners Unvalidated Software Update Vulnerability in Music Center for PC: Potential for Man-in-the-Middle Attack and File Injection Insecure SSL Certificate Verification in Multiple +Message Apps Untrusted Search Path Vulnerability in Baidu Browser Version 43.23.1000.500 and Earlier Arbitrary File Upload Vulnerability in FileZen V3.0.0 to V4.2.1 Arbitrary OS Command Execution in FileZen V3.0.0 to V4.2.1 Arbitrary Web Script Injection Vulnerability in User-friendly SVN (USVN) Version 1.0.7 and Earlier Session Management Vulnerability in OpenAM (Open Source Edition) 13.0 and later Arbitrary Web Script Injection Vulnerability in Metabase 0.29.3 and Earlier Arbitrary Web Script Injection Vulnerability in GROWI v3.2.3 and Earlier Arbitrary Web Script Injection Vulnerability in YukiWiki 2.1.3 and Earlier YukiWiki 2.1.3 and Earlier Denial of Service Vulnerability Network Access Bypass Vulnerability in BlueStacks App Player Arbitrary File Deletion Vulnerability in Cybozu Mailwise 5.0.0 to 5.4.5 Arbitrary File Deletion Vulnerability in Cybozu Office 10.0.0 to 10.8.1 Cybozu Office Directory Traversal Vulnerability Cybozu Dezie 8.0.2 to 8.1.2 Directory Traversal Vulnerability Authentication Bypass Vulnerability in QNAP Q'center Virtual Appliance Command Injection Vulnerability in QNAP Q'center Virtual Appliance 1.7.1063 and Earlier: Arbitrary Command Execution Command Injection Vulnerability in QNAP Q'center Virtual Appliance 1.7.1063 and Earlier: Arbitrary Command Execution Command Injection Vulnerability in QNAP Q'center Virtual Appliance 1.7.1063 and Earlier Critical Command Injection Vulnerability in QNAP Q'center Virtual Appliance 1.7.1063 and Earlier Arbitrary Web Script Injection Vulnerability in QNAP QTS 4.3.3 and 4.3.4 Remote Command Injection Vulnerability in QNAP QTS LDAP Server Remote Command Injection Vulnerability in Helpdesk Versions 1.1.21 and Earlier in QNAP QTS Remote Code Injection Vulnerability in QNAP Photo Station 5.7.0 and Earlier QTS Qsync Central Cross-Site Scripting Vulnerability Remote Command Injection Vulnerability in Music Station 5.1.2 and Earlier Versions in QNAP QTS 4.3.3 and 4.3.4 XSS Vulnerability in QNAP Systems Inc. QTS NAS Devices Critical Buffer Overflow Vulnerability in QNAP NAS Devices: Exploiting QTS to Execute Arbitrary Code Path Traversal Vulnerability in Photo Station: Remote Access to Sensitive Information Q'center Virtual Appliance XSS Vulnerability Q'center Virtual Appliance XSS Vulnerability Improper Access Control Vulnerability in Helpdesk Allows Unauthorized Access to System Logs Command Injection Vulnerability in Music Station: Execute Commands on Affected Devices Command Injection Vulnerability in QNAP File Station Allows Remote Code Execution Denial of Service Vulnerability in TLS Handshake with DH(E) Ciphersuite Vulnerability: Insecure Message Authentication in PA-RISC CRYPTO_memcmp Function Timing Side Channel Vulnerability in OpenSSL DSA Signature Algorithm Timing Side Channel Attack on OpenSSL ECDSA Signature Algorithm Cache Timing Side Channel Attack on OpenSSL RSA Key Generation Algorithm Recursive ASN.1 Types Denial of Service Vulnerability Windows Color Management Information Disclosure Vulnerability Windows Kernel Object Handling Elevation of Privilege Vulnerability Windows Subsystem for Linux Elevation of Privilege Vulnerability Windows Object Handling Elevation of Privilege Vulnerability Windows Kernel Memory Object Handling Information Disclosure Vulnerability Windows Memory Address Handling Information Disclosure Vulnerability Windows Kernel Memory Address Information Disclosure Vulnerability Memory Address Handling Vulnerability in Windows Operating Systems Windows Elevation of Privilege Vulnerability in SMB Server Windows GDI Information Disclosure Vulnerability Windows Kernel API Elevation of Privilege Vulnerability Windows Kernel API Elevation of Privilege Vulnerability Windows Memory Object Handling Denial of Service Vulnerability OpenType Font Driver Information Disclosure Vulnerability Windows EOT Font Engine Information Disclosure Vulnerability Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Object Handling Information Disclosure Vulnerability Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Windows EOT Font Engine Information Disclosure Vulnerability Windows EOT Font Engine Information Disclosure Vulnerability Scripting Engine Memory Corruption Vulnerability in Internet Explorer and Microsoft Edge Microsoft Edge Memory Object Handling Information Disclosure Vulnerability .NET and .NET Core XML Denial of Service Vulnerability .NET and .NET Core XML Denial of Service Vulnerability Microsoft Edge PDF Reader Information Disclosure Vulnerability Scripting Engine Information Disclosure Vulnerability in Microsoft Edge Microsoft Edge Scripting Engine Memory Corruption Vulnerability Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Microsoft Edge Security Feature Bypass Vulnerability Scripting Engine Memory Corruption Vulnerability in Internet Explorer and Microsoft Edge Microsoft Edge Scripting Engine Memory Corruption Vulnerability Microsoft Edge Scripting Engine Memory Corruption Vulnerability Microsoft Edge Scripting Engine Memory Corruption Vulnerability Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Microsoft Edge Scripting Engine Memory Corruption Vulnerability Scripting Engine Information Disclosure Vulnerability in Microsoft Edge Scripting Engine Memory Corruption Vulnerability in Microsoft Edge ASP.NET Core Elevation of Privilege Vulnerability in Project Templates ASP.NET Core Cross Site Request Forgery Vulnerability in Project Templates .NET Certificate Validation Security Bypass Vulnerability ASP.NET Core Elevation of Privilege Vulnerability OpenType Font Driver Elevation of Privilege Vulnerability Microsoft SharePoint Elevation of Privilege Vulnerability Microsoft SharePoint Elevation of Privilege Vulnerability Outlook Email Parsing Remote Code Execution Vulnerability Microsoft Word 2016 Remote Code Execution Vulnerability Outlook Email Parsing Remote Code Execution Vulnerability Microsoft Word Object Handling Remote Code Execution Vulnerability Memory Object Handling Vulnerability in Microsoft Office: Remote Code Execution Memory Object Handling Vulnerability in Microsoft Excel RTF Content Handling Vulnerability in Microsoft Word Equation Editor Remote Code Execution Vulnerability in Microsoft Office Microsoft Access Image Field XSS Vulnerability Microsoft Edge Scripting Engine Information Disclosure Vulnerability Equation Editor Remote Code Execution Vulnerability in Microsoft Office Microsoft Office Equation Editor Remote Code Execution Vulnerability Cross-Domain Information Leakage in Microsoft Edge Equation Editor Remote Code Execution Vulnerability Equation Editor Remote Code Execution Vulnerability in Multiple Versions of Microsoft Office Equation Editor Remote Code Execution Vulnerability Equation Editor Remote Code Execution Vulnerability ASP.NET Core Elevation of Privilege Vulnerability Windows Kernel Object Handling Elevation of Privilege Vulnerability Windows Kernel Memory Initialization Information Disclosure Vulnerability Windows Kernel Object Initialization Information Disclosure Vulnerability Equation Editor Remote Code Execution Vulnerability in Microsoft Office Windows Kernel Object Initialization Information Disclosure Vulnerability Windows Kernel Object Initialization Information Disclosure Vulnerability Windows GDI Elevation of Privilege Vulnerability Windows GDI Elevation of Privilege Vulnerability Windows GDI Elevation of Privilege Vulnerability ChakraCore Vulnerability: Control Flow Guard Bypass and Arbitrary Code Execution Email Spoofing Vulnerability in Microsoft Office 2016 for Mac Windows Kernel Elevation Of Privilege Vulnerability Windows AppContainer Elevation Of Privilege Vulnerability Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability Windows Named Pipe File System Elevation of Privilege Vulnerability Microsoft COM for Windows Remote Code Execution Vulnerability StructuredQuery Remote Code Execution Vulnerability Windows Storage Services Elevation of Privilege Vulnerability Device Guard Security Feature Bypass Vulnerability in Windows Scripting Host (WSH) MultiPoint Management Account Password Storage Vulnerability in Windows 10 and Windows Server 2016 Windows Kernel Memory Object Handling Information Disclosure Vulnerability Windows Kernel Memory Object Handling Information Disclosure Vulnerability Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Memory Object Handling Information Disclosure Vulnerability SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability Scripting Engine Memory Corruption Vulnerability in Microsoft Edge and ChakraCore Scripting Engine Memory Corruption Vulnerability in Microsoft Edge and ChakraCore Scripting Engine Memory Corruption Vulnerability in Microsoft Edge and ChakraCore Scripting Engine Memory Corruption Vulnerability in Microsoft Edge and ChakraCore Scripting Engine Memory Corruption Vulnerability in Microsoft Edge and ChakraCore Microsoft Edge Memory Object Handling Information Disclosure Vulnerability Scripting Engine Memory Corruption Vulnerability in Internet Explorer and Microsoft Edge Memory Handling Vulnerability in Microsoft Office 2016 Click-to-Run: Remote Code Execution Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Information Disclosure Vulnerability in Windows 10 and Windows Server (CVE-2018-XXXX) Windows Common Log File System Driver Elevation Of Privilege Vulnerability Equation Editor Remote Code Execution Vulnerability Windows Common Log File System Driver Elevation Of Privilege Vulnerability Internet Explorer Memory Object Handling Vulnerability Equation Editor Remote Code Execution Vulnerability Equation Editor Remote Code Execution Vulnerability Microsoft Outlook Elevation of Privilege Vulnerability Microsoft Office Memory Corruption Vulnerability Microsoft Office Memory Corruption Vulnerability in Outlook Microsoft Office Information Disclosure Vulnerability Windows Scripting Host Device Guard Bypass Vulnerability Windows EOT Font Engine Information Disclosure Vulnerability Scripting Engine Memory Corruption Vulnerability in Microsoft Edge and ChakraCore Scripting Engine Memory Corruption Vulnerability in Microsoft Edge and ChakraCore ChakraCore Scripting Engine Memory Corruption Vulnerability Scripting Engine Memory Corruption Vulnerability in Microsoft Edge and ChakraCore Scripting Engine Memory Corruption Vulnerability in Microsoft Edge and ChakraCore Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Equation Editor Remote Code Execution Vulnerability Web Request Handling Vulnerability in SharePoint Project Server 2013 and SharePoint Enterprise Server 2016 Scripting Engine Memory Corruption Vulnerability in Internet Explorer Windows Installer Elevation of Privilege Vulnerability SharePoint Server 2016 Web Request Handling Elevation of Privilege Vulnerability Internet Explorer Remote Code Execution Vulnerability Microsoft Edge Improper File Marking Information Disclosure Vulnerability Chakra Scripting Engine Memory Corruption Vulnerability Chakra Scripting Engine Memory Corruption Vulnerability Chakra Scripting Engine Memory Corruption Vulnerability .NET Core Denial of Service Vulnerability Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Windows Desktop Bridge VFS Elevation of Privilege Vulnerability Windows Remote Assistance XXE Information Disclosure Vulnerability Memory Object Handling Vulnerability in Microsoft Edge Windows Desktop Bridge Virtual Registry Elevation of Privilege Vulnerability Microsoft Video Control Elevation of Privilege Vulnerability Windows Desktop Bridge Virtual Registry Elevation of Privilege Vulnerability File Copy Destination Validation Remote Code Execution Vulnerability Windows Scripting Host (WSH) Security Feature Bypass Vulnerability Hyper-V Denial of Service Vulnerability CredSSP Remote Code Execution Vulnerability Windows Kernel Memory Address Initialization Vulnerability Hyper-V Information Disclosure Vulnerability Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Network Isolation Security Bypass Vulnerability in Active Directory ChakraCore and Internet Explorer Scripting Engine Information Disclosure Vulnerability Microsoft Edge Information Disclosure Vulnerability Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Windows Kernel Memory Address Handling Vulnerability Windows Kernel Memory Address Handling Vulnerability Windows Kernel Memory Address Handling Vulnerability Windows Kernel Memory Address Handling Vulnerability Windows Kernel Memory Address Handling Vulnerability Windows Kernel Memory Address Handling Vulnerability Windows Kernel Memory Address Handling Vulnerability Windows Kernel Memory Address Handling Vulnerability Windows Security Feature Bypass Vulnerability in CNG Kernel-Mode Driver Memory Handling Vulnerability in Microsoft Access Allows Remote Code Execution Windows Kernel Memory Address Handling Vulnerability Macro Settings Security Bypass in Microsoft Excel Microsoft Identity Manager 2016 SP1 XSS Elevation of Privilege Vulnerability Microsoft Project Server and SharePoint Server Elevation of Privilege Vulnerability Microsoft SharePoint Elevation of Privilege Vulnerability in Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Elevation of Privilege Vulnerability in Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Elevation of Privilege Vulnerability in Microsoft Project Server 2013 SP1 and SharePoint Enterprise Server 2016 Microsoft SharePoint Elevation of Privilege Vulnerability in Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Elevation of Privilege Vulnerability in Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Elevation of Privilege Vulnerability in Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Elevation of Privilege Vulnerability in Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Enterprise Server 2016 Elevation of Privilege Vulnerability Microsoft Office Information Disclosure Vulnerability Memory Object Handling Vulnerability in Microsoft Excel Microsoft SharePoint Enterprise Server 2016 Elevation of Privilege Vulnerability Microsoft Office Memory Corruption Vulnerability Microsoft SharePoint Enterprise Server 2016 Elevation of Privilege Vulnerability URL Redirect Handling Information Disclosure Vulnerability in Microsoft Exchange Server ChakraCore Scripting Engine Memory Corruption Vulnerability Windows Kernel Memory Address Handling Vulnerability Microsoft Browser Information Disclosure Vulnerability Internet Explorer Memory Object Handling Vulnerability Chakra Scripting Engine Memory Corruption Vulnerability Chakra Scripting Engine Memory Corruption Vulnerability Microsoft Browser Information Disclosure Vulnerability Chakra Scripting Engine Memory Corruption Vulnerability Chakra Scripting Engine Memory Corruption Vulnerability Scripting Engine Memory Corruption Vulnerability in Internet Explorer Chakra Scripting Engine Memory Corruption Vulnerability in ChakraCore and Microsoft Windows 10 1709 Chakra Scripting Engine Memory Corruption Vulnerability in ChakraCore and Microsoft Windows 10 1703 and 1709 ChakraCore and Microsoft Edge Information Disclosure Vulnerability Email Link Rewriting Elevation of Privilege Vulnerability in Microsoft Exchange Server Microsoft Exchange Server 2016 Cumulative Update 7 and Cumulative Update 8 Information Disclosure Vulnerability Internet Explorer Zone and Integrity Settings Elevation of Privilege Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability Microsoft SharePoint Elevation of Privilege Vulnerability in Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Microsoft SharePoint Elevation of Privilege Vulnerability in SharePoint Foundation 2013 SP1 and SharePoint Enterprise Server 2016 UNC Resource Handling Security Bypass Vulnerability in Internet Explorer Microsoft Office OLE Object Information Disclosure Vulnerability Microsoft Edge Scripting Engine Memory Corruption Vulnerability Arbitrary File Creation Vulnerability in Diagnostics Hub Standard Collector Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Remote Code Execution Vulnerability in Microsoft Browsers: Scripting Engine Memory Corruption Internet Explorer Scripting Engine Memory Corruption Vulnerability HTTP.sys Denial of Service Vulnerability in HTTP 2.0 Protocol Stack Hyper-V Information Disclosure Vulnerability Windows Security Feature Bypass Vulnerability in Device Guard Hyper-V Remote Code Execution Vulnerability Windows Kernel Information Disclosure Vulnerability Hyper-V vSMB Remote Code Execution Vulnerability Windows Kernel Elevation of Privilege Vulnerability Hyper-V Information Disclosure Vulnerability Hyper-V Remote Code Execution Vulnerability in Windows Server 2016 and Windows 10 Device Guard Security Feature Bypass Vulnerability Windows SNMP Service Denial of Service Vulnerability Windows Kernel ASLR Bypass Information Disclosure Vulnerability Windows Kernel Information Disclosure Vulnerability Windows Kernel Information Disclosure Vulnerability Windows Kernel Information Disclosure Vulnerability Windows Kernel Information Disclosure Vulnerability Windows Kernel Information Disclosure Vulnerability Windows Kernel Information Disclosure Vulnerability Windows Kernel Information Disclosure Vulnerability Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability Win32k Elevation of Privilege Vulnerability in Windows Kernel Mode Driver Internet Explorer Memory Corruption Remote Code Execution Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability in Microsoft Edge Chakra Scripting Engine Remote Code Execution Vulnerability in Microsoft Edge Scripting Engine Memory Object Information Disclosure Vulnerability Windows Kernel API Elevation of Privilege Vulnerability Windows Storage Services Elevation of Privilege Vulnerability Microsoft Malware Protection Engine Remote Code Execution Vulnerability Scripting Engine Information Disclosure Vulnerability in Internet Explorer 9, 10, and 11 Scripting Engine Memory Corruption Vulnerability in Internet Explorer Scripting Engine Memory Object Information Disclosure Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability in Microsoft Edge Internet Explorer Remote Code Execution via Memory Corruption Chakra Scripting Engine Remote Code Execution Vulnerability in Microsoft Edge Chakra Scripting Engine Remote Code Execution Vulnerability in Microsoft Edge Chakra Scripting Engine Remote Code Execution Vulnerability in Microsoft Edge Scripting Engine Memory Corruption Vulnerability in Internet Explorer Internet Explorer 11 Remote Code Execution Vulnerability Microsoft Edge PDF Reader Information Disclosure Vulnerability Scripting Engine Memory Object Information Disclosure Vulnerability Universal XSS (UXSS) Vulnerability in Video Downloader Professional Extension for Chrome Buffer Underflow Vulnerability in glibc's realpath() Function DNSSEC Validator Component Vulnerability: Denial of Existence Attack via Packet Replay in Knot Resolver (prior version 1.5.2) DNSSEC Validator Vulnerability in PowerDNS 4.1.0 Allows Denial of Existence via Packet Replay Race Condition Vulnerability in Linux Kernel Sound System Leading to Deadlock and Denial of Service Out-of-bounds Read Vulnerability in libcurl 7.49.0 to 7.57.0 Arbitrary Command Execution via Protocol Handler in GitHub Electron Vulnerability: Information Leakage in libcurl 7.1 through 7.57.0 XML External Entity (XXE) Vulnerability in Jenkins PMD Plugin 3.49 and Earlier XML External Entity (XXE) Vulnerability in Jenkins Checkstyle Plugin XML External Entity (XXE) Vulnerability in Jenkins DRY Plugin 2.49 and Earlier XML External Entity (XXE) Vulnerability in Jenkins FindBugs Plugin 4.71 and Earlier XML External Entity (XXE) Vulnerability in Jenkins Warnings Plugin 4.64 and Earlier CSRF Vulnerability in Jenkins Release Plugin 2.9 and Earlier CSRF Vulnerability in Jenkins Translation Assistance Plugin Allows Unauthorized String Overrides Vulnerability: Incorrect Permissions Checks in Pipeline: Nodes and Processes Plugin Root User Password Disclosure in oVirt-Hosted-Engine-Setup OS Command Injection Vulnerability in OpenEMR 5.0.0's fax_dispatch.php Cross Site Scripting (XSS) vulnerability in OpenEMR version 5.0.0 Input Validation Error in GIT Client: Remote Code Execution via Malicious Git Server Missing Authorization Vulnerability in Electrum Bitcoin Wallet CWE-20: Full Path Disclosure Vulnerability in Bitpay/insight-api Transaction Broadcast Endpoint Incorrect Pointer Handling in Squid HTTP Caching Proxy ESI Response Processing Vulnerability Firebase Admin SDK for PHP Incorrect Access Control Vulnerability Insufficient Input Validation in Linux Kernel's bnx2x Network Card Driver: DoS via Specially Crafted Packet NULL Pointer Dereference Vulnerability in Squid HTTP Caching Proxy Allows Denial of Service Incorrect Access Control vulnerability in NFS server (nfsd) allows remote users to read or write unauthorized files via NFS Cross Site Scripting (XSS) Vulnerability in mcholste ELSA version revision 1205, commit 2cc17f1 and earlier Heap-Buffer-Overflow and Heap-Use-After-Free Vulnerabilities in Python 2.7.14 Heap-Based Buffer Overflow in Info-Zip UnZip 6.10c22: Denial of Service and Code Execution Vulnerability Heap-based Buffer Overflow in Info-Zip UnZip v6.10c22: Denial of Service and Code Execution Vulnerability Out-of-Bounds Read Vulnerability in Info-Zip UnZip 6.10c22: Denial of Service and Sensitive Memory Disclosure Out-of-Bounds Read Vulnerability in Info-Zip UnZip 6.10c22: Denial of Service and Sensitive Memory Disclosure Heap-Based Buffer Overflow in Info-Zip UnZip Allows for DoS and Code Execution Memory Leak Vulnerability in MuPDF 1.12.0 and Earlier Denial of Service Vulnerability in MuPDF 1.12.0 and Earlier Stack Buffer Overflow in MuPDF 1.12.0 and Earlier: Arbitrary Code Execution via Crafted File Multiple Heap Use After Free Vulnerabilities in MuPDF 1.12.0 and Earlier Multiple Uninitialized Value Bugs in MuPDF PDF Parser Remote Code Execution via SVG File with UNC Path on Windows OS Command Injection in Security Onion Solutions Squert OS Command Injection in Security Onion Solutions Squert SQL Injection Vulnerability in Security Onion Solutions Squert 1.1.1 - 1.6.7 NASA Singledop v1.0 Vulnerability: Remote Code Execution via Specially Crafted Radar Data File CWE-502 Vulnerability in NASA Pyblock Radar Data Parsing Library Allows Remote Code Execution CWE-502 Vulnerability in NASA Kodiak v1.0 Allows Remote Code Execution via Untrusted File Optimization CWE-502 Vulnerability in NASA RtRetrievalFramework v1.0: Remote Code Execution via Weather Data File Retrieval Remote Code Execution Vulnerability in Nanopool Claymore Dual Miner Buffer Overflow Vulnerability in stb_vorbis 1.12 and Earlier: Exploitable via Specially Crafted Ogg Vorbis File Use After Free Vulnerability in Artifex Mupdf 1.12.0: Potential DOS and Code Execution via Crafted PDF Memory Corruption Vulnerability in fmtlib's fmt::print() Function CSRF Vulnerability in LimeSurvey Theme Uninstallation Allows Deletion of All Themes XML External Entity (XXE) Vulnerability in Jenkins CCM Plugin 3.1 and Earlier XML External Entity (XXE) Vulnerability in Jenkins Android Lint Plugin 2.5 and Earlier XML External Entity (XXE) Vulnerability in Jenkins JUnit Plugin 1.23 and Earlier Jenkins Credentials Binding Plugin Vulnerability: Password Recovery through Unmasked Values Arbitrary Code Execution Vulnerability in Jenkins Pipeline: Supporting APIs Plugin PHP Object Injection Vulnerability in ValidFormBuilder Version 4.5.4 Sensitive Configuration Data Logging Vulnerability in Sensu Core Stored Cross-Site Scripting on File Upload through SVG in WonderCMS version 2.4.0 Improper Authorization Vulnerability in Jenkins Allows Limited Information Disclosure Improper Input Validation Vulnerability in Jenkins Allows Unauthorized Access to Plugin Resource Files XML External Entity (XXE) Vulnerability in FreePlane Mindmap Loader Eval Injection Vulnerability in Bitmessage PyBitmessage v0.6.2: Remote Code Execution Insecure Permissions Vulnerability in Roundcube Enigma Plugin Allows Exfiltration of GPG Private Key Insecure Permissions Vulnerability in iRedMail's Roundcube Webmail Directory Traversal Vulnerability in RubyGems Deserialization of Untrusted Data Vulnerability in RubyGems' `gem owner` Command Infinite Loop Vulnerability in RubyGems Improper Verification of Cryptographic Signature in RubyGems Improper Input Validation in RubyGems Specification Homepage Attribute Cross Site Scripting (XSS) vulnerability in RubyGems gem server display of homepage attribute Directory Traversal Vulnerability in RubyGems Installation Insecure Permissions Vulnerability in Ajenti Version 2 Allows Unauthorized Plugin Downloads Input Validation Vulnerability in Ajenti Version 2: Server Crashing via ID String on Get-values POST Request Cross-Site Request Forgery (CSRF) Vulnerability in Ajenti Version 2 Command Execution Panel Improper Error Handling in Ajenti Version 2 Login JSON Request Leads to Server Path Leakage Stored Cross-Site Scripting Vulnerability in WolfCMS 0.8.3.1 Out of Bounds Heap Memory Read Vulnerability in ClamAV 0.99.3 XAR Parser Arbitrary JavaScript Code Execution via CSRF in Pym.js Versions 0.4.2 - 1.3.1 Reflected Cross Site Scripting Vulnerability in WolfCMS 0.8.3.1 Stored XSS vulnerability in Doorkeeper OAuth App Form and User Authorization Prompt Web View Fabrication of Email Tracking Events via Anymail Django-Anymail Vulnerability XML Injection Vulnerability in Textpattern Version 4.6.2: Denial of Service via Crafted XML File Buffer Overflow Vulnerability in KadNode Version 2.2.0: Remote Code Execution Cross-Site Request Forgery (CSRF) Vulnerability in CMS Made Simple 2.2.5 Admin Profile Page Unauthenticated Remote Command Execution in CryptoNote Wallets Remote Code Execution Vulnerability in CMS Made Simple File Manager Cross Site Scripting (XSS) Vulnerability in oVirt Web Admin Application (4.2.0 - 4.2.2) Missing SSL Certificate Validation Vulnerability in brianleroux tiny-json-http Buffer Overflow Vulnerability in sharutils (unshar command) version 4.15.2 Integer Overflow Vulnerability in pjmedia SDP Parsing in Teluu PJSIP version 2.7.1 and Earlier Null Pointer Dereference Vulnerability in Teluu PJSIP 2.7.1 and Earlier Out-of-Array Read Denial of Service Vulnerability in FFmpeg's decode_init Function Buffer Overflow Vulnerability in GPAC MP4Box (CVE-2021-12345) Improper Null Termination in mingw-w64-crt (libc)->(v)snprintf Vulnerability Plaintext Password Storage Vulnerability in Jenkins Coverity Plugin 1.10.0 and Earlier Improper Authorization Vulnerability in Jenkins Gerrit Trigger Plugin Allows Unauthorized Access to Gerrit Configuration Improper Authorization Vulnerability in Jenkins Gerrit Trigger Plugin Allows Unauthorized Gerrit Configuration Modification Improper Authorization Vulnerability in Jenkins Job and Node Ownership Plugin Cross-Site Scripting Vulnerability in Jenkins CppNCSS Plugin 1.1 and Earlier Improper Authorization Vulnerability in Jenkins Google Play Android Publisher Plugin Improper Authorization Vulnerability in Jenkins Git Plugin Allows Unauthorized Access to Node and User Information Improper Authorization Vulnerability in Jenkins Subversion Plugin Allows Unauthorized Access to Node and User Information Improper Authorization Vulnerability in Jenkins Mercurial Plugin Allows Unauthorized Access to Node and User Information Cross-Site Scripting Vulnerability in Jenkins TestLink Plugin 2.12 and Earlier Improper Authorization Vulnerability in Jenkins Promoted Builds Plugin 2.31.1 and Earlier Memcached 1.5.5 UDP Network Amplification Denial of Service Vulnerability Heap Corruption Vulnerability in NET-SNMP Version 5.7.2 Allows Command Execution via UDP Protocol Handler Buffer Overflow Vulnerability in os.symlink() Function on Windows in Python Software Foundation CPython Versions 3.2 to 3.6.4 Command Injection Vulnerability in Electron Protocol Handler Timing Attack Vulnerability in Sinatra Rack-Protection FTP URL Buffer Overflow Vulnerability LDAP NULL Pointer Dereference Vulnerability in curl 7.21.0 - 7.58.0 Buffer Over-read Vulnerability in curl 7.20.0 to 7.58.0: Denial of Service and Information Leakage Information Exposure Through Log Files in Ionic Team Cordova plugin iOS Keychain XML External Entity (XXE) Vulnerability in I Librarian I-librarian Version 4.8 and Earlier Insecure JWT Validation in inversoft prime-jwt Information Disclosure Vulnerability in Ajenti Version 2 Allows User and System Enumeration and Data Leakage Integer Overflow Vulnerability in memcached 1.4.37 and Earlier: Data Corruption and Deadlocks Jolokia Agent 1.3.7 HTTP Servlet XSS Vulnerability Jolokia Agent 1.3.7 JNDI Injection Vulnerability SQL Injection Vulnerability in Pradeep Makone WordPress Support Plus Responsive Ticket System Unauthorized Data Access in Mercurial Protocol Server (CWE-285) Trident Pitchfork 1.4.6 RC1 Privilege Escalation Vulnerability UnboundID LDAP SDK Incorrect Access Control Vulnerability Information Exposure in GNOME NetworkManager DNS Resolver Remote Code Execution in Electron Webviews CSRF Vulnerability in I, Librarian Version 4.8 and Earlier Allows Unauthorized Password Changes SSRF Vulnerability in I, Librarian Version 4.8 and Earlier: Abusing Server Functionality to Access Internal Resources Cross Site Scripting (XSS) Vulnerability in I, Librarian Version 4.8 and Earlier Buffer Overflow Vulnerability in rsyslog librelp: Remote Code Execution via Crafted x509 Certificate Incorrect Access Control in I, Librarian Version 4.9 and Earlier: Unauthorized Access to Project Discussions Jenkins GitHub Pull Request Builder Plugin Local File Access Vulnerability Jenkins GitHub Pull Request Builder Plugin Local File Access Vulnerability Cross-Site Scripting Vulnerability in Jenkins Cucumber Living Documentation Plugin 1.0.12 and Older Jenkins Perforce Plugin Local File System Access Vulnerability Arbitrary Code Execution Vulnerability in Liquibase Runner Plugin 1.3.0 and Older Jenkins Perforce Plugin Information Exposure Vulnerability Arbitrary File Read Vulnerability in Jenkins Copy To Slave Plugin Vulnerability: Man-in-the-Middle Attack in Jenkins Ansible Plugin Disables Host Key Verification Jenkins Reverse Proxy Auth Plugin 1.5 and older: Sensitive Information Exposure Vulnerability Jenkins vSphere Plugin: SSL/TLS Certificate Validation Bypass Vulnerability Improper Authorization Vulnerability in Jenkins vSphere Plugin Cross-Site Request Forgery Vulnerability in Jenkins vSphere Plugin 2.16 and Older Improper Neutralization of Script-Related HTML Tags in Zammad Email Subject (CWE-80) Vulnerability OpenFlow Handshake Vulnerability: Denial of Service and Unauthorized Access Code Execution Vulnerability in GNU Patch 2.7.6 via EDITOR_PROGRAM Invocation CMS Made Simple 2.2.7 - Incorrect Access Control Vulnerability in Password Recovery Function CWE-354: Improper Validation of Integrity Check Value in tlslite-ng version 0.7.3 and earlier Cross Site Scripting (XSS) Vulnerability in RisingStack Protect Version 1.2.0 and Earlier Directory Traversal Vulnerability in NSE Script http-fetch Cross Site Scripting (XSS) vulnerability in Parsedown prior to 1.7.0 Cross Site Scripting (XSS) Vulnerability in Floodlight Web Console Arbitrary HTTP Headers Injection in gunicorn version 19.4.5 Impersonation Vulnerability in LightSAML Prior to 1.3.5 Insecure Deserialization Vulnerability in OISF Suricata-Update 1.0.0a1 Improper Input Validation in nghttp2 ALTSVC Frame Handling Leading to Denial of Service Information Disclosure Vulnerability in Jenkins CLICommand and ViewOptionHandler Cross-Site Scripting Vulnerability in Jenkins 2.115 and Older Cross Site Scripting (XSS) Vulnerability in Imagely NextGEN Gallery 2.2.30 and Earlier Session Fixation Vulnerability in Jenkins Google Login Plugin 1.3 and Older Open Redirect Vulnerability in Jenkins Google Login Plugin 1.3 and Older Arbitrary File Override Vulnerability in Jenkins HTML Publisher Plugin Sensitive Information Exposure in Jenkins Email Extension Plugin Cross-Site Scripting Vulnerability in Jenkins S3 Plugin 0.10.12 and Older Remote Code Execution Vulnerability in Quassel 0.12.4 NULL Pointer Dereference Vulnerability in Quassel 0.12.4: Denial of Service Inadequate M-R Tests in RSA Key Pair Generation in Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and Earlier Unintended Read Access Vulnerability in Kitura 2.3.0 and Earlier Server-side request forgery vulnerability in Jenkins Git Plugin 3.9.0 and older Jenkins GitHub Plugin 1.29.0 and older: Sensitive Information Exposure Vulnerability Server-Side Request Forgery Vulnerability in Jenkins GitHub Plugin 1.29.0 and Older Server-side Request Forgery Vulnerability in Jenkins GitHub Branch Source Plugin Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older: Sensitive Information Exposure Vulnerability Sensitive Information Exposure in Jenkins Kubernetes Plugin 1.7.0 and Older: Passwords Written to Logs Server-Side Request Forgery Vulnerability in Jenkins CAS Plugin 1.4.1 and Older Command Execution Vulnerability in Jenkins Absint Astree Plugin 1.0.5 and Older Jenkins Black Duck Hub Plugin 4.0.0 and older: Sensitive Information Exposure Vulnerability Jenkins Black Duck Detect Plugin 1.4.0 and older: Sensitive Information Exposure Vulnerability Information Exposure Vulnerability in Jenkins: Plugin Enumeration User Name Collision Vulnerability in Jenkins Arbitrary File Read and Write Vulnerability in Jenkins Server-side Request Forgery Vulnerability in Jenkins 2.120 and Older: Arbitrary URL Submission and Response Verification Sensitive Information Exposure in Jenkins Gitlab Hook Plugin Improper Authorization Vulnerability in Jenkins Black Duck Hub Plugin 3.0.3 and Older XML External Entity (XXE) Processing Vulnerability in Jenkins Black Duck Hub Plugin 3.1.0 and Older Local Code Execution Vulnerability in Linux Kernel 3.18: modify_user_hw_breakpoint() Null Pointer Dereference Vulnerability in Linux Kernel 4.14, 4.15, and 4.16 DLL Hijacking Vulnerability in ruby-ffi v1.9.23 and earlier Persistent Cross-Site Scripting Vulnerability in Jenkins Groovy Postbuild Plugin 2.3.1 and Older Intentional Backdoor Vulnerability in Soar Labs Soar Coin: Theft of Soar Coins by onlycentralAccount Linux Kernel SG_IO ioctl Vulnerability Bypassing Verified Boot in U-Boot through Improper Input Validation Cross-Site Request Forgery (CSRF) Vulnerability in JFrog Artifactory 5.11 Incorrect Access Control Vulnerability in MODX Revolution <=2.6.4: Arbitrary File Creation via Phpthumb Class Directory Traversal Vulnerability in MODX Revolution <=2.6.4 Insecure Permissions Vulnerability in Sensu Core on Windows Platforms Insecure Direct Object Reference vulnerability in YamlDotNet version 4.3.2 and earlier Incorrect Access Control in Doorkeeper Token Revocation API CWE-772 Vulnerability in cJSON Library Allows for Denial of Service (DoS) Double Free Vulnerability in cJSON Library (CVE-2020-28928) CWE-416: Use After Free Vulnerability in cJSON Library (Versions 1.7.3 and Earlier) Cross Site Scripting (XSS) Vulnerability in OpenEMR v5_0_1_4's fax_view.php Cross Site Scripting (XSS) Vulnerability in OpenEMR v5_0_1_4 Buffer Overflow Vulnerability in pkgconf dequote() Function Double Free Vulnerability in Libgd version 2.2.5's gdImageBmpPtr Function Allows for Remote Code Execution Buffer Overflow Vulnerability in SoundTouch 2.0.0: Arbitrary Code Execution via SoundStretch/WavFile.cpp Godot Engine Serialization Vulnerability Cross Site Scripting (XSS) Vulnerability in Cobbler-Web Allows Privilege Escalation Cobbler XMLRPC API Incorrect Access Control Vulnerability Heap-based Buffer Overflow in curl versions 7.54.1 to 7.59.0 Buffer Over-read Vulnerability in curl 7.20.0 to 7.59.0 Privilege Escalation in Kubernetes CRI-O Prior to 1.9 Insufficiently Protected Credentials Vulnerability in Jenkins AWS CodePipeline Plugin Disclosure of Environment Variables in Jenkins AWS CodeDeploy Plugin Insufficiently Protected Credentials Vulnerability in Jenkins AWS CodeDeploy Plugin Insufficiently Protected Credentials Vulnerability in Jenkins AWS CodeBuild Plugin Arbitrary File Write Vulnerability in Jenkins 2.145 and Earlier Arbitrary HTML Rendering Vulnerability in Jenkins 2.145 and Earlier Denial of Service Vulnerability in Jenkins User Database Security Realm Session Fixation Vulnerability in Jenkins Information Exposure Vulnerability in Jenkins and Stapler Framework Cross-Site Request Forgery Vulnerability in Jenkins JUnit Plugin 1.25 and Earlier: TestObject.java Description Manipulation Improper Authorization Vulnerability in Jenkins Jira Plugin Allows Unauthorized Access to Credentials Cross-Site Scripting Vulnerability in Jenkins Config File Provider Plugin 3.1 and Earlier Cross-Site Request Forgery Vulnerability in Jenkins Config File Provider Plugin Cross-Site Scripting Vulnerability in Jenkins Rebuilder Plugin 1.28 and Earlier Reflected Cross-Site Scripting Vulnerability in Jenkins Job Config History Plugin Cross-Site Request Forgery Vulnerability in Jenkins Email Extension Template Plugin Improper Authorization Vulnerability in Jenkins HipChat Plugin 2.2.0 and Earlier Improper Authorization Vulnerability in Jenkins HipChat Plugin Allows Unauthorized Access to Credentials Improper Authorization Vulnerability in Jenkins Mesos Plugin Allows Unauthorized Access to Credentials Improper Authorization Vulnerability in Jenkins Mesos Plugin Allows Unauthorized Test Connection Improper Authorization Vulnerability in Jenkins Crowd 2 Integration Plugin 2.0.0 and Earlier Local File System Access Vulnerability in Jenkins Crowd 2 Integration Plugin Local File System Access Vulnerability in Jenkins Artifactory Plugin Insufficiently Protected Credentials Vulnerability in Jenkins SonarQube Scanner Plugin Arbitrary HTML Rendering Vulnerability in Jenkins Git Changelog Plugin Arbitrary Code Execution Vulnerability in Busybox Wget Applet via Missing SSL Certificate Validation Password Reset Vulnerability in Instant Update CMS File Inclusion Vulnerability in MyBB Group MyBB Admin Panel MyBB Group MyBB Incorrect Access Control Vulnerability in Private Forums ACE via File Inclusion Vulnerability in Redirection 2.7.3 Pass-through Mode CSRF Vulnerability in Tooltipy (tooltips for WP) Version 5.0 Allows Post Duplication Metronet Tag Manager 1.2.7 CSRF Vulnerability in Settings Page CSRF Vulnerability in WP User Groups 2.0.0 Allows Unauthorized Modification of User Groups and Types Cross Site Scripting (XSS) Vulnerability in WP ULike Plugin Allows Unauthorized Users to Gain Admin Privileges Serialisation Vulnerability in Redirection Version 2.7.1 Allows Arbitrary Code Execution Denial of Service Vulnerability in WP Image Zoom 1.23 WP ULike Plugin Incorrect Access Control Vulnerability in AJAX Cross Site Scripting (XSS) Vulnerability in Tooltipy Tooltipy (tooltips for WP) Version 5 Glossary Shortcode Cross Site Scripting (XSS) Vulnerability in LimeSurvey 3.0.0-beta.3+17110 Boxes CSRF Vulnerability in LimeSurvey 3.0.0-beta.3+17110 Allows Admin Box Deletion XML External Entity (XXE) Vulnerability in Ventrian News-Articles Version NewsArticles.00.09.11 Cross-Site Scripting (XSS) Vulnerability in Galaxy Project Galaxy v14.10 Buffer Overflow Vulnerability in BusyBox wget Improper Handling of Highly Compressed Data (Data Amplification) Vulnerability in aaugustin WebSockets Version 4 Session Fixation Vulnerability in aiohttp-session's RedisStorage Ciphersuite Allows Incorrectly Signed Certificates in ARM mbedTLS Cross Site Scripting (XSS) Vulnerability in BigTree-CMS Arbitrary Byte Injection Vulnerability in topydo's ListFormatParser::parse Integer Overflow Vulnerability in miniSphere's layer_resize() Function in map_engine.c PHP Object Injection Vulnerability in openpsa XML Injection Vulnerability in Openpsa RSS File Upload Feature Froxlor <= 0.9.39.5 PHP Object Injection Vulnerability in Domain Name Form Cross Site Scripting (XSS) Vulnerability in GONICUS GOsa Cross Site Scripting (XSS) vulnerability in Grails Fields plugin version 2.2.7 Incorrect Signature Validation in inversoft prime-jwt External Control of File Name or Path Vulnerability in beep Version 1.3 and Up Allows Local Users to Inhibit Execution of Arbitrary Programs, Allowing DoS Passing Incorrectly Sanitized Input to System Function in GitList <= 0.6 Joplin XSS Vulnerability Leading to Code Execution Local File Disclosure Vulnerability in LMS Module Allows Unauthorized File Access XSS Vulnerability in Medis Version 0.6.1 and Earlier: Unauthorized Code Execution via Key Name Parameter Buffer Overflow Vulnerability in Marlin Firmware Allows Arbitrary Code Execution via Crafted G-Code Instruction/File Unbounded Memory Allocation Vulnerability in Minio S3 Server Improper Verification of Cryptographic Signature in AES-GCM Encrypted JSON Web Tokens XML External Entity (XXE) Vulnerability in LoboEvolution Version < 9b75694cedfa4825d4a2330abf2719d470c654cd XML External Entity (XXE) Vulnerability in netbeans-mmd-plugin <= 1.4.3 XSS Code Execution Vulnerability in Akiee Version 0.0.3 Directory Traversal Vulnerability in RubyZip Gem Allows Arbitrary File Write XML External Entity (XXE) Vulnerability in Triplea Version <= 1.9.0.0.10291: Potential Information Disclosure and Remote Code Execution via Specially Crafted Game Data File (XML) Incorrect Access Control Vulnerability in coreBOS Version 7.0 and Earlier: Unauthorized Access to Contact Records XML External Entity (XXE) Vulnerability in Umlet Version < 14.3 Email / Username Enumeration Vulnerability in Wekan Version 1.04.0 Directory Traversal Vulnerability in Sympa Community Sympa Version Prior to 6.2.32 Authentication Bypass Vulnerability in Trovebox <= 4.0.0-rc6 SQL Injection Vulnerability in Trovebox Album Component Server-Side Request Forgery Vulnerability in Trovebox Webhook Component Unsafe Password Reset Token Generation Vulnerability in Trovebox Version <= 4.0.0-rc6 Reflected XSS Vulnerability in WordPress 4.8+ Plugins.php or Core WordPress on Delete Function Cross Site Scripting (XSS) Vulnerability in OCS Inventory NG version ocsreports 2.4 SQL Injection Vulnerability in OCS Inventory NG ocsreports 2.4 and 2.3.1 Cross Site Scripting (XSS) vulnerability in qutebrowser v0.11.0 (1179ee7a937fb31414d77d9970bac21095358449) Jenkins GitHub Plugin 1.29.1 and Earlier: Sensitive Information Exposure Vulnerability Arbitrary File Read Vulnerability in Jenkins SSH Credentials Plugin Session Fixation Vulnerability in Jenkins SAML Plugin Allows Unauthorized User Impersonation Jenkins Openstack Cloud Plugin Sensitive Information Exposure Vulnerability Persistent Cross-Site Scripting Vulnerability in Jenkins Badge Plugin 1.4 and Earlier Jenkins CollabNet Plugin Impersonation Vulnerability Server-Side Request Forgery Vulnerability in Jenkins URLTrigger Plugin 0.41 and Earlier Arbitrary File Write Vulnerability in Jenkins Fortify CloudScan Plugin 1.5.1 and Earlier Sensitive Information Exposure in Jenkins z/OS Connector Plugin Jenkins Configuration as Code Plugin: Sensitive Information Exposure Vulnerability Sensitive Information Exposure in Jenkins Configuration as Code Plugin Cross Site Scripting (XSS) Vulnerability in SURFnet OpenConext EngineBlock 5.7.0 to 5.7.3 Unsafe Reflection Vulnerability in Legion of the Bouncy Castle Java Cryptography APIs XML External Entity (XXE) Vulnerability in ONOS Controller Version 1.13.1 and Earlier Denial of Service Vulnerability in ONOS Controller's OVSDB Component XML External Entity (XXE) Vulnerability in ONOS Controller Allows Remote XXE Attacks via OpenConfig Terminal Device Denial of Service Vulnerability in Atlassian Floodlight Controller 1.2 and Earlier Versions Stack Overflow Vulnerability in abi_serializer in EOSIO/eos Unsanitized User Input in Ovidentia Allows Authenticated Remote Code Execution Insufficient Entropy in Eran Hammer Cryptiles 4.1.1: Increased Brute Force Probability Incorrect Access Control in Mycroft AI mycroft-core Websocket Configuration: Remote Code Execution Vulnerability Uncontrolled Search Path Element Vulnerability in Rustdoc Plugins JFrog Artifactory Directory Traversal and Remote Code Execution Vulnerability Denial of Service Vulnerability in Battelle V2I Hub 2.5.1 Hard-coded Credentials in Battelle V2I Hub 2.5.1 Allow Unauthorized Access Default API Key Bypass Vulnerability in Battelle V2I Hub 2.5.1 Unrestricted Access to API Key in Battelle V2I Hub 2.5.1 Remote Code Execution Vulnerability in Battelle V2I Hub 2.5.1 Cross-Site Scripting (XSS) Vulnerability in Battelle V2I Hub 2.5.1 SQL Injection Vulnerability in Battelle V2I Hub 2.5.1 SQL Injection Vulnerability in Battelle V2I Hub 3.0 XML Injection Vulnerability in dom4j Version Prior to 2.1.1 Information Exposure Through Log Files in OMERO.web Login and Change Password Forms Improper Access Control in OMERO.server User Management Allows Privilege Escalation Information Exposure Through Sent Data Vulnerability in OMERO.server 5.4.0 to 5.4.6 NULL Pointer Dereference Vulnerability in JerryScript Buffer Overflow Vulnerability in zcat of zutils Prior to Version 1.8-pre2: Potential Denial of Service or Arbitrary Code Execution Cross Site Scripting (XSS) Vulnerability in MiniCMS Version 1.1 XML External Entity (XXE) Vulnerability in LatexDraw Version <=4.0 Cross Site Scripting (XSS) Vulnerability in OpenCart-Overclocked version <=1.11.1 PHP Object Injection Vulnerability in YesWiki Version <= Cercopitheque Beta 1 Cross Site Scripting (XSS) Vulnerability in FlightAirMap v1.0-beta.21 XML External Entity (XXE) Vulnerability in Eclipse RDF4j XML Parser Authenticated Local File Disclosure Vulnerability in LibreHealthIO lh-ehr Version <REL-2.0.0: Import Template File Disclosure Authenticated Unrestricted File Write Vulnerability in LibreHealthIO LH-EHR Version REL-2.0.0 Authenticated Unrestricted File Deletion Vulnerability in LibreHealthIO lh-ehr Version REL-2.0.0 Authenticated Unrestricted File Write Vulnerability in LibreHealthIO lh-ehr REL-2.0.0 Authenticated Unrestricted File Write in letter.php (2) in LibreHealthIO lh-ehr version REL-2.0.0 SQL Injection Vulnerability in LibreHealthIO lh-ehr Version REL-2.0.0: User-Controlled Parameters Exploitation XML External Entity (XXE) Vulnerability in Stroom Version <5.4.5: Confidential Data Disclosure and Server-Side Request Forgery XML External Entity (XXE) Vulnerability in JabRef version <=4.3.1 SQL Injection Vulnerability in zzcms Version 8.3 and Earlier Denial of Service (DoS) Vulnerability in GNU Libtasn1-4.13 CWE-476: NULL Pointer Dereference Vulnerability in Jsish version 2.4.65 CWE-20: Improper Input Validation in Flask JSON Encoding Buffer Overflow Vulnerability in Rust Standard Library LimeSurvey File Upload Vulnerability Leading to Code Execution LimeSurvey File Upload Directory Traversal Remote Code Execution Vulnerability Insecure Permissions Vulnerability in Tock Version Prior to Commit 42f7f36e74088036068d62253e1d8fb26605feed CWE-476: NULL Pointer Dereference Vulnerability in Jsi_LogMsg (jsiUtils.c:196) in jsish version 2.4.67 Buffer Overflow Vulnerability in jsish version 2.4.70 2.047 in _jsi_evalcode function from jsiEval.c Improper Certificate Validation in daneren2005 DSub for Subsonic (Android client) version 5.4.1 Cross Site Scripting (XSS) vulnerability in Dojo Dojo Objective Harness (DOH) version prior to 1.14 Command Injection Vulnerability in GIG Technology NV JumpScale Portal 7 Memory Corruption Vulnerability in NASM (Versions 2.14rc15 and Earlier) Out-of-bounds Read Vulnerability in jsish version 2.4.70 2.047 Cross Site Request Forgery (CSRF) vulnerability in KOHA Library System versions 16.11.x and 17.05.x Cross Site Scripting (XSS) Vulnerability in KOHA Library System versions 16.11.x and 17.05.x CWE-601: Open Redirect and Reflected XSS via Data URIs in Sympa Version 6.2.16 and Later WordPress Thumbnail Processing Remote Code Execution Vulnerability NULL Base Pointer Reference Vulnerability in sys_ring_buf_put() and sys_ring_buf_get() in Zephyr-RTOS v1.12.0 Directory Traversal Vulnerability in Okular Allows Arbitrary File Creation Command Injection Vulnerability in Python 2.7's shutil Module (make_archive Function) Exposure of Private Email Addresses in Gitea Prior to Version 1.5.1 Buffer Overflow Vulnerability in Contiki-NG AQL Database Engine Allows Remote Code Execution Paramiko SSH Server Incorrect Access Control Vulnerability Use After Free Vulnerability in Python Cryptographic Authority pyopenssl Denial of Service Vulnerability in PKCS #12 Store in Python Cryptographic Authority pyopenssl Improper Input Validation in privacyIDEA Token Validation API Allows Denial-of-Service CWE-680: Integer Overflow to Buffer Overflow in Rust Standard Library Bludit Version 3.0.0 Unrestricted File Upload Vulnerability with Remote Command Execution Weak Password Recovery Mechanism in Artica Integria IMS version 5.0 MR56 Package 58 Cross Site Scripting (XSS) Vulnerability in Custom Class Names in Backdrop CMS Non-expiring Sessions Vulnerability in aiohttp-session Inline JavaScript Execution Vulnerability in Brave Software Inc. Brave Version 0.22.810 to 0.24.0 Cross Site Scripting (XSS) Vulnerability in Grafana 5.2.4 and 5.3.0 Allows Execution of Arbitrary JavaScript Code Incorrect Access Control vulnerability in Asset Pipeline Grails Plugin (Prior to 2.14.1.1, 2.15.1, and 3.0.6) allows Arbitrary File Download XML External Entity (XXE) Vulnerability in neo4j-contrib neo4j-apoc-procedures XML External Entity (XXE) Vulnerability in MicroMathematics SMathStudio Files XML External Entity (XXE) Vulnerability in codelibs fess GSA XML File Parser XML External Entity (XXE) Vulnerability in XML Parser for REST Server Object Stream Connection Vulnerability in MegaMek v0.45.1 and earlier: Confidential Data Disclosure, Denial of Service, SSRF, and Remote Code Execution XML External Entity (XXE) Vulnerability in FreeColXMLReader Parser Allows for Data Disclosure and Denial of Service Cross Site Scripting (XSS) Vulnerability in Microweber Admin Login Form Template User-controlled parameter vulnerability in Ubilling version <= 0.9.2: A Gateway to Data Disclosure, Denial of Service, SSRF, and Remote Code Execution XML External Entity (XXE) Vulnerability in FrostWire Desktop 6.7.4-build-272 Allows for Disclosure of Confidential Data and Denial of Service XML External Entity (XXE) Vulnerability in Anyplace Version Before Commit 80359b4 XML External Entity (XXE) Vulnerability in XR3Player Version <= V3.124: Confidential Data Disclosure and Denial of Service K9Mail v5.600 XML External Entity (XXE) Vulnerability: Confidential Data Disclosure and Denial of Service User-controlled Parameter Vulnerability in ZoneMinder <= 1.32.2: Confidential Data Disclosure, Denial of Service, SSRF, Remote Code Execution User-controlled Parameter Vulnerability in ZoneMinder <= 1.32.2: Confidential Data Disclosure, Denial of Service, SSRF, Remote Code Execution XML External Entity (XXE) Vulnerability in Runelite Parent 1.4.23: Risks and Consequences XML External Entity (XXE) Vulnerability in KeePassDX Version <= 2.5.0.0beta17: Confidential Data Disclosure and Denial of Service XML External Entity (XXE) Vulnerability in bw-calendar-engine-3.12.0: Confidential Data Disclosure, Denial of Service, SSRF, and Port Scanning XML External Entity (XXE) Vulnerability in UML Designer version <= 8.0.0 XML External Entity (XXE) Vulnerability in Autopsy <= 4.9.0: Confidential Data Disclosure and Denial of Service Arbitrary File Upload Vulnerability in LH-EHR REL-2_0_0: Remote Code Execution via Profile Picture Upload XML External Entity (XXE) vulnerability in Processing 3.4 and earlier allows arbitrary file reading and exfiltration via crafted XML document parsing Cross Site Scripting (XSS) Vulnerability in Zend.To prior to 5.15-1 Cross Site Scripting (XSS) vulnerability in FatFreeCRM versions <=0.14.1, >=0.15.0 <=0.15.1, >=0.16.0 <=0.16.3, >=0.17.0 <=0.17.2, ==0.18.0 (commit 6d60bc8ed010c4eda05d6645c64849f415f68d65) allows for Javascript execution Cross-Site Request Forgery (CSRF) vulnerability in Luigi API endpoint: /api/<method> XML External Entity (XXE) Vulnerability in Square Open Source Retrofit Cross-Site Request Forgery (CSRF) Vulnerability in FreshDNS 1.0.3 and Earlier: Privilege Escalation via Attacker's JavaScript Cross Site Scripting (XSS) Vulnerability in FreshDNS Account Data Form Cross Site Scripting (XSS) Vulnerability in Wampserver Prior to Version 3.1.5 Remote Code Execution Vulnerability in Alpine Linux' apk-tools Directory Traversal Vulnerability in Square Retrofit RequestBuilder Class Private Key Compromise Vulnerability in Copay Bitcoin Wallet RDP Server Memory Reading Vulnerability Remote Code Execution via ESI Directive Injection in esigate.org Cross Site Scripting (XSS) Vulnerability in easymon v1.4 and Earlier Cross Site Scripting (XSS) Vulnerability in DomainMOD Directory Traversal Vulnerability in log-user-session Version 0.7 and Earlier Allows User to Root Privilege Escalation Cross-Site Request Forgery (CSRF) Vulnerability in GnuPG version 2.1.12 - 2.2.11 Cross Site Scripting (XSS) Vulnerability in phpIPAM Version 1.3.2 and Earlier Stapler Web Framework Code Execution Vulnerability in Jenkins Information Exposure Vulnerability in Jenkins DirectoryBrowserSupport.java User Data Modification Vulnerability in Jenkins Denial of Service Vulnerability in Jenkins CronTab.java Sandbox Bypass Vulnerability in Script Security Plugin Allows Arbitrary Code Execution in Jenkins Sandbox Bypass Vulnerability in Pipeline: Groovy Plugin Allows Arbitrary Code Execution SQL Injection Vulnerability in WeBid Version up to 1.2.2: Database Read via Blind SQL Injection Cross Site Scripting (XSS) Vulnerability in WeBid User Login and Registration Pages SQL Injection Vulnerability in phpIPAM 1.3.2 CWE-79 Vulnerability in PHPipam 1.3.2 and Earlier: Remote Code Execution via User Settings HotelDruid HotelDruid 2.3.0 SQL Injection Vulnerability Resource Exhaustion Vulnerability in PyKMIP Server Denial-of-Service Vulnerability in Fasterxml Jackson-Modules-Java8 (CVE-2018-14718) Cross Site Scripting (XSS) Vulnerability in PHP cebe markdown parser versions 1.2.0 and earlier Authentication Bypass Vulnerability in BOINC Server and Website Code Integer Overflow Vulnerability in binutils objdump, bfd_get_dynamic_reloc_upper_bound, bfd_canonicalize_dynamic_reloc Double Free Vulnerability in libarchive RAR Decoder Use After Free Vulnerability in libarchive RAR Decoder CWE-476: NULL Pointer Dereference Vulnerability in libarchive/archive_acl.c Improper Input Validation in libarchive WARC Parser Allows DoS Attack Remote Command Execution Vulnerability in Traccar Server 4.0 and Earlier Directory Traversal Vulnerability in WeBid's getthumb.php Allows Arbitrary Image File Read Header Injection Vulnerability in Elixir Plug Plug Timing Discrepancy Information Exposure in Vesta CP Password Reset Command Injection Vulnerability in PHKP Version 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b Buffer Overflow Vulnerability in NASM (2.14.01rc5, 2.15) Allows for Stack Overflow and Program Crash Cross Site Scripting (XSS) Vulnerability in Peel Shopping Peel-Shopping_9_1_0 Version Unserialization and Object Injection Vulnerability in PEAR Archive_Tar XML External Entity (XXE) Vulnerability in Logisim Evolution 2.14.3 and Earlier Time Based Blind SQL Injection Vulnerability in FrontAccounting 2.4.5 Uncontrolled Resource Consumption Vulnerability in Bitcoin SV before 0.1.1 Uncontrolled Resource Consumption Vulnerability in Bitcoin SV before 0.1.1 Uncontrolled Resource Consumption Vulnerability in Bitcoin SV (CVE-2020-XXXX) Path Traversal Vulnerability in Jenkins Stapler Web Framework Cross Site Scripting (XSS) Vulnerability in FreeBSD CVSweb 2.x Scripting Engine Memory Corruption Vulnerability in Internet Explorer Division-by-Zero Vulnerability in NASM 2.14rc0's expr5 Function Denial of Service Vulnerability in OpenMPT and libopenmpt Buffer Overflow Vulnerability in G DATA Total Security ActiveX Control Blind SQL Injection Vulnerability in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 Reflected XSS Vulnerability in WordPress Arigato Autoresponder and Newsletter v2.5.1.8: Administrative Privileges Required Reflected XSS Vulnerability in WordPress Arigato Autoresponder and Newsletter v2.5.1.8: Administrative Privileges Required Reflected XSS Vulnerability in WordPress Arigato Autoresponder and Newsletter v2.5.1.8: Administrative Privileges Required Reflected XSS Vulnerability in WordPress Arigato Autoresponder and Newsletter v2.5.1.8: Administrative Privileges Required XSS Vulnerability in bft_list.html.php:43 via filter_signup_date Parameter Administrative Privilege XSS Vulnerability in integration-contact-form.html.php:14 Reflected XSS Vulnerability in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 Reflected XSS Vulnerability in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 with Administrative Privileges Reflected XSS Vulnerability in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 via Unsubscribe Page Denial of Service Vulnerability in Linux Kernel's SAS SCSI Host Driver Arbitrary File Overwrite Vulnerability in kubectl cp Command Command Line Argument Injection Vulnerability in Kubernetes on Windows Nodes Kubernetes API Server URL Redirection Vulnerability Vulnerability: DNS Rebinding Attack on Minikube Kubernetes Dashboard Public Exposure of Prometheus Metrics in Kubernetes Ingress Default Backend (Versions < 1.5) Kubernetes API Server Proxy Upgrade Vulnerability Incorrect Access Control Vulnerability in Koji Versions 1.12-1.15 Plexus-Archiver Directory Traversal Vulnerability (Zip-Slip) Zip-Slip: Arbitrary File Write Vulnerability in zt-zip Zip-Slip: Arbitrary File Write Vulnerability in zip4j Zip-Slip: Arbitrary File Write Vulnerability in Unzipper npm Library (<=0.8.13) Zip-Slip: Arbitrary File Write Vulnerability in adm-zip npm Library DotNetZip.Semvered before 1.11.0 Vulnerability: Zip-Slip Directory Traversal SharpCompress before 0.21.0 Directory Traversal Vulnerability Zip-Slip Vulnerability in mholt/archiver Golang Package SharpZipLib Directory Traversal Vulnerability (Zip-Slip) Zip-Slip Vulnerability in QuaZIP before 0.7.6 Allows Arbitrary File Write Cross-Site Scripting (XSS) Vulnerability in Catfish CMS V4.7.21 via pinglun Parameter Clear-text User Credentials Exposed in ubiQuoss Switch VP5208A's bcm_password File Reflected XSS Vulnerability in WeChat Module of YzmCMS 3.7.1 Arbitrary Code Execution Vulnerability in ESTsoft ALZip Sensitive Information Disclosure in joyplus-cms 1.6.0 via Direct Request to install/ or log/ URI Reflected XSS in CMS Made Simple 2.2.7 via m1_name parameter in admin/moduleinterface.php Microsoft JET Database Engine Remote Code Execution Vulnerability CSRF Vulnerability in CMS Made Simple 2.2.7 admin/siteprefs.php CSRF Vulnerability in CMS Made Simple 2.2.7's admin/moduleinterface.php Reflected XSS Vulnerability in CMS Made Simple 2.2.7 via m1_version Parameter Stored XSS in CMS Made Simple 2.2.7 via metadata parameter in admin/siteprefs.php VBScript Engine Remote Code Execution Vulnerability in Windows CSRF Vulnerability in iScripts eSwap v2.4 Admin Panel XSS Vulnerability in iScripts eSwap v2.4 Admin Panel Microsoft SharePoint Elevation of Privilege Vulnerability SQL Injection Vulnerability in iScripts eSwap v2.4 via registration_settings.php ddlFree Parameter XSS Vulnerability in iScripts SupportDesk v4.3 via txtinteligentsearch Parameter XSS Vulnerability in iScripts SupportDesk v4.3 via admin/inteligentsearchresult.php txtinteligentsearch Parameter Remote Code Execution Vulnerability in H2 1.4.197 Memory Access and Heap Buffer Overflow Vulnerability in TensorFlow XLA Compiler Arbitrary File Write Vulnerability in cgminer 4.10.0 and bfgminer 5.5.0 Stack-based Buffer Overflow in cgminer and bfgminer Remote Management Interface Cross-Site Scripting (XSS) Vulnerability in Cacti before 1.1.37 Unsanitized Input in Cacti's sanitize_uri Function Leads to XSS Vulnerability XSS Vulnerability in Cacti before 1.1.37 Remote Command Execution Vulnerability in Convert Forms Extension for Joomla! OpenVPN Server Certificate Verification Bypass in MikroTik RouterOS 6.41.4 XSS Vulnerability in jDownloads Extension for Joomla! Memory Disclosure Vulnerability in Microsoft Office Denial of Service Vulnerability in MikroTik Version 6.41.4 Denial of Service Vulnerability in Jungo DriverWizard WinDriver 12.6.0 Denial of Service Vulnerability in Jungo DriverWizard WinDriver 12.6.0 XSS Vulnerability in joyplus-cms 1.6.0 via keyword parameter in manager/admin_vod.php NULL pointer dereference vulnerability in hi3660_stub_clk_probe function in Linux kernel before 4.16 Zoho ManageEngine EventLog Analyzer 11.12 XSS Vulnerability in Import Logs Feature Cross-Site Scripting Vulnerability in Zoho ManageEngine EventLog Analyzer 11.12 Geist WatchDog Console 3.2.2 XXE Vulnerability: Arbitrary File Read Geist WatchDog Console 3.2.2 - Remote XSS Vulnerability via Server Description Weak ACL in Geist WatchDog Console 3.2.2 allows unauthorized modification of configuration data OpenType Font Driver Elevation of Privilege Vulnerability in Windows Adobe Type Manager Font Driver (ATMFD.dll) Vulnerability: Unauthorized DNS Settings Changes in Secutech RiS Devices Admin Password Reset Vulnerability in CMS Made Simple (CMSMS) 2.2.6 Physical Path Leakage in CMS Made Simple (CMSMS) 2.2.7 Arbitrary File Deletion Vulnerability in CMS Made Simple (CMSMS) 2.2.7 Privilege Escalation Vulnerability in CMS Made Simple (CMSMS) 2.2.6 PHP Object Injection Vulnerability in CMS Made Simple (CMSMS) 2.2.6 Arbitrary Code Execution Vulnerability in CMS Made Simple (CMSMS) Admin Dashboard Denial of Service Vulnerability in Linux Kernel's kernel_wait4 Function Unspecified Buffer Overflow Vulnerability in XiongMai uc-httpd 1.0.0 Windows DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability XSS Vulnerability in AudioCodes IP Phone 420HD Firmware 2.2.12.126 Arbitrary Command Execution in Dolibarr Admin Panel Remote Code Execution Vulnerability in AudioCodes IP Phone 420HD Firmware Version 2.2.12.126 Arbitrary SQL Command Execution in Dolibarr before 7.0.2 Arbitrary Web Script Injection in Dolibarr before 7.0.2 XSS Vulnerability in joyplus-cms 1.6.0 via device_name Parameter Cross-Site Scripting (XSS) Vulnerability in Domain Trader 2.5.3 via recoverlogin.php email_address Parameter Denial of Service Vulnerability in MicroWorld eScan Internet Security Suite for Business 14.0.1400.2029 Cross-Site Search (XS-Search) Vulnerability in Google Monorail Windows Font Library Remote Code Execution Vulnerability Unvalidated Redirection Vulnerability in WordPress Login Page (pre-4.9.5) Vulnerability: Localhost URL Validation Issue in WordPress XSS Vulnerability in WordPress 4.9.5 and Earlier Versions SMB Data Printing Vulnerability in tcpdump (Issue 1 of 2) SMB Data Printing Vulnerability in tcpdump before 4.9.3 (Issue 2 of 2) D-Link DIR-815 REV. B Firmware Permission Bypass and Information Disclosure Vulnerability Cross-Site Scripting (XSS) Vulnerability in D-Link DIR-815 REV. B Firmware Cross-Site Scripting (XSS) Vulnerability in D-Link DIR-815 REV. B Firmware Stored XSS Vulnerability in Monstra CMS 3.0.4: Exploiting Editor Role in Blog Catalog Microsoft Excel Remote Code Execution Vulnerability Cross-Site Scripting (XSS) Vulnerability in D-Link DIR-615 T1 Devices via Add User Feature Unbounded Memory Allocation Vulnerability in GEGL Remote Code Execution Vulnerability in GEGL through 0.3.32 Unbounded Memory Allocation Vulnerability in GEGL Remote Denial of Service Vulnerability in GEGL through 0.3.32 Uninitialized Memory Vulnerability in 7-Zip RAR Decoder Objects CSRF Vulnerability in idreamsoft iCMS V7.0.7 Allows Unauthorized Addition of Admin Account Stored XSS Vulnerability in Monstra CMS 3.0.4 via Name Field on Create New Page Screen Use-after-free vulnerability in StgSmallStrm class in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 Windows Font Library Remote Code Execution Vulnerability Heap-based Buffer Overflow in LibreOffice's SwCTBWrapper::Read Function Stored XSS Vulnerability in Monstra CMS 3.0.4 via Admin Page Title Field Arbitrary File Read Vulnerability in QingDao Nature Easy Soft Chanzhi Enterprise Portal System (aka chanzhieps) pro1.6 Arbitrary File Read and Append Vulnerability in p910nd on Inteno IOPSYS 2.0 through 4.2.0 Denial of Service Vulnerability in Linux Kernel's kill_something_info Function XSS Vulnerability in Contao System Log (Before 4.5.7) NULL Pointer Dereference in LibTIFF 4.0.9's jpeg_fdct_16x16 Function CSRF Vulnerability in XYHCMS 3.5 Allows Unauthorized Account Addition Cross-Site Scripting (XSS) Vulnerability in XYHCMS 3.5 via test Parameter in index.php Windows Font Library Remote Code Execution Vulnerability CSRF Vulnerability in PbootCMS v0.9.8 Allows PHP Code Injection PHP Code Injection Vulnerability in PbootCMS v0.9.8 Reflected XSS Vulnerability in iScripts eSwap v2.4 User Panel Stored XSS in manage_settings section of iScripts UberforX 2.2 Admin Panel CSRF Vulnerability in iScripts UberforX 2.2 Admin Panel Cross-Site Scripting (XSS) Vulnerability in CATALooK.netStore Module for DNN Arbitrary JavaScript and HTML Injection Vulnerability in PAN-OS GlobalProtect Gateway Microsoft SharePoint Elevation of Privilege Vulnerability PAN-OS Management Web Interface Session Shutdown Vulnerability Arbitrary JavaScript and HTML Injection in GlobalProtect Portal Login Page Expedition Migration Tool 1.0.106 and Earlier File Enumeration Vulnerability Remote Code Execution Vulnerability in Palo Alto Networks Expedition Migration Tool Windows Font Library Remote Code Execution Vulnerability Windows Font Library Remote Code Execution Vulnerability Stored Cross-site scripting (XSS) vulnerability in TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows through portalPictureUpload functionality. Stored Cross-site scripting (XSS) vulnerability in TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows Lack of Anti-CSRF Tokens in TP-Link EAP Controller and Omada Controller Allows for Authenticated Request Forgery Hard-coded Cryptographic Key Vulnerability in TP-Link EAP Controller and Omada Controller Privilege Escalation Vulnerability in TP-Link EAP and Omada Controllers Privilege Escalation Vulnerability in ProtonVPN 1.3.3 for Windows Privilege Escalation Vulnerability in NordVPN 6.12.7.0 for Windows Root Privilege Escalation Vulnerability in Kromtech MacKeeper 3.20.4 Privilege Escalation via Large Memory Pages Option in 7-Zip Arbitrary File Upload Vulnerability in Digital Guardian Management Console 7.1.2.0015 Digital Guardian Management Console 7.1.2.0015 SSRF Vulnerability XXE Vulnerability in Digital Guardian Management Console 7.1.2.0015 Directory Traversal Vulnerability in Digital Guardian Management Console 7.1.2.0015 Denial of Service Vulnerability in ImageMagick 7.0.7-28 via Crafted MNG File FromDocToPDF Chrome Extension Information Disclosure Vulnerability Internet Explorer Remote Code Execution Vulnerability Cross-Site Scripting (XSS) Vulnerability in BigTree 4.2.22 Heap Overflow Vulnerability in HAProxy CSRF Vulnerability in TuziCMS v2.0.6 Allows Unauthorized Admin Account Creation Heap-based Buffer Over-read in r_hex_bin2str function in radare2 2.5.0 Heap-based Buffer Over-read in dalvik_op Function in radare2 2.5.0 CSRF Vulnerability in phpMyAdmin 4.8.0 before 4.8.0-1 Allows Arbitrary SQL Execution Cookie Manipulation Vulnerability in Mautic Allows Systematic Emulation of Tracking Chakra Scripting Engine Remote Code Execution Vulnerability in Microsoft Edge Elevated Privileges Execution Vulnerability in PIA VPN Client v77 for Windows Integer Overflow Vulnerability in mruby 1.4.0: Use-After-Free in OP_GETUPVAR Handling Root Privilege Escalation Vulnerability in IPVanish 3.0.11 for macOS Denial of Service Vulnerability in LogMeIn LastPass through 4.15.0 Buffer Overflow in set_text_distance function in Artifex Ghostscript PDF Writer Information Leakage in lrzsz Before Version 0.12.21~rc Graphviz 2.40.1 - NULL Pointer Dereference Vulnerability in rebuild_vlists Function Time-Based Blind SQL Injection Vulnerability in ELO ELOenterprise and ELOprofessional Access Manager Component Customer Ticket Information Disclosure Vulnerability in OTRS 6.0.x Use-after-free vulnerability in mruby's File#initialize_copy() method allows for arbitrary code execution Internet Explorer Remote Code Execution Vulnerability Arbitrary File Read Vulnerability in NComputing vSpace Pro 10 and 11 SYSTEM Privilege Escalation Vulnerability in PureVPN 6.0.1 for Windows Memory leaks in container_setup_modules and hyper_rescan_scsi functions in hyperstart 1.0.0 Stored XSS Vulnerability in Vaultize Enterprise File Sharing 17.05.31 via File Request Message Field Missing Authorization Vulnerability in Vaultize Enterprise File Sharing 17.05.31 Allows Unauthorized File Export Anonymous Reflected XSS Vulnerability in Vaultize Enterprise File Sharing Stored XSS Vulnerability in Vaultize Enterprise File Sharing 17.05.31 Microsoft Edge Information Disclosure Vulnerability User Enumeration through Password-Reset Feature in Vaultize Enterprise File Sharing 17.05.31 Improper Authorization in Vaultize Enterprise File Sharing 17.05.31 Improper Authorization Vulnerability in Vaultize Enterprise File Sharing 17.05.31 Cross-Site Scripting (XSS) Vulnerability in Vaultize Enterprise File Sharing 17.05.31 Physical Path Leakage in baijiacms V3 via index.php?mod=mobile&name=member&do=index Request ChakraCore Memory Corruption Vulnerability in Microsoft Browsers SSRF Vulnerability in Glastopf 3.1.3-dev with Intentional Behavior Persistent XSS Vulnerability in WUZHI CMS V4.1.0 Allows Administrator Cookie Theft CSRF Vulnerability in idreamsoft iCMS V7.0 Allows Unauthorized Column Addition CSRF Vulnerability in YzmCMS 3.8 Allows Unauthorized Admin Account Addition CSRF Vulnerability in YzmCMS 3.8 Allows Unauthorized Tag Addition SQL Injection Vulnerability in ThinkPHP 3.1.3 via index.php s Parameter XSS Vulnerability in MiniCMS v1.10 via mc-admin/conf.php site_link Parameter Arbitrary Script Injection in LimeSurvey 3.6.2+180406 Accelerating Micro-Architectural Attacks: Exploiting GPU Memory Module Vulnerability via WebGL API Edge and ChakraCore Remote Code Execution Vulnerability XSS Vulnerability in Zend Debugger (ZSR-2455) Unspecified Cross-Site Scripting (XSS) Vulnerability in TOPdesk CSRF Vulnerability in TOPdesk Allows Authentication Hijacking Lack of Cross-Site Request Forgery (CSRF) Mitigations in User Profile & Membership Plugin for WordPress Authenticated Cross-Site Scripting in User Profile & Membership Plugin Arbitrary PHP Code Execution in POSCMS 3.2.10 via 'index' Function in Setting.php Arbitrary PHP Code Execution in POSCMS 3.2.18 via 'add' Function in Syscontroller.php Unbounded Memory Allocation Vulnerability in Google Guava 11.0 through 24.x Buffer Overflow in bvlc.c of skarg BACnet Protocol Stack bacserv 0.9.1 and 0.8.5: Lack of Packet-Size Validation Privilege Escalation Vulnerability in Infoblox NIOS Support Access Feature Session Token Brute-Force Vulnerability in SolarWinds Serv-U MFT Denial of Service Vulnerability in SolarWinds Serv-U: Crash via Specially Crafted URL Suricata 4.0.4 SSH Banner Parsing Vulnerability Heap-based Buffer Over-read in LibHTP 0.5.26 via Authorization Digest Header Integer Overflow Vulnerability in Suricata 4.0.4 EtherNet/IP PDU Parsing Full Path Disclosure Vulnerability in AWStats through 7.6 Allows Remote Attackers to Obtain Server Path CSRF Vulnerability in WUZHI CMS 4.1.0 Allows Unauthorized Article Deletion CSRF Vulnerability in baijiacms V3 Allows Unauthorized Administrator Account Creation Memory Object Handling Vulnerability in Microsoft Browsers XSS Vulnerability in iCMS V7.0.8 via admincp.php Keywords Parameter Remote Code Execution and Full System Control Vulnerability in Sierra Wireless AirLink Routers Insecure Session Cookie Generation in Actiontec WCB6200Q Devices Stack Memory Mishandling in Paessler PRTG Network Monitor before 18.1.39.1648 Stack-based Buffer Over-read in NASM 2.13 Disasm Function CSV Injection Vulnerability in clustercoding Blog Master Pro v1.0 Allows Command Injection and Code Execution SQL Injection Vulnerability in HRSALE The Ultimate HRM v1.0.2 Allows Unauthorized SQL Query Modification CSV Injection Vulnerability in HRSALE The Ultimate HRM v1.0.2 CSV Injection Vulnerability in Shopy Point of Sale v1.0 Allows Code Execution HRSALE The Ultimate HRM v1.0.2: Authenticated Stored XSS Vulnerability for Low Privileged Users Microsoft Office Remote Code Execution Vulnerability (CVE-2018-XXXX) HRSALE The Ultimate HRM v1.0.2 - Local File Inclusion Vulnerability CSRF Vulnerability in HongCMS v3.0.0 Allows Unauthorized Administrator Account Creation CSRF Vulnerability in BEESCMS 4.0 Allows Unauthorized Administrator Account Addition CSRF Vulnerability in WTCMS 1.0 Allows Unauthorized Addition of Administrator Account XSS Vulnerability in FastAdmin V1.0.0.20180417_beta via User Avatar Parameter Microsoft Excel Remote Code Execution Vulnerability Office Graphics Remote Code Execution Vulnerability SQL Injection Vulnerability in CliqueMania Loja Virtual 14 via patch/remote.php id Parameter in Recomendar Action SQL Injection Vulnerability in Adaltech G-Ticket v70 EME104 via mobile-loja/mensagem.asp eve_cod Parameter Insecure Authentication Mechanism in Ericsson-LG iPECS NMS A.1Ac Web Application Sensitive Information Disclosure in Ericsson-LG iPECS NMS A.1Ac Web Application Infinite Loop Denial of Service Vulnerability in MuPDF 1.13.0 Microsoft Excel Remote Code Execution Vulnerability Cross-Site Scripting (XSS) Vulnerability in Flexense DiskBoss Enterprise v7.4.28 to v9.1.16 CSRF Vulnerability in ChemCMS v1.0.6 Allows Unauthorized Administrator Account Creation XSS Vulnerability in MiniCMS V1.10 via mc-admin/post-edit.php Title Parameter Stored XSS Vulnerability in DiscuzX through X3.4 via portal.php?mod=portalcp&ac=article URI Reflected XSS Vulnerability in Discuz! DiscuzX through X3.4 via forum.php?mod=post&action=newthread The batchOverflow Vulnerability in Beauty Ecosystem Coin (BEC) Smart Contract Microsoft Office Remote Code Execution Vulnerability Arbitrary Script Injection in Web-Dorado Instagram Feed WD Plugin Arbitrary Script Injection in Web-Dorado Instagram Feed WD Plugin for WordPress Use-After-Free Remote Code Execution Vulnerability in Foxit Reader and PhantomPDF Use-After-Free Remote Code Execution Vulnerability in Foxit Reader and PhantomPDF Improper Variable Usage in MessageSearch2 Function in Simple Machines Forum (SMF) Allows Access Restriction Bypass Cross-Site Scripting (XSS) vulnerability in ILIAS 5.1.x through 5.3.x before 5.3.4 in class.ilDateDurationInputGUI.php and class.ilDateTimeInputGUI.php Cross-Site Scripting (XSS) Vulnerability in error.php of ILIAS 5.2.x through 5.3.x before 5.3.4 XSS Vulnerability in Responsive Cookie Consent Plugin for WordPress Persistent Cross-Site Scripting Vulnerability in Catapult UK Cookie Consent Plugin for WordPress Persistent XSS Vulnerability in WUZHI CMS 4.1.0 via tag[pinyin] Parameter CSRF Vulnerability in WUZHI CMS 4.1.0 Allows Password Reset for Common Members Persistent XSS vulnerability in WUZHI CMS 4.1.0 via form%5Bqq_10%5D parameter Open-AudIT Community 2.2.0 XSS Vulnerability in Component Name Parameter Endless While Loop Vulnerability in NASM 2.14rc0 XSS Vulnerability in Frog CMS 0.9.5 via Edit Page Metadata XSS Vulnerability in Frog CMS 0.9.5 via Edit Snippet Microsoft SharePoint Server Elevation of Privilege Vulnerability XSS Vulnerability in Frog CMS 0.9.5 via Edit Layout Stored Cross Site Scripting Vulnerability in Frog CMS 0.9.5 via Admin Site title in Settings Denial of Service Vulnerability in xfs_dinode_verify Function NULL pointer dereference vulnerability in xfs_bmap_extents_to_btree function in Linux kernel through 4.16.3 Multiple Authenticated Stored XSS Vulnerabilities in PrinterOn Enterprise 4.1.3 PrinterOn Enterprise 4.1.3 Local User Credential Disclosure Hardcoded Password Vulnerability in Momentum Axel 720P 5.1.8 Devices Reflected XSS Vulnerability in phpIPAM 1.3.1's Mac Lookup Tool Microsoft SharePoint Server Elevation of Privilege Vulnerability Windows Security Feature Bypass Vulnerability: Device Guard Bypass SQL Injection Remote Code Execution Vulnerability in Trend Micro Smart Protection Server SQL Injection Vulnerability in Trend Micro Email Encryption Gateway 5.5 SQL Injection Vulnerability in Trend Micro Email Encryption Gateway 5.5 SQL Injection Information Disclosure Vulnerability in Trend Micro Email Encryption Gateway 5.5 Remote Code Execution Vulnerability in Trend Micro Email Encryption Gateway 5.5 Authentication Weakness in Trend Micro Email Encryption Gateway 5.5 Allows Password Recovery via DBCrypto Class Flaw SQL Injection Remote Code Execution in Trend Micro Email Encryption Gateway 5.5 Directory Traversal Vulnerability in Trend Micro Endpoint Application Control 2.0 Allows Remote Code Execution Privilege Escalation Vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG Pool Corruption Privilege Escalation Vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG NTFS Access Control Vulnerability Out-of-Bounds Read Vulnerability in libmagic.a Privilege Escalation via Insecure Handling of Temporary Files in KTextEditor Vulnerability: Loose Comparison in phpLiteAdmin Login Arbitrary Data Manipulation in WpDevArt Booking Calendar Plugin XSS Vulnerability in BigTree Users Management Page XSS Vulnerability in Threads to Link Plugin 1.3 for MyBB Cross-Site Scripting (XSS) Vulnerability in Users Plugin 1.4.5 for October CMS Stored XSS Vulnerability in WUZHI CMS 4.1.0 Content-Management Feature Stored XSS Vulnerability in WUZHI CMS 4.1.0 Extension Module System Announcement Intelbras Win 240 V1.1.0 Devices: Cross-site Scripting (XSS) Vulnerability Allows Unauthorized Admin Password Modification Uninitialized Memory Disclosure in Microsoft Visual Studio PDB Compilation Persistent Cross-Site Scripting Vulnerability in wunderfarm WF Cookie Consent Plugin 1.1.3 for WordPress Heap-based Buffer Over-read Vulnerability in process_cu_tu_index in GNU Binutils 2.30 NULL pointer dereference vulnerability in concat_filename in dwarf2.c in GNU Binutils allows remote attackers to cause a denial of service (crash) via a crafted binary file. XSS Vulnerability in EasyCMS 1.3 via s POST Parameter Arbitrary PHP Code Execution via File Uploading Vulnerability in DedeCMS V5.7 SP2 ProxyOverflow: Unauthorized Increase of Digital Assets in SmartMesh Smart Contract Improper Certificate Validation in PortSwigger Burp Suite: Potential Data Exposure Persistent XSS Vulnerability in GitLab's Move Issue Feature Memory Object Handling Vulnerability in Windows Kernel Symlink Attack Vulnerability in KDE KWallet Privilege Escalation Vulnerability in TunnelBear 3.2.0.6 for Windows XSS Vulnerability in MODX Revolution 2.6.3 XSS Vulnerability in Lantronix SecureLinx Spider (SLS) 2.2+ Auth.asp Login Page Heap-based Overflow Vulnerability in TFTP Server SP 1.66 and Earlier Format String Vulnerability in TFTP Server SP 1.66 and Earlier: Remote Code Execution and Denial of Service Format String Vulnerability in TFTP Server MT 1.65 and Earlier .NET Framework Device Guard Security Feature Bypass Vulnerability Cross-Site Scripting (XSS) Vulnerability in WUZHI CMS 4.1.0 via email parameter in index.php?m=member&v=register URI Heap-based Buffer Overflow in libvorbis 1.3.6 Stack-based Buffer Over-read in bark_noise_hybridmp function in libvorbis Windows Code Integrity Module Denial of Service Vulnerability Universal/fat binary evasion vulnerability in F-Secure XFENCE and Little Flocker Universal/fat binary evasion vulnerability in Objective-See security tools Vulnerability: Universal/Fat Binary Evasion in Google Santa and molcodesignchecker Universal/fat binary evasion vulnerability in Yelp OSXCollector Universal/fat binary evasion vulnerability in Carbon Black Cb Response Vulnerability: Universal/Fat Binary Evasion of Third-Party Code Signing Checks in VirusTotal Denial of Service Vulnerability in RemoteMessageChannel Server Side Request Forgery in Moodle 3.x Filepicker Stored XSS Vulnerability in HongCMS 3.0.0 via Post News Feature Directory Listing Vulnerability in MiniCMS 1.10 Full Path Disclosure in MiniCMS 1.10 via Modified id Field in mc-admin/post-edit.php Process Termination Vulnerability in Shanghai 2345 Security Guard 3.7.0 Reflected Cross-Site Scripting Vulnerability in ILIAS Arbitrary PHP Code Execution Vulnerability in Cosmo 1.0.0Beta6 Bypassing Blocked Hosts List in Moodle 3.x with Multiple A Record Hostnames Stored XSS Vulnerability in DiliCMS Admin Panel Remote Code Execution Vulnerability in D-Link DIR-615 2.5.17 Devices via Host Field in System/Traceroute Screen Remote Denial of Service Vulnerability in Pexip Infinity (TLS Handshakes in RTMP) Quiz Results Disclosure Vulnerability in Moodle 3.x XSS Vulnerability in Moodle 3.x Calendar Event Name Buffer Overflow in PowerDNS dnsreplay Tool Incorrect Access Control in Jamf Pro 10.x before 10.3.0 Blind SQL Injection Vulnerability in Zoho ManageEngine ADAudit Plus before 5.0.0 build 5100 The transferFlaw Vulnerability in Useless Ethereum Token (UET) Smart Contract Implementation Arbitrary JSP File Upload and Execution in b3log Symphony 2.6.0 Path Traversal Vulnerability in Wildfly 9.x Allows Information Disclosure Inconsistent Code Signature Validation in Little Snitch Versions 4.0 to 4.0.6 Denial of Service Vulnerability in Xen Hypervisor (CVE-2017-5754 Fix) Arbitrary File Read Vulnerability in Xen through 4.10.x via QMP Live CDROM Insertion Remote Code Execution Vulnerability in Foxit Reader 9.0.0.29935 via U3D CLOD Base Mesh Continuation Structures Arbitrary Code Execution via U3D Shading Objects in Foxit Reader 9.0.0.29935 Remote Code Execution Vulnerability in Foxit Reader 9.0.0.29935 via U3D Light Node Parsing Remote Code Execution Vulnerability in Foxit Reader 9.0.0.29935 via U3D Model Node Parsing Arbitrary Code Execution via U3D Chain Index Parsing Vulnerability in Foxit Reader 9.0.0.29935 Remote Code Execution Vulnerability in Foxit Reader 9.0.0.29935 via U3D Texture Coord Dimensions Parsing Remote Code Execution Vulnerability in Foxit Reader 9.0.0.29935 via U3D Key Frame Parsing Undertow AJP Connector Path Traversal Vulnerability Remote Code Execution Vulnerability in Foxit Reader 9.0.0.29935 via U3D Node Name Buffer Overflow Remote Code Execution Vulnerability in Foxit Reader 9.0.0.29935 via U3D Texture Resource Handling Remote Code Execution Vulnerability in Foxit Reader 9.0.0.29935 via U3D Texture Image Format Object Arbitrary Code Execution via U3D Clod Progressive Mesh Parsing in Foxit Reader 9.0.0.29935 Remote Code Execution Vulnerability in Foxit Reader 9.0.0.29935 via U3D Node Objects Remote Code Execution Vulnerability in Foxit Reader 9.0.0.29935 via U3D Texture Height Structures (ZDI-CAN-5412) Remote Code Execution Vulnerability in Foxit Reader 9.0.0.29935 via U3D Image Index Parsing Remote Code Execution Vulnerability in Foxit Reader 9.0.0.29935 via U3D Parsing Arbitrary Code Execution via U3D Texture Width Parsing Vulnerability in Foxit Reader 9.0.0.29935 Arbitrary Code Execution via U3D Clod Progressive Mesh Declaration Parsing in Foxit Reader 9.0.0.29935 Race Condition in systemd Prior to 234: Denial of Service Vulnerability Arbitrary Code Execution via JPEG Parsing in Foxit Reader 9.0.0.29935 Arbitrary Code Execution via U3D Bone Weight Modifier Structures in Foxit Reader 9.0.0.29935 Remote Code Execution Vulnerability in Foxit Reader 9.0.0.29935 via U3D Clod Progressive Mesh Continuation Structures Remote Code Execution Vulnerability in Foxit Reader 9.0.1.1049 via U3D Final Maximum Resolution Attribute Arbitrary Code Execution via U3D 3DView Parsing Vulnerability in Foxit Reader 9.0.1.1049 Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.0.29935 (ZDI-CAN-5586) Remote Code Execution Vulnerability in Samsung Internet Browser (ZDI-CAN-5326) Privilege Escalation via Samsung Email's Handling of EML Files Samsung Email Local File Disclosure Vulnerability Arbitrary Code Execution via URL Handling in Samsung Galaxy Apps (ZDI-CAN-5330) Denial of Service Vulnerability in Samba's RPC Spoolss Service Privilege Escalation via Push Message Handling in Samsung Galaxy Apps Privilege Escalation Vulnerability in Samsung Notes (ZDI-CAN-5358) Privilege Escalation Vulnerability in Samsung Galaxy Apps (ZDI-CAN-5359) CSRF Vulnerability in baijiacms V4 v4_1_4_20170105 Allows Unauthorized Account Manipulation CSV Injection Vulnerability in WebDorado Form Maker by WD Plugin for WordPress Pool Corruption Privilege Escalation Vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG Information Disclosure Vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG Vulnerability: Bypassing Unauthorized Change Prevention in Trend Micro OfficeScan Elevation of Account Permissions Vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG Browser Refresh Attack Vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG Incomplete Fix for CVE-2016-9606 Allows Yaml Unmarshalling in Resteasy via YamlProvider Critical Remote Code Execution Vulnerability in Trend Micro Control Manager (Versions 6.0 and 7.0) Server-Side Request Forgery (SSRF) Vulnerability in Trend Micro Control Manager Trend Micro Control Manager Reverse Proxy DLL Manipulation Vulnerability Privilege Escalation via Deserialization Vulnerability in Trend Micro Security 2018 (Consumer) Products Privilege Escalation Vulnerability in Trend Micro Security 2018 Products Remote Code Execution Vulnerability in CMS Made Simple (CMSMS) File Unpack Operation Sensitive Information Disclosure and Denial of Service Vulnerability in CMS Made Simple (CMSMS) 2.2.7 Remote Code Execution Vulnerability in CMS Made Simple (CMSMS) through 2.2.7 via Module Import Operation Arbitrary File Deletion Vulnerability in CMS Made Simple (CMSMS) 2.2.7 Privilege Escalation Vulnerability in CMS Made Simple (CMSMS) 2.2.7 Memory Disclosure Vulnerability in PostgreSQL 10.x: Arbitrary Server Memory Read via Table Partitioning Arbitrary File Deletion Vulnerability in CMS Made Simple (CMSMS) 2.2.7 Arbitrary File Movement Vulnerability in CMS Made Simple (CMSMS) 2.2.7 Sensitive Information Disclosure Vulnerability in CMS Made Simple (CMSMS) through 2.2.7 Physical Path Leakage Vulnerability in CMS Made Simple (CMSMS) 2.2.7 Stored XSS Vulnerability in EasyCMS 1.3: Article Posting Fields Affected Stack-based Buffer Overflow in utf2char function in LibRaw 0.18.9 Out-of-Bounds Read in LibRaw X3F Property Table List Implementation Insecure File Creation Vulnerability in PostgreSQL pg_upgrade UDP Amplification Vulnerability in America's Army Proving Grounds Hardcoded Root SSH Credentials Vulnerability in EE 4GEE HH70VB-2BE8GB3 HH70_E1_02.00_19 Devices Out-of-bounds Memory Write Vulnerability in libbfd NULL pointer dereference vulnerability in ignore_section_sym function in libbfd allows for denial of service Memory Writing Vulnerability in WavPack WAV Parser Component Multiple Format Chunks Vulnerability in WavPack 5.1.0 and Earlier Out-of-bounds Write Vulnerability in WavPack WAV Input Out-of-Bounds Write Vulnerability in WavPack DSDiff Input Denial of Service Vulnerability in 389-ds-base via LDAP Search Filters Out-of-Bounds Write Vulnerability in WavPack 5.1.0 and Earlier Unauthenticated Administrative Interface in Meross MSS110 Devices (1.1.24) Dumpable FPM Child Processes Vulnerability Infinite Loop Vulnerability in PHP's iconv Stream Filter Reflected XSS Vulnerability in PHP PHAR Error Pages LDAP Server Denial of Service Vulnerability Out-of-bounds read vulnerability in exif_read_data in PHP Unrestricted Access to Target and Tenant Tag Variables in Octopus Deploy Directory Traversal Vulnerability in Nagios XI 5.4.13 Cross-Site Scripting (XSS) Vulnerabilities in Nagios XI 5.4.13 Out-of-Bounds Heap Buffer Read Vulnerability in advancecomp Authentication Bypass Vulnerability in Dasan GPON Home Routers Command Injection Vulnerability in Dasan GPON Home Routers Critical Cross-Site Scripting (XSS) Vulnerability in Flexense SyncBreeze Cross-Site Scripting (XSS) Vulnerability in Flexense DiskPulse Enterprise v10.4 to v10.7 Cross-Site Scripting (XSS) Vulnerability in Flexense DiskSavvy Enterprise v10.4 to v10.7 Cross-Site Scripting (XSS) Vulnerability in Flexense DupScout Enterprise v10.0.18 to v10.7 Cross-Site Scripting (XSS) Vulnerability in Flexense VX Search Enterprise v10.1.12 to v10.7 Cross-Site Scripting (XSS) Vulnerability in Flexense DiskSorter Enterprise v9.5.12 to v10.7 XSS Vulnerability in Edimax EW-7438RPn Mini v2 (Version 1.26) SSID Field LDAP Password Modification Vulnerability in Samba 4 AD DC XSS Vulnerability in Frog CMS 0.9.5 via admin_username Field in /install/index.php Multiple Reflected Cross-Site Scripting (XSS) Vulnerabilities in OpenEMR before 5.0.1 Bypassing Access Restrictions in OpenEMR Patient File Letter Interface Bypassing Access Restrictions in OpenEMR Fax Dispatch Interface Arbitrary PHP Code Execution via .htaccess File Upload in BigTree 4.2.22 and Earlier Hardcoded SSH Credentials Vulnerability on WatchGuard AP Devices Improper Authentication Handling in WatchGuard AP Devices Arbitrary Code Execution via File Upload on WatchGuard AP Devices Authentication Bypass Vulnerability in WatchGuard AP Devices PostgreSQL Privilege Escalation Vulnerability XSS Vulnerability in Latest Posts on Profile Plugin 1.1 for MyBB Unauthorized Access to Tenant Variables in Octopus Deploy Automatic SMB Connection Initiation in LibreOffice and Apache OpenOffice Writer Remote Denial of Service Vulnerability in Pexip Infinity (XML Parsing) Multiple Stored Cross-Site Scripting (XSS) Vulnerabilities in NetGain Enterprise Manager (EM) Versions Before 10.1.12 OS Command Injection Vulnerabilities in NetGain Enterprise Manager (EM) Versions Before 10.0.57: Remote Code Execution Path Traversal Vulnerability in Advantech WebAccess Vulnerability: Memory Exposure in DPDK vhost-user Interface Information Exposure Vulnerability through Directory Listing in Advantech WebAccess Origin Validation Error Vulnerability in Advantech WebAccess Hard-coded Credentials Vulnerability in Yokogawa STARDOM Controllers Privilege Escalation Vulnerability in DB Manager and PerformA Stack Buffer Overflow in Delta Industrial Automation COMMGR SQL Injection Vulnerability in ReadA Version 1.1.0.2 and Previous on BD Kiestra Systems Insecure VPN Connection in Medtronic 2090 CareLink Programmer Allows Local Network Attack Memory Access Vulnerability in IntelliVue and Avalon Monitors Out-of-Bounds Read Vulnerabilities in CNCSoft Version 1.00.83 and Prior with ScreenEditor Version 1.00.54 Unauthenticated Memory Reading Vulnerability in IntelliVue and Avalon Monitors Catastrophic Backtracking Vulnerability in Python's pop3lib's apop() Method Unsanitized Input Vulnerability in SEL AcSELerator Architect Version 2.2.24.0 and Prior Vulnerability: Stack Overflow in IntelliVue and Avalon Monitors Multiple Stack-Based Buffer Overflow Vulnerabilities in WECON LeviStudio Versions 1.8.29 and 1.8.44 Unauthenticated Remote Control Vulnerability in Martem TELEM GW6 and GWM Devices Directory Traversal Vulnerability in SEL Compass Version 3.0.5.1 and Prior Unprivileged User Control and Configuration Modification Vulnerability in Martem TELEM GW6/GWM Heap-based Buffer Overflow Vulnerabilities in WECON LeviStudio Versions 1.8.29 and 1.8.44 Denial of Service Vulnerability in Martem TELEM GW6 and GWM Devices Denial of Service Vulnerability in AcSELerator Architect FTP Client Improper Data Sanitization in Martem TELEM GW6 and GWM Devices: Cross-Site Scripting and Code Execution Vulnerability Catastrophic Backtracking Vulnerability in difflib.IS_LINE_JUNK Method Out-of-Bounds Vulnerability in LeviStudioU Versions 1.8.29 and 1.8.44 Remote Code Execution via Java RMI Input Port in GE MDS PulseNET and MDS PulseNET Enterprise 3.2.1 and Prior Default Access and Communication Vulnerability in CODESYS Control V3 Products XML External Entity (XXE) Vulnerability in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior LeviStudioU XML External Entity (XXE) Vulnerability Directory Traversal Vulnerability in GE MDS PulseNET and MDS PulseNET Enterprise Version 3.2.1 and Prior Improper Input Validation Vulnerability in ABB Panel Builder 800 Heap Buffer Overflow in Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior Weak Password Hash Vulnerability in Davolink DVW-3200N (Versions prior to 1.00.06) Unquoted Search Path Vulnerability in RSLinx Classic and FactoryTalk Linx Gateway Incomplete Zeroing of Disks in oVirt: Potential Data Exposure Vulnerability Stack-based Buffer Overflow Vulnerability in AVEVA InduSoft Web Studio and InTouch Machine Edition Stack Buffer Overflow in Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior Vulnerability: Insecure Storage of Per-Product Credentials in Medtronic MyCareLink Patient Monitor Memory Buffer Read Vulnerability in Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and Prior Improper Error Handling in Johnson Controls Metasys System and BCPro (BCM) Allows Information Disclosure Authentication Bypass Vulnerability in Medtronic MyCareLink Patient Monitor SOAP API Vulnerability in Echelon SmartServer and i.LON Devices Buffer Overflow Vulnerability in AVEVA InTouch Software Vulnerability: Symbolic Link Attack in Context Relabeling of Filesystems in policycoreutils 2.5-11 Unauthenticated Access to Crestron TSW-X60 and MC3 Devices Vulnerability: Unauthorized Code Execution via Medtronic N'Vision Clinician Programmer and Application Card Denial-of-Service Vulnerability in Moxa NPort 5210, 5230, and 5232 Versions 2.9 Build 17030709 and Prior Hard-coded Credentials Vulnerability in Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100 Cleartext Transmission Vulnerability in Medtronic Insulin Pumps Remote Code Execution Vulnerability in Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100 Multiple Stack-Based Buffer Overflow Vulnerabilities in CNCSoft Version 1.00.83 and Prior with ScreenEditor Version 1.00.54 Buffer Overflow Vulnerability in Fuji Electric V-Server Lite 4.0.3.0 and Prior Vulnerability: Resource Exhaustion in libvirt (CVE-2018-5748) Vulnerability: Cleartext Password Change in D-Link DIR-601 A1 1.02NA Devices Command Injection Vulnerability in Combodo iTop 2.4.1: Remote Code Execution via Platform Configuration Privilege Escalation Vulnerability in Golden Frog VyprVPN for Windows SYSTEM Privilege Escalation Vulnerability in CyberGhost 6.5.0.3180 for Windows SYSTEM Privilege Escalation Vulnerability in SaferVPN 4.2.5 for Windows Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 and 10.7 Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.7 before RP3 Netfilter Subsystem NULL Pointer Dereference Vulnerability Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 and 10.7 Open Redirect Vulnerabilities in Citrix XenMobile Server 10.8 and 10.7 Critical Sensitive Data Leakage Vulnerability in Citrix XenMobile Server 10.7 before RP3 XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 and 10.7 Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 and 10.7 Unicode Buffer Overflow (SEH) in DLPnpAuditor.exe Denial of Service Vulnerability in Matrix Synapse before 0.28.1 Axis IP Cameras Multiple Models Memory Corruption Vulnerability Axis IP Cameras Multiple Models Memory Corruption Vulnerability NULL Pointer Dereference Vulnerability in CIFS Server Setup Axis IP Cameras: Shell Command Injection Vulnerability Axis IP Cameras: Access Control Bypass Vulnerability Axis IP Cameras: Exposed Insecure Interface Vulnerability Axis IP Cameras Vulnerability: Incorrect Size Calculation Axis IP Cameras: Memory Corruption Vulnerability XSS Vulnerability in ILIAS 5.3.4 through unsanitized output of PHP_SELF Vulnerability: Public setOwner Function Allows Ownership Acquisition and Variable Modification in Aurora IDEX Membership (IDXM) Smart Contract Undertow Web Server Vulnerability: Arbitrary HTTP Header Injection and Response Splitting Use-after-free vulnerability in do_get_mempolicy function in Linux kernel before 4.12.9 Remote File Download Vulnerability in CeNova, Night OWL, Novo, Pulnix, QSee, Securus, and TBK Vision DVR Devices Heap-based Buffer Overflow in MiniUPnP ngiflib 0.4 MyBB 1.8.15 Remote Redirection Vulnerability Linux 4.x Kernel Privilege Escalation Vulnerability Stored Cross Site Scripting Vulnerability in Z-BlogPHP 1.5.2 via Website Title Setting Unauthenticated Access and Remote Code Execution in WildFly 10.1.2.Final Unauthenticated Access Vulnerability in WildFly 10.1.2.Final Use-after-free vulnerability in lrzip 0.631 allows for remote denial of service or potential impact Reflected XSS and Remote PHP Code Execution in Vesta Control Panel 0.9.8-20 Buffer Overflow in blktrace (Block IO Tracing) 1.2.0 Vulnerability: Access Control Override for Container Network Filesystems in Red Hat OpenShift Enterprise 3.7 Insecure Default Configuration Allows Sniffing and Data Compromise on Moxa AWK-3121 Devices Unauthenticated File Download Vulnerability in Moxa AWK-3121 1.14 Devices Missing HttpOnly Flag in Session Cookie on Moxa AWK-3121 1.14 Devices Buffer Overflow Vulnerability in Moxa AWK-3121 1.14 Devices Open Wi-Fi Connection Vulnerability on Moxa AWK-3121 1.14 Devices Buffer Overflow Vulnerability in Moxa AWK-3121 1.14 Devices CSRF Vulnerability in Moxa AWK-3121 1.14 Web Interface Command Injection Vulnerability in Moxa AWK-3121 1.14 Devices Default Unencrypted TELNET Service on Moxa AWK-3121 1.14 Devices Command Injection Vulnerability in Moxa AWK-3121 1.14 Devices Improper Input Validation in Openshift Routing Configuration Leads to Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerability in Moxa AWK-3121 1.19 Devices Buffer Overflow Vulnerability in Moxa AWK-3121 1.14 Devices Command Injection Vulnerability in Moxa AWK-3121 1.14 Devices Buffer Overflow Vulnerability in Moxa AWK-3121 1.14 Devices XSS Vulnerability in yidashi yii2cmf 2.0 via /search q Parameter Vulnerability: Contract Ownership Acquisition and Denial of Service Attack in Aurora DAO (AURA) Smart Contract MultiOverflow: Unauthorized Increase of Digital Assets in Social Chain (SCA) Smart Contract Elevated Privilege Code Execution Vulnerability in ASRock RGBLED, A-Tuning, F-Stream, and RestartToUEFI Stack-based Buffer Overflow in zsh's exec.c:hashcmd() Function Arbitrary Physical Memory Read/Write Vulnerability in ASRock RGBLED, A-Tuning, F-Stream, and RestartToUEFI Vulnerability: Arbitrary Ring-0 Code Execution via ASRock RGBLED and A-Tuning Drivers Elevated Privilege Code Execution Vulnerability in ASRock RGBLED, A-Tuning, F-Stream, and RestartToUEFI Memory Corruption and Arbitrary Code Execution Vulnerability in D-Link DSL-3782 EU 1.01 Devices Process Termination Vulnerability in Shanghai 2345 Security Guard 3.7.0 Heap-based Buffer Overflow in DecodeGifImg Function of MiniUPnP ngiflib 0.4 Remote Code Execution Vulnerability in Call of Duty Modern Warfare 2 Information Exposure Through Log Files in ovirt-engine Privilege Escalation via Symlink Chain in Cylance CylancePROTECT Hardcoded Admin Password Vulnerability in Directus 6.4.9 Stored XSS Vulnerability in Datenstrom Yellow 0.7.3 via Edit Page Action Fabrikar Fabrik Component Reflected XSS Vulnerability Buffer Overflow Vulnerability in Phoenix Contact Managed FL SWITCH 3xxx, 4xxx, 48xx Products Unauthenticated Configuration File Reading Vulnerability in Phoenix Contact Managed FL SWITCH Products User Account Enumeration Vulnerability in oVirt Engine Web Console Login Form Phoenix Contact Managed FL SWITCH 3xxx, 4xxx, 48xx Products Firmware OS Command Injection Vulnerability Buffer Overflow Vulnerability in Phoenix Contact Managed FL SWITCH 3xxx, 4xxx, 48xx Products Sensitive Information Disclosure in Dataiku DSS REST API Heap-Based Buffer Over-Read Vulnerability in libgxps through 0.3.0 Backdoor Vulnerability in KONGTOP DVR Devices: Password Disclosure via Print_Password Function SQL Injection Vulnerability in Nagios XI before 5.4.13 via admin/commandline.php Cname Parameter SQL Injection Vulnerability in Nagios XI 5.4.13 via admin/info.php Key1 Parameter SQL Injection Vulnerability in Nagios XI 5.4.13 via admin/logbook.php txtSearch Parameter SQL Injection Vulnerability in Nagios XI 5.4.13 via admin/menuaccess.php chbKey1 Parameter Process Termination Vulnerability in Shanghai 2345 Security Guard 3.7.0 Power Management Credential Exposure in oVirt Engine API and Administration Web Portal Remote Code Execution in Axublog 1.1.0 via Injection of PHP Code in webkeywords Parameter Buffer Overflow Vulnerability in D-Link DSL-3782 EU 1.01 Devices Memory Corruption and Arbitrary Code Execution Vulnerability in D-Link DSL-3782 EU 1.01 Memory Corruption and Arbitrary Code Execution Vulnerability in D-Link DSL-3782 EU 1.01 Memory Corruption and Arbitrary Code Execution Vulnerability in D-Link DSL-3782 EU 1.01 Unfiltered Password Logging Vulnerability in oVirt-Engine Memory Corruption and Arbitrary Code Execution Vulnerability in D-Link DSL-3782 EU 1.01 Integer Overflow in OMACP WAP Push Message Processing on Samsung S7 Edge (SVE-2018-11463) Stored XSS Vulnerability in Tagregator Plugin 0.6 for WordPress via Title Field Stack-based Buffer Overflow in abcm2ps Music Delayed_Output Function Use-after-free vulnerability in libtransmission/variant.c in Transmission before 3.00 Authentication Bypass via SQL Injection in CSP MySQL User Manager 2.3.1 CSRF Vulnerability in Datenstrom Yellow 0.7.3 Allows Unauthorized Article Deletion Arbitrary Command Execution and SQL Injection in Project Pier 0.8.8 and Earlier Unrestricted File Upload Vulnerability in ProjectPier 0.88 and Earlier Cross-Site Scripting (XSS) Vulnerabilities in Synametrics SynaMan 4.0 Build 1488 via Partial Branding Configuration Page Stack-based Buffer Over-read Vulnerability in libgxps NULL Pointer Dereference in AnnotPath::getCoordsLength Function in Poppler 0.24.5 Vulnerability: Cross-Token Replay Attack in SmartMesh (SMT) Smart Contract Implementation XXE Vulnerability in Spacewalk 2.6 API: Disclosure of Sensitive Server Information Unauthenticated Configuration Download Vulnerability in ShenZhen Anni 5 in 1 XVR Devices Stack-based Buffer Overflow in get_key function in abcm2ps through 8.13.20 Denial of Service and Potential Remote Code Execution in Exiv2 through 0.26 Remote Denial of Service Vulnerability in bibutils through 6.2 Remote Denial of Service Vulnerability in bibutils through 6.2 Remote Denial of Service Vulnerability in bibutils through 6.2 Denial of Service Vulnerability in mp3gain through 1.5.2-r2 Buffer Overflow in WriteMP3GainAPETag Function in mp3gain through 1.5.2-r2: Remote Code Execution and Denial of Service Vulnerability Read Access Violation in III_dequantize_sample Function in mp3gain Allows Remote Attackers to Cause Denial of Service or Other Impact Heap-based Buffer Over-read in LibTIFF 3.8.2's TIFFWriteScanline Function Vulnerability in OpenDayLight Version Carbon SR3 and Earlier: Traffic Flow Reconciliation Exploit Heap-Based Buffer Over-Read in Exiv2 0.26's Image.cpp Privilege Escalation via Malicious REST Call in pcsd Service Memory Allocation Failure in AP4_CttsAtom Class in Bento4 1.5.1.0 File Upload Vulnerability in Liferay 6.2.x and Earlier Versions Denial of Service and Potential Impact Vulnerability in 2345 Security Guard 3.7 Continuous Page Reload Vulnerability in Brave Browser Hang Issue Caused by Mishandling of Long URL in Brave Browser Reversed ACL Rules Vulnerability in Dogtag PKI Memory Leaks in TIFFClientOpen Function in LibTIFF 3.8.2 Arbitrary Script Injection via CSRF in Zoho ManageEngine NetFlow Analyzer v12.3 Memory Leak in WriteTIFFImage in ImageMagick 7.0.7-28 Memory Leak in ReadYCBCRImage in ImageMagick 7.0.7-28 Reflected Cross Site Scripting Vulnerability in Frog CMS 0.9.5 via file[current_name] Parameter Denial of Service Vulnerability in 2345 Security Guard 3.7 Unauthenticated users can spam admin email via PayPal enrol script in Moodle Cross-Site Scripting Vulnerability in LiveZilla Live Chat 7.0.9.5 and Prior via Accept-Language HTTP Header Remote Denial of Service Vulnerability in strongSwan 5.6.0 and Older due to Missing Variable Initialization Cleartext Storage of Digital Currency Initial Keys in Bitpie Application Hardcoded Secrets in Dedos-web 1.0 Allow Privilege Escalation via Session Cookie Manipulation Clear-text Storage of SMTP Credentials in Synametrics SynaMan 4.0 build 1488 Sensitive Cluster Information Disclosure Vulnerability XSS Vulnerability in Severalnines ClusterControl before 1.6.0-4699 OAuth2 Authentication Bypass Vulnerability in Moodle 3.4 to 3.4.1 and 3.3 to 3.3.4 Arbitrary Code Injection via Search Panel in BlackCatCMS 1.3 Directory Traversal Vulnerability in D-Link Web Interface Arbitrary Code Execution via Shell Command Injection in D-Link DWR Devices Plaintext Storage of Administrative Password in D-Link Routers Unauthenticated and Unencrypted BLE Communication in Mimo Baby 2 Devices Enables Fake Information Injection Denial of Service (Memory Consumption) Vulnerability in LiteCart before 2.1.2 Denial of Service Vulnerability in Alps Pointing-device Driver 10.1.101.207 Buffer Overflow Vulnerability in Zsh Shell Autocomplete Functionality Denial of Service and Potential Impact Vulnerability in 2345 Security Guard 3.7 Equihash Solution Verifier Vulnerability in Z-NOMP ModbusPal 1.6b XML External Entity (XXE) Vulnerability Integer Overflow Vulnerability in Qemu Emulator's NE2000 NIC Emulation Integer Overflow Vulnerability in Corosync's exec/totemcrypto.c Heap-Based Buffer Overflow Vulnerability in Linux Kernel's ext4_xattr_set_entry() Function Privilege Escalation Vulnerability in GlusterFS Server Nodes Privilege Escalation in Openshift Container Platform's Source-to-Image Component GnuTLS HMAC-SHA-256 Vulnerability: Lucky Thirteen Style Attack Vulnerability: GnuTLS HMAC-SHA-384 Lucky Thirteen Attack CacheBleed: Exploiting a Cache-based Side Channel in GnuTLS for Plain Text Recovery in Cross-VM Attacks Authentication Bypass Vulnerability in Prosody Versions 0.10.2 and 0.9.14 Misconfigured SSL Client Certificate Authentication in Openshift-ansible Race Condition in 389-ds-base Persistent Search Handling Leading to Denial of Service Memory Leak Vulnerability in PowerDNS Server and Recursor SSSD Vulnerability: Unauthorized Access to Sudo Rules via Wide-Permission UNIX Pipe Privilege Escalation Vulnerability in Linux Kernel KVM Hypervisor Stored Cross-Site Scripting Vulnerability in CloudForms v2v Infrastructure Mapping Delete Feature Sensitive Data Exposure in Ansible 2.5 and 2.4 Privilege Escalation Vulnerability in Podman Private Data Exposure and Exfiltration Vulnerability in git-annex Heap-Buffer Overflow in Samba Clients: Arbitrary Code Execution Vulnerability Information Exposure Vulnerability in git-annex: Decryption of Unstored Encrypted Data Vulnerability: Debug Parameter Removal Bypass in pcsd REST Interface Directory Traversal Vulnerability in perl-archive-zip's Archive::Zip Module Ceph Mon Vulnerability: Unauthorized Pool Deletion and Snapshot Corruption Zip Slip vulnerability in WildFly Core before version 6.0.0.Alpha3 allows for arbitrary file overwrite through crafted .war archives. Improper Configuration in redhat-certification 7 Allows Unauthorized Access to Sensible Information Uncontrolled Resource Consumption Vulnerability in redhat-certification Unauthenticated Remote Restart Vulnerability in Red Hat Certification 7 Unauthenticated User Can Remove System Files via /configuration View in Redhat-Certification 7 Unrestricted File Access Vulnerability in Redhat-Certification 7 Package XML Entity Expansion Denial of Service Vulnerability in Red Hat Certification 7 Arbitrary File Download Vulnerability in Red Hat Certification KVM Stack Switch Privilege Escalation Vulnerability Path Traversal Vulnerability in redhat-certification Cleartext Storage of Sensitive Information in 389-ds-base Vulnerability in Linux Kernel Handling of Exceptions via Mov SS or Pop SS Instructions SPICE Vulnerability: Code Generation Bounds Check Bypass Vulnerability: Arbitrary Code Execution via Inventory Variables in Ansible Arbitrary Code Execution Vulnerability in Ansible Use-After-Free Vulnerability in Linux Kernel's ext4 Filesystem Code Vulnerability: Out-of-Bound Access in ext4_ext_drop_refs() Function in Linux Kernel Out-of-Bounds Write Vulnerability in Linux Kernel's ext4 Filesystem Use-after-free vulnerability in ext4_xattr_set_entry function allows for denial of service Privilege Escalation Vulnerability in Gluster 3.x Snapshot Scheduler Stack-Out-of-Bounds Write Vulnerability in Linux Kernel's ext4 Filesystem Code Vulnerability in Linux Kernel's ext4 Filesystem Allows Denial of Service and System Crash Out-of-Bound Write Vulnerability in Linux Kernel's ext4 Filesystem Out-of-Bounds Write Vulnerability in Linux Kernel's ext4 Filesystem Cross-Site Request Forgery (CSRF) Vulnerability in Ansible Tower Denial of Service (DoS) Vulnerability in Atomic-OpenShift Routing Integer Overflow and Out-of-Bounds Read Vulnerability in libgit2 Out-of-Bound Read Vulnerability in libgit2 Privacy Leakage in Moodle Data Export Logs LDAP Buffer Overflow Vulnerability in 389-ds-base Hidden Categories Disclosure Vulnerability in Moodle JavaScript Execution Vulnerability in Moodle Vulnerability: Unrestricted Access to /proc/acpi Pathnames in Docker/Moby Vulnerability: Integer and Buffer Overflow in spice-client's LZ Compressed Frames Handling SAML Authentication Bypass in Keycloak 3.4.3.Final Arbitrary Code Execution via Cross-Site Request Forgery in qutebrowser Insecure SSH Host Key Management in Cloud-Init Directory Traversal Vulnerability in reposync Allows Remote File Copy and System Compromise Default Credentials Vulnerability in OpenStack TripleO Heat Templates Jolokia 1.2 to 1.6.1 Vulnerability: Remote Code Execution via System-Wide CSRF Sensitive Secrets Exposure in Pulp API Access Privilege Escalation via Password Helper Injection in Network Manager VPNC Plugin Privilege Escalation Vulnerability in Linux Kernel's KVM Virtualization Subsystem Double Free Vulnerability in Raw MIDI Kernel Driver Vulnerability: Insecure Tag Length Validation in python-cryptography Arbitrary Code Execution Vulnerability in GlusterFS Server Improper Security Setting in dRuby Component of CloudForms Management Engine Allows Privilege Escalation Vulnerability: Restriction Bypass in fusermount with SELinux Stack-based Buffer Overflow Vulnerability in GlusterFS Server Unbounded Resource Consumption in vdsm's qemu-img Invocation Denial of Service Vulnerability in Linux Kernel's flush_tmregs_to_thread Function Unauthenticated Pairing Vulnerability in Bluez Vulnerability: Memory Leakage in glusterfs dic_unserialize Function Infinite Loop Denial of Service Vulnerability in Keycloak GlusterFS Server Information Disclosure Vulnerability: File Existence Disclosure via xattr Request Remote Denial of Service Vulnerability in GlusterFS FUSE xattr Request Handling libpq Vulnerability: Bypassing Connection Security and SQL Injection through PQescape() Malfunction Remote File Name Sanitization Vulnerability in lftp Improper Path Parsing Vulnerability in Pulp 2.16.x and Older Null Pointer Dereference Vulnerability in Samba Server Samba Active Directory LDAP Server Information Disclosure Vulnerability Denial of Service Vulnerability in ext4_iget Function Cache Poisoning Vulnerability in Knot Resolver before 2.4.1 Integer Overflow Vulnerability in ttembed Input File Processing Input Validation Flaw in ttembed Allows for Denial of Service Attack Arbitrary Device Creation and Data Leakage Vulnerability in GlusterFS Server Node Memory Leak Vulnerability in GlusterFS Client Code Authorization Bypass and Arbitrary Memory Read Vulnerability in PostgreSQL Arbitrary Code Execution and Path Traversal Vulnerability in glusterfs Server Vulnerability: Information Leakage and Remote Denial of Service in GlusterFS Server Arbitrary Symlink Creation Vulnerability in GlusterFS Server Arbitrary File Creation and Code Execution Vulnerability in GlusterFS Server Out-of-Bounds Read and System Crash Vulnerability in ext4_valid_block_bitmap Function Vulnerability: Unauthorized Write Access in GlusterFS Server via gfs3_rename_req RPC Request Cobbler 2.6.x XMLRPC Interface Remote Code Execution Vulnerability Vulnerability: Unsanitized Buffer in lldptool Version 1.0.1 and Older Unauthorized Access Vulnerability in libssh Server-Side State Machine XSS Vulnerability in JBoss Management Console Allows Privilege Escalation LDAP Server Crash Vulnerability via ldapsearch with Server Side Sort in 389 Directory Server Insecure SSL Certificate Validation in postgresql-jdbc Cross-Site Scripting (XSS) Vulnerability in Openshift Container Platform 3.11's tetonic-console Component Denial-of-Service Vulnerability in Linux Kernel's cipso_v4_optptr() Function Persistent XSS Vulnerability in Zimbra Web Client (ZWC) via Contact Group NULL pointer dereference vulnerability in ext4_fill_super function in Linux kernel through 4.15.15 Incorrect Bounds Check in CDROM Driver Allows Reading of Kernel Memory Arbitrary Code Execution via File Upload in Attribute Wizard Addon for PrestaShop Arbitrary String Denial of Service Vulnerability in Barco ClickShare CSE-200 and CS-100 Base Units Critical Vulnerability: Exploitable Dividend Theft in ROC Smart Contract Remote Denial of Service Vulnerability in Mongoose 6.11 Arbitrary Password Disclosure in Polycom RealPresence Debut Vulnerability: Persistent Admin Cookie in Polycom RealPresence Debut Persistent XSS in Synacor Zimbra Admin UI in Zimbra Collaboration Suite before 8.8.0 beta 2 via mail addresses Account Enumeration Vulnerability in Zimbra Collaboration Suite 8.8 and earlier versions Denial of Service Vulnerability in Linux Kernel's ext4_xattr_check_entries Function Information Exposure through Verbose Error Messages in Zimbra Collaboration Suite Zimbra Collaboration Suite 8.8 and earlier versions: Unauthorized Access to zimbraSSLPrivateKey via Admin SOAP API Denial of Service and Potential Impact Vulnerability in 2345 Security Guard 3.7 Denial of Service and Potential Impact Vulnerability in 2345 Security Guard 3.7 Denial of Service and Potential Impact Vulnerability in 2345 Security Guard 3.7 Denial of Service and Potential Impact Vulnerability in 2345 Security Guard 3.7 Directory Traversal Vulnerability in IPConfigure Orchid Core VMS 2.0.5 CSRF Vulnerability in D-Link DIR-868L Devices Allows Unauthorized Admin Password Change SIGABRT vulnerability in Exiv2 0.26 due to large size value in types.cpp Untrusted Search Path Vulnerability in Avecto Defendpoint SQL Injection Vulnerability in Foreman Dashboard Controller Local Privilege Escalation in Shanghai 2345 Security Guard 3.7.0 Denial of Service Vulnerability in LibTIFF's TIFFWriteDirectorySec() Function Session Hijacking Vulnerability in GamerPolls 0.4.6 Remote Code Execution Vulnerability on D-Link DIR-550A and DIR-604M Devices Default TELNET Account Backdoor Access Vulnerability on D-Link DIR-550A and DIR-604M Devices SQL Injection Vulnerability in Pie Register Plugin for WordPress (Versions before 3.0.10) Vulnerability: User Credential Exposure in Foreman Denial of Service Vulnerability in Free Lossless Image Format (FLIF) 0.3 Heap-based Buffer Overflow in FLIF TransformPaletteC::process Function KoreaShow Token Smart Contract Integer Overflow Vulnerability Denial of Service and Potential Impact Vulnerability in 2345 Security Guard 3.7 Denial of Service and Potential Impact Vulnerability in 2345 Security Guard 3.7 Denial of Service and Potential Impact Vulnerability in 2345 Security Guard 3.7 Denial of Service and Potential Impact Vulnerability in 2345 Security Guard 3.7 Cross-Site Request Forgery Vulnerability in etcd 3.3.1 and Earlier Denial of Service Vulnerability in Xen through 4.10.x vHPET Interrupt Injection Vulnerability in Xen CSRF Vulnerability in OX Guard 2.8.0 Authenticated Remote Code Execution Vulnerability on Dongguan Diqee Diqee360 Vacuum Cleaner Firmware Update Process Allows Execution of Unsigned Code on Diqee Diqee360 Devices Default Password Vulnerability in Arris Touchstone Telephony Gateway TG1682G DNS Rebinding Vulnerability in etcd 3.3.1 and Earlier: Exploiting Browser Requests to Localhost Vulnerability: Incomplete Logout State Destruction on Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 Devices Argument-injection vulnerability in LilyPond 2.19.80 via BROWSER environment variable Cross-Site Scripting (XSS) Vulnerability in Open Whisper Signal (Signal-Desktop) before 1.10.1 via URL User and Group ID Mishandling in SchedMD Slurm Versions before 17.02.11 and 17.1x.x before 17.11.7 Buffer Overflow Vulnerability in D-Link DIR-629-B1 Weblogin_log Function Pre-Authentication Blind SQL Injection in Etere EtereWeb (before 28.1.20) Exiv2 0.26 Denial of Service Vulnerability in jp2image.cpp Heap-Based Buffer Over-Read in Exiv2 0.26: Vulnerability Discovery Stack-based Buffer Overflow in zsh's checkmailpath Function Insecure Permissions in Pulse Secure Desktop Client on Windows CSRF Vulnerability in YXcms 1.4.7 Allows Remote Account Deletion CSRF Vulnerability in SDcms v1.5 Allows Unauthorized Administrator Account Creation Memory Leak Vulnerability in K7Computing K7AntiVirus Premium 15.01.00.53 Incorrect Access Control Vulnerability in K7Computing K7AntiVirus Premium 15.01.00.53 Memory Leak Vulnerability in K7Computing K7AntiVirus Premium 15.01.00.53 Incorrect Access Control Vulnerability in K7Computing K7AntiVirus Premium 15.01.00.53 Buffer Overflow Vulnerability in K7Computing K7AntiVirus Premium 15.01.00.53 Privilege Escalation Vulnerability in Ansible Tower Buffer Overflow Vulnerability in K7Computing K7AntiVirus Premium 15.01.00.53 Stored XSS Vulnerability in Halo 0.0.2 via commentAuthor Field in FrontCommentController.java Stored XSS Vulnerability in ruibaby Halo 0.0.2 via loginName and loginPwd Parameters Remote Code Execution Vulnerability in D-Link DIR-816 A2 (CN) Routers Buffer Overflow Vulnerability in libming through 0.4.8 Cross-Site Request Forgery (CSRF) Vulnerability in PbootCMS v1.0.7 Kernel Crash Vulnerability in Amazon Kindle Fire HD (3rd) Fire OS 4.5.5.3 Privilege Escalation Vulnerability in Openshift Enterprise 3.x's Source-to-Image Function Kernel Crash Vulnerability in Amazon Kindle Fire HD (3rd) Fire OS 4.5.5.3 Kernel Crash Vulnerability in Amazon Kindle Fire HD (3rd) Fire OS 4.5.5.3 Kernel Crash Vulnerability in Amazon Kindle Fire HD (3rd) Fire OS 4.5.5.3 Kernel Crash Vulnerability in Amazon Kindle Fire HD (3rd) Fire OS 4.5.5.3 Kernel Crash Vulnerability in Amazon Kindle Fire HD (3rd) Fire OS 4.5.5.3 Kernel Crash Vulnerability in Amazon Kindle Fire HD (3rd) Fire OS 4.5.5.3 Ruckus ICX7450-48 Reflected XSS Vulnerability Improper Validation of User Input in Openshift Enterprise Source-to-Image (S2I) Tool SSRF Vulnerability in PHPRAP 1.0.4 through 1.0.8 via /debug URI SQL Injection Vulnerability in PHPRAP 1.0.4 through 1.0.8 via search() function in project.php Denial of Service Vulnerability in xpdf DCT Decoder Denial of Service and Potential Impact Vulnerability in 2345 Security Guard 3.7 Denial of Service and Potential Impact Vulnerability in 2345 Security Guard 3.7 Ruckus SmartZone Vulnerability: Remote Information Disclosure and Data Modification Information Leak Vulnerability in Exiv2 0.26's PngImage::printStructure Function XST (Cross Site Tracing) Vulnerability in Spring Framework Arbitrary Code Execution Vulnerability in Ansible Tower Cross-Domain JSONP Vulnerability in Spring Framework Open Redirect Vulnerability in Cloud Foundry UAA Unescaped User-Provided Content Injection in Pivotal Apps Manager Invitation Emails Static Linux Random Number Generator (LRNG) Seed File Vulnerability in Pivotal Operations Manager Unpatched NGINX Vulnerabilities in Pivotal Operations Manager Authorization Bypass Vulnerability in Cloud Foundry UAA XML External Entity (XXE) Injection Vulnerability in Dell EMC Data Protection Advisor and Integrated Data Protection Appliance Uncontrolled Search Vulnerability in RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG Releases Clear-Text Authentication Vulnerability in Dell EMC NetWorker Path Traversal Vulnerability in RSA Certificate Manager Versions 6.9 build 560-564 Dell EMC ECS Authentication Bypass Vulnerability Dell EMC iDRAC Service Module Privilege Escalation Vulnerability Integer Overflow Vulnerability in RSA BSAFE Micro Edition Suite 4.1.6 Allows for Remote Denial of Service Improper Clearing of Heap Memory Before Release in RSA BSAFE Micro Edition Suite Uncontrolled Resource Consumption Vulnerability in RSA BSAFE Micro Edition Suite and RSA BSAFE Crypto-C Micro Edition Covert Timing Channel Vulnerability in RSA BSAFE Micro Edition Suite Buffer Over-Read Vulnerability in RSA BSAFE Micro Edition Suite and RSA BSAFE Crypto-C Micro Edition Stored Cross-Site Scripting Vulnerability in RSA Archer Authentication Bypass Vulnerability in PackageKit Allows Unauthorized Installation of Signed Packages RSA Archer REST API Authorization Bypass Vulnerability Server-side Template Injection Vulnerability in RSA NetWitness Platform and RSA Security Analytics Undocumented Default Account Vulnerability in Integrated Data Protection Appliance Versions 2.0-2.2 Unquoted Service Path Vulnerabilities in Dell WMS Versions 1.1 and Prior Dell EMC Unity and UnityVSA Incorrect File Permissions Vulnerability SQL Injection Vulnerability in RSA Archer's WorkPoint Component Remote Code Execution Vulnerability in Dell EMC Avamar Server and Integrated Data Protection Appliance Open Redirection Vulnerability in Dell EMC Avamar Client Manager and Dell EMC Integrated Data Protection Appliance Heap Inspection Vulnerability in RSA BSAFE SSL-J Versions Prior to 6.2.4 Covert Timing Channel Vulnerability in RSA BSAFE SSL-J Versions Prior to 6.2.4 Excessive CPU Consumption Vulnerability in is-my-json-valid Library Covert Timing Channel Vulnerability in RSA BSAFE Crypto-J and SSL-J Versions Prior to 6.2.4 Dell EMC Isilon Remote Process Crash Vulnerability DLL Injection Vulnerability in Dell Digital Delivery Stored Cross-Site Scripting Vulnerability in RSA Authentication Manager Operations Console DOM-based Cross-Site Scripting Vulnerability in RSA Authentication Manager Reflected Cross-Site Scripting Vulnerability in RSA Authentication Manager Information Exposure Vulnerability in Dell EMC Avamar Server and Integrated Data Protection Appliance OS Command Injection Vulnerability in Dell EMC Avamar Server and Integrated Data Protection Appliance Insecure File Permissions Vulnerability in Dell EMC VPlex GeoSynchrony Plaintext Password Storage Vulnerability in Dell EMC Secure Remote Services Vulnerability: Insufficiently Generated Random Seed Data in Linux Kernel Drivers Improper File Permission Vulnerabilities in Dell EMC Secure Remote Services Vulnerability: Exposed UAA Credentials in Pivotal Operations Manager Brute Force Vulnerability in Cloud Foundry UAA Allows Unauthorized Access via MFA Improper Authorization in Cloud Foundry BOSH Allows Access with Admin Refresh Tokens Denial of Service Vulnerability in Cloud Foundry Garden-runC Privilege Escalation Vulnerability in Pivotal Usage Service Man-in-the-Middle Vulnerability in Pivotal Spring AMQP Privilege Escalation Vulnerability in Pivotal Applications Manager Braces < 2.3.1: Regular Expression Denial of Service (ReDoS) Vulnerability XSS Vulnerability in MyBiz MyProcureNet 5.0.0: ProxyPage.aspx Arbitrary Command Execution via File Upload in MyBiz MyProcureNet 5.0.0 CSRF Vulnerability in Admin Notes Plugin Allows Remote Deletion of Admin Notes CKEditor 5 Link Package XSS Vulnerability Unauthenticated Access to Sensitive Information on Intelbras NCLOUD 300 1.0 Devices Buffer Overflow Vulnerability in libming through 0.4.8 CSRF Vulnerability in Horse Market Sell & Rent Portal Script 1.5.7 Allows Remote Account Information Modification Memory Leak Vulnerability in cloudwu/cstring File Upload Vulnerability in Frog CMS 0.9.5 via admin/?/plugin/file_manager/upload URI VCFtools 0.1.15 Heap-Based Buffer Over-read Vulnerability Denial of Service Vulnerability in knot-resolver before version 2.3.0 Buffer Overflow Vulnerability in libming through 0.4.8 XSS Vulnerability in Signal-Desktop Allows Remote Code Execution Remote Denial of Service Vulnerability in Libav 12.3 Stored Cross-Site Scripting Vulnerability in wp-live-chat-support Plugin Pre-Authentication Command Injection in NETGEAR WC Series Firmware Command Injection Vulnerability in DHCP Client Integration Script OpenWrt Access Control Bypass in rpcd Configuration Cross-Site Scripting (XSS) Vulnerability in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 Cross-Site Scripting (XSS) Vulnerability in ILIAS RSS Subsystem Open Redirect Vulnerability in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 Unauthenticated Remote Access Vulnerability in GlusterFS Server Cross-Site Scripting (XSS) Vulnerability in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 Open-AudIT Community Edition 2.2.2 XSS Vulnerability in Attributes Functionality CSRF Vulnerability in doorGets 7.0 Allows Unauthorized Addition of Administrator Account CSRF Vulnerability in e107 2.1.7 Allows Arbitrary User Deletion Stack-based Buffer Overflow in ObjReader::ReadObj() Function in vincent0629 PDFParser Use-after-free vulnerability in VCFtools 0.1.15 allows remote attackers to cause denial of service or other impact via crafted vcf file in header::add_INFO_descriptor function in header.cpp. Insecure Access Control via /sbin/nologin Shell in Fedora and Red Hat Enterprise Linux Use-after-free vulnerability in VCFtools 0.1.15 allows remote attackers to cause denial of service or other impact via crafted vcf file Command Injection Vulnerability in Quest KACE System Management Appliance 8.0.318 Cross-Site Scripting (XSS) Vulnerability in Quest KACE System Management Appliance 8.0.318 Privilege Escalation Vulnerability in Quest KACE System Management Appliance 8.0.318 PHP Object Injection Vulnerability in Quest KACE System Management Appliance 8.0.318 SQL Injection Vulnerability in Quest KACE System Management Appliance 8.0.318 Arbitrary File Read Vulnerability in Quest KACE System Management Appliance 8.0.318 Arbitrary Command Execution Vulnerability in Quest KACE System Management Appliance 8.0.318 Command Injection Vulnerability in Quest KACE System Management Appliance 8.0.318 File Descriptor Exhaustion Vulnerability in Undertow's URLResource.getLastModified() SQL Injection Vulnerability in Quest KACE System Management Appliance 8.0.318 Directory Traversal Vulnerability in Quest KACE System Management Virtual Appliance 8.0.318 Remote Code Execution Vulnerability in Quest KACE System Management Appliance 8.0.318 Command Injection Vulnerability in Quest DR Series Disk Backup Software (Version < 4.0.3.1) Command Injection Vulnerability in Quest DR Series Disk Backup Software (Issue 2 of 46) Command Injection Vulnerability in Quest DR Series Disk Backup Software (Issue 3/46) Command Injection Vulnerability in Quest DR Series Disk Backup Software (Issue 4/46) Command Injection Vulnerability in Quest DR Series Disk Backup Software (Issue 5/46) Command Injection Vulnerability in Quest DR Series Disk Backup Software (Version < 4.0.3.1) Command Injection Vulnerability in Quest DR Series Disk Backup Software (Version < 4.0.3.1) Vulnerability in PostgreSQL Adminpack Extension Allows Log Rotation Exploitation Command Injection Vulnerability in Quest DR Series Disk Backup Software (Version < 4.0.3.1) Command Injection Vulnerability in Quest DR Series Disk Backup Software (Version < 4.0.3.1) Command Injection Vulnerability in Quest DR Series Disk Backup Software (Version < 4.0.3.1) Command Injection Vulnerability in Quest DR Series Disk Backup Software (Version < 4.0.3.1) Command Injection Vulnerability in Quest DR Series Disk Backup Software (Version < 4.0.3.1) Command Injection Vulnerability in Quest DR Series Disk Backup Software (Version < 4.0.3.1) Command Injection Vulnerability in Quest DR Series Disk Backup Software (Issue 14/46) Command Injection Vulnerability in Quest DR Series Disk Backup Software (Version < 4.0.3.1) Command Injection Vulnerability in Quest DR Series Disk Backup Software (Version < 4.0.3.1) Command Injection Vulnerability in Quest DR Series Disk Backup Software (Version < 4.0.3.1) Vulnerability in polkitd Allows Unauthorized Authentication and Information Disclosure Command Injection Vulnerability in Quest DR Series Disk Backup Software (Version < 4.0.3.1) Command Injection Vulnerability in Quest DR Series Disk Backup Software (Version < 4.0.3.1) Command Injection Vulnerability in Quest DR Series Disk Backup Software (Version < 4.0.3.1) Command Injection Vulnerability in Quest DR Series Disk Backup Software (Version < 4.0.3.1) Command Injection Vulnerability in Quest DR Series Disk Backup Software (Version < 4.0.3.1) Command Injection Vulnerability in Quest DR Series Disk Backup Software Version Before 4.0.3.1 (Issue 23 of 46) Command Injection Vulnerability in Quest DR Series Disk Backup Software (Version < 4.0.3.1) Command Injection Vulnerability in Quest DR Series Disk Backup Software (Issue 25/46) Command Injection Vulnerability in Quest DR Series Disk Backup Software (Version < 4.0.3.1) Command Injection Vulnerability in Quest DR Series Disk Backup Software (Version < 4.0.3.1) Information Disclosure Vulnerability in ovirt-ansible-roles Command Injection Vulnerability in Quest DR Series Disk Backup Software (Version < 4.0.3.1) Command Injection Vulnerability in Quest DR Series Disk Backup Software (Version < 4.0.3.1) Command Injection Vulnerability in Quest DR Series Disk Backup Software (Version < 4.0.3.1) Command Injection Vulnerability in Quest DR Series Disk Backup Software (Version < 4.0.3.1) Command Injection Vulnerability in Quest DR Series Disk Backup Software (Version < 4.0.3.1) Command Injection Vulnerability in Quest DR Series Disk Backup Software (Version < 4.0.3.1) Command Injection Vulnerability in Quest DR Series Disk Backup Software Version Before 4.0.3.1 (Issue 34/46) Command Injection Vulnerability in Quest DR Series Disk Backup Software (Version < 4.0.3.1) Command Injection Vulnerability in Quest DR Series Disk Backup Software (Version < 4.0.3.1) Command Injection Vulnerability in Quest DR Series Disk Backup Software (Issue 37/46) Memory Initialization Vulnerability in Linux Kernel vhost_new_msg() Function Command Injection Vulnerability in Quest DR Series Disk Backup Software (Version < 4.0.3.1) Command Injection Vulnerability in Quest DR Series Disk Backup Software (Version < 4.0.3.1) Command Injection Vulnerability in Quest DR Series Disk Backup Software (Version < 4.0.3.1) Command Injection Vulnerability in Quest DR Series Disk Backup Software (Version < 4.0.3.1) Command Injection Vulnerability in Quest DR Series Disk Backup Software (Version < 4.0.3.1) Command Injection Vulnerability in Quest DR Series Disk Backup Software (Version < 4.0.3.1) Command Injection Vulnerability in Quest DR Series Disk Backup Software (Version < 4.0.3.1) Command Injection Vulnerability in Quest DR Series Disk Backup Software (Version < 4.0.3.1) Command Injection Vulnerability in Quest DR Series Disk Backup Software (CVE-XXXX-XXXX) Privilege Escalation Vulnerability in Quest DR Series Disk Backup Software (Issue 1 of 6) Privilege Escalation Vulnerability in Quest DR Series Disk Backup Software (Issue 2 of 6) Privilege Escalation Vulnerability in Quest DR Series Disk Backup Software (Issue 3 of 6) Privilege Escalation Vulnerability in Quest DR Series Disk Backup Software (Issue 4 of 6) Privilege Escalation Vulnerability in Quest DR Series Disk Backup Software (Issue 5 of 6) Privilege Escalation Vulnerability in Quest DR Series Disk Backup Software (Issue 6 of 6) Mahara Browser Back and Refresh Attack Vulnerability Leap2A Archive Virus Transmission Vulnerability Stored XSS via authorUrl field in Mautic 2.13.1 config.json Denial of Service Vulnerability in Linux Kernel Prior to Version 4.17 Stored XSS Vulnerability in Mautic 2.13.1 via Company Name Field NULL Pointer Dereference Vulnerability in HDF HDF5 1.10.2 Library HDF HDF5 1.10.2 Library Remote Denial of Service Vulnerability: Division by Zero in H5D__btree_decode_key Remote Denial of Service Vulnerability in HDF HDF5 1.10.2 Library HDF HDF5 1.10.2 Library Out of Bounds Read Vulnerability HDF HDF5 1.10.2 Library Out of Bounds Read Vulnerability HDF HDF5 1.10.2 Library Remote Denial of Service Vulnerability: Division by Zero in H5D__chunk_init Persistent XSS in Z-BlogPHP 2.0.0 via copyright information office field Insecure Password Hashing in Z-BlogPHP 2.0.0 Race Condition Vulnerability in procps-ng's Process Hiding Heap-based Buffer Over-read in TinyXML2 6.2.0's XMLDocument::Parse Function Denial of Service Vulnerability in libjpeg's alloc_sarray Function Denial of Service Vulnerability in libjpeg 9a Denial of Service Vulnerability in libjpeg 9a Remote Code Execution Vulnerability in Cloudera Data Science Workbench (CVE-XXXX-XXXX) Stack-based Buffer Overflow in cmsgpack Library in Redis Integer Overflow Vulnerability in Lua Subsystem of Redis Local Privilege Escalation in top Remote Command Execution Vulnerability in Bitmain Antminer Devices Arbitrary Plugin Upload Vulnerability in Artica Pandora FMS 7.23 Local File Inclusion (LFI) Vulnerability in Artica Pandora FMS 7.23 via /pandora_console/ajax.php Endpoint Arbitrary Code Execution Vulnerability in Artica Pandora FMS before 7.0 NG 723 Read Access Violation in Libav 12.3's in_table_init16 Function Buffer Overflow Vulnerability in libming through 0.4.8 Buffer Overflow Vulnerability in libming through 0.4.8 XSS Vulnerability in Monstra CMS 3.0.4 and Earlier via index.php Unauthenticated Remote Code Execution via Bash Shell Service in Crestron TSW Devices Unauthenticated Remote Code Execution via Command Injection in Crestron Toolbox Protocol (CTP) on Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC Devices Denial of Service Vulnerability in procps-ng's ps via mmap Buffer Overflow Use-after-free vulnerability in jbig2_add_page in jbig2enc.cc in libjbig2enc.a in jbig2enc 0.29 Critical SQL Injection Vulnerability in Divido Plugin for OpenCart Denial of Service Vulnerability in Linux Kernel's etm_setup_aux Function Out-of-Bounds Memory Read Vulnerability in Git Arbitrary Code Execution via Crafted .gitmodules File Stack-based Buffer Overflow in realpath function of GNU C Library (glibc) 2.27 and earlier Buffer overflow vulnerability in AVX-512-optimized mempcpy function in glibc 2.27 and earlier The burnOverflow Vulnerability in Hexagon (HXG) Smart Contract Integer Overflow Vulnerability in procps-ng Unrestricted 'exec command' Feature Allows Code Execution on SoftCase T-Router Devices Arbitrary File Read/Write Vulnerability in SoftCase T-Router Build 20112017 Unencrypted Databases in MakeMyTrip Android App: Potential Sensitive Information Disclosure Double Free Vulnerability in PackLinuxElf64::unpack in UPX 3.95 Vulnerability: Unrestricted HTML Editor Launch in BBE Theme for WordPress DOM Based XSS Vulnerability in MISP 2.4.91 with Cortex Type Attributes Memory Leak in K7TSMngr.exe in K7Computing K7AntiVirus Premium 15.1.0.53 Unauthenticated Remote Code Execution via JMX/RMI Interface in Nasdaq BWise 5.0 Directory Traversal Vulnerability in FileDownloader 1.7.3 Stack Buffer Overflow in pgrep Heap-based Buffer Over-read Vulnerability in ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24 Excessive Recursion in PoDoFo 0.9.5 PdfPagesTree::GetPageNode() Function Vulnerability NULL Pointer Dereference and Application Crash in PoDoFo 0.9.5 NULL Pointer Dereference and Application Crash in PoDoFo 0.9.5 Vulnerability: Unauthorized RPMB Erase Option in Snapdragon Mobile Devices Use After Free Vulnerability in ADSP RPC in Snapdragon Devices NAND-based EFS Access Control Vulnerability in Snapdragon Devices Integer Size Truncation/Overflow Vulnerability in procps-ng (CVE-2018-1124) Integer Overflow Leading to Buffer Overflow in FILS Connection Request Processing Possible Use-after-free Issue in Media Codec Process: Impact on Applications Using Codec Service Out-of-Bounds Write Vulnerability in GPT Partitioning on Android for MSM, Firefox OS for MSM, and QRD Android Out-of-Bounds Write Vulnerability in Android Radio Stats Handling Buffer Overflow Vulnerability in Ontario Fingerprint Code Buffer Overflow Vulnerability in Android Releases from CAF with Linux Kernel Improper Input Validation Leads to Improper Access in Closing DCI Client Vulnerability Out of Bounds Buffer Write Vulnerability in Snapdragon (Automobile, Mobile, Wear) Buffer Overflow Vulnerability in Snapdragon (Automobile, Mobile, Wear) in Multiple Versions Buffer Overflow Vulnerability in Snapdragon (Automobile, Mobile, Wear) in Multiple Versions Session Token Replay Vulnerability in Tendrl API of Red Hat Gluster Storage Automatic Memory Release Vulnerability in CAF Android Releases Improper Authentication in Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, IoT, Mobile, Wearables, and other Qualcomm chipsets Double Free Vulnerability in 'voice_svc_dev' Resource Allocation Critical Buffer Overflow Vulnerability in Android Releases from CAF with Linux Kernel Information Leak Vulnerability in FastbootLib during Image Flashing Double Free Vulnerability in Android Kernel on Driver Probe Failure Inadequate Permission Level in com.qualcomm.embms Vendor Package in Snapdragon Devices Venus HW Buffer Over-fetch Vulnerability Buffer Overflow Vulnerability in Snapdragon Processors (Versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 810, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130) Cephx Authentication Protocol Vulnerable to Replay Attack Memory Exhaustion Vulnerability in Android Releases from CAF Use After Free Vulnerability in CAF Android Releases SMS Flood Vulnerability in Snapdragon Mobile and Snapdragon Wear Devices Buffer Over-read Vulnerability in Snapdragon (Automobile, Mobile, Wear) Use After Free Vulnerability in Android Releases with CAF and Linux Kernel Incorrect control flow implementation in Video buffer sufficiency check in Snapdragon (Automobile, Mobile, Wear) versions MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016 Unbounded Read Vulnerability in Snapdragon Platforms Buffer Overflow Vulnerability in Snapdragon Processors Cephx Authentication Protocol Signature Bypass Vulnerability Improper MAC Address Randomization in Snapdragon Devices Weak Random Number Generator in Snapdragon (Automobile, Mobile, Wear) IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016 WLANWMI Command Handlers Vulnerability in Snapdragon (Automobile, Mobile, Wear) Buffer Over-read Vulnerability in Android Releases from CAF Improper Conditional Logic in WLAN Handler Allows Access to Only 3 Access Categories Out-of-Bounds Write Vulnerability in Android WMA Handler Buffer Overwrite Vulnerability in Android WLAN Handler Buffer Over-read Vulnerability in WMA NDP Event Handler Functions in CAF Android Releases Buffer Overflow Vulnerability in SET_PASSPOINT_LIST Command in Android Releases WLAN Host Driver Interface Array Bounds Check Vulnerability Null Pointer Dereference Vulnerability in Linux Kernel's dccp_write_xmit() Function Use After Free Vulnerability in Android Releases from CAF with Linux Kernel Integer Overflow Vulnerability in Android Releases from CAF Potential Array Overflow Vulnerability in WLAN in Android Releases from CAF Buffer Overflow Vulnerability in msm_adsp_stream_callback_put Use After Free Vulnerability in Snapdragon Modems Jackson-databind Default Typing Gadget Class Exfiltration Vulnerability Blind SQL Injection Vulnerability in MemberMouse Plugin for WordPress Insecure Deserialization Vulnerability in Infinispan Transcoders Hardcoded FTP Credentials in mySCADA myPRO 7 'myscadagate.exe' Vulnerability Roku and Roku TV Products Vulnerability: Unauthorized Access and Exfiltration via DNS Rebind Attack Unauthorized Remote Temperature Control via DNS Rebinding Attack in Radio Thermostat CT50 and CT80 1.04.84 and below Sonos Wireless Speaker Products Vulnerable to Unauthorized Access and DNS Rebinding Attack XSS Vulnerability in Subrion CMS before 4.1.4 Arbitrary Code Execution Vulnerability in Syntastic (vim-syntastic) through 3.9.0 SQL Injection Vulnerability in Opendaylight's SDNInterfaceapp (SDNI) Sensitive Values Exposed in Octopus Deploy Deployment Logs Unvalidated Option Injection in Joomla! Core Custom Fields Joomla! Core PHAR File Execution Vulnerability Inadequate Access Level Checks in Joomla! Core before 3.8.8 Race Condition Vulnerability in Joomla! Core Autofill Password Disclosure Vulnerability in Joomla! Core Multiple Cross-Site Scripting (XSS) Vulnerabilities in Joomla! Core Information Disclosure Vulnerability in Joomla! Core XSS Vulnerability in Joomla! Core before 3.8.8 Ether Cartel Smart Contract Vulnerability: CEO Takeover and Asset Manipulation Remote Code Execution Vulnerability in Moodle 3.x via Calculated Question Eval Injection Authenticated Stored XSS in Pluck CMS Remote PHP Code Execution Vulnerability in Pluck CMS Stored XSS Vulnerability in ClipperCMS 1.3.3 Site Name Field Windscribe 1.81 Privilege Escalation and Denial of Service Vulnerability Integer Overflow Vulnerability in GVToken Genesis Vision (GVT) Smart Contract Allows Arbitrary Token Retrieval by Contract Owner Cleartext Transmission of Customer List in Intuit Lacerte 2017 for Windows XSS Vulnerability in Frappe ERPNext v11.x.x-develop b1036e5 via Comment Arbitrary File Download Vulnerability in Moodle 3.x Unrestricted File Upload Vulnerability in ASUSTOR AS6202T ADM 3.1.0.RFQ3 Directory Traversal Vulnerability in ASUSTOR AS6202T ADM 3.1.0.RFQ3 importuser.cgi Arbitrary Path Traversal Vulnerability in ASUSTOR AS6202T ADM 3.1.0.RFQ3's fileExplorer.cgi Persistent Cross Site Scripting Vulnerability in ASUSTOR SoundsGood Playlist Manager Arbitrary File Download Vulnerability in ASUSTOR AS6202T ADM 3.1.0.RFQ3 Unrestricted File Upload and Path Traversal Vulnerability in ASUSTOR AS6202T ADM 3.1.0.RFQ3 Arbitrary File Access Vulnerability in ASUSTOR AS6202T ADM 3.1.0.RFQ3 YunoHost Web Application HTTP Response Header Injection Vulnerability XSS Vulnerabilities in YunoHost User Panel Allow Session Manipulation CSRF Vulnerabilities in Jirafeau Administration Panel's Search Functionalities Moodle 3.x Forum Post Download Vulnerability Cross-Site Scripting Vulnerability in Jirafeau's Search by Name Form Stored Cross-Site Scripting (XSS) Vulnerabilities in Jirafeau before 3.4.1 Stored Cross-Site Scripting (XSS) Vulnerability in Wallabag Application 2.2.3 to 2.3.2 Vulnerability: Crash in IEEE 1905.1a Dissector in Wireshark 2.6.0 Buffer Overflow Vulnerability in Wireshark 2.6.0 RTCP Dissector DNS Dissector NULL Pointer Dereference Vulnerability Memory Consumption Vulnerability in Wireshark Dissectors Use-after-free vulnerability in Q.931 dissector in Wireshark 2.6.0 and earlier versions Wireshark RRC Dissector and Other Dissectors NULL Pointer Dereference Vulnerability Cross-Site Scripting (XSS) Vulnerability in Moodle 3.x Buffer Overflow Vulnerability in Wireshark GSM A DTAP Dissector Buffer Overflow Vulnerability in Wireshark 2.6.0 IEEE 802.11 Protocol Dissector Buffer Over-read Vulnerability in LDSS Dissector in Wireshark Heap-based Buffer Over-read in PDFGen's jpeg_size in pdfgen.c Memory Leak in sav_parse_machine_integer_info_record in ReadStat 0.1.1 Infinite Loop Vulnerability in ReadStat 0.1.1 Unauthenticated Stored Cross-Site Scripting (XSS) in Loginizer Plugin for WordPress Denial of Service Vulnerability in CppCMS JSON Parser Module SQL Injection Vulnerability in PbootCMS v1.0.9 Arbitrary Class Instantiation and DDoS Vulnerability in Moodle 3.x CSRF Vulnerability in SkyCaiji 1.2 Allows Unauthorized Addition of Administrator User SQL Injection in iScripts eSwap v2.4 via wishlistdetailed.php User Panel ToId Parameter SQL Injection in iScripts eSwap v2.4 User Panel via salelistdetailed.php ToId Parameter Heap-based Out-of-Bounds Read Vulnerability in radare2 2.5.0 Heap-based Out-of-Bounds Read Vulnerability in r_read_le32() Function in radare2 2.5.0 Heap-based Out-of-Bounds Read Vulnerability in avr_op_analyze() Function in radare2 2.5.0 Potential Remote Code Execution Vulnerability in wasm_dis() Function Heap-based Out-of-Bounds Read Vulnerability in radare2 2.5.0 Heap-based Out-of-Bounds Read Vulnerability in radare2 2.5.0 Heap-based Out-of-Bounds Read Vulnerability in radare2 2.5.0 Heap-based Out-of-Bounds Read Vulnerability in radare2 2.5.0 Uninitialized Variable in r_strbuf_fini() Function in radare2 2.5.0 Allows Remote Denial of Service Heap-based Out-of-Bounds Read Vulnerability in radare2 2.5.0 Session Fixation Vulnerability in Symfony's Security Component Denial of Service Vulnerability in Symfony's HttpFoundation Component Samba Vulnerability: Weak NTLMv1 Authentication Bypass Arbitrary File Upload Vulnerability in Jigowatt PHP Login & User Management 4.1.1 Denial of Service Vulnerability in GNOME Web (Epiphany) through 3.28.2.1 Unencrypted Sensor Transmissions in SimpliSafe Original: A Potential Security Breach Denial of Service Vulnerability in Samba LDAP Server Implementation Tamper Detection Failure: Vulnerability in SimpliSafe Original Base Station RF Interference Vulnerability in SimpliSafe Original: Lack of Notification for Strong 433.92 MHz Signals Unencrypted Keypad Transmissions in SimpliSafe Original: PIN Discovery Vulnerability XSS Vulnerability in DomainMod v4.09.03 via assets/edit/account-owner.php oid Parameter XSS Vulnerability in DomainMod v4.09.03 via sslpaid Parameter in assets/edit/ssl-provider-account.php CSRF Vulnerability in Kliqqi 2.0.2 Admin Panel CSRF Token Fixation Vulnerability in Symfony Authentication Bypass Vulnerability in Symfony Ldap Component Open Redirect Vulnerability in Symfony Security Component Information Disclosure in Splunk through 7.0.1 via server-info Endpoint Local Privilege Escalation Vulnerability in Nessus Versions Prior to 7.0.3 Invalid Free Vulnerability in Liblouis 3.5.0: Remote Denial of Service and Possible Other Impact Vulnerability: Exploitable TransferFrom Function in DimonCoin (FUD) Smart Contract Untrusted Length Value Vulnerability in ext4_read_inline_data() Function Arbitrary File Download Vulnerability in BearAdmin 0.5 SQL Injection Vulnerability in BearAdmin 0.5 Reflected Cross Site Scripting (XSS) Vulnerability in SAP Internet Transaction Server (ITS) 6200.X.X Invalid Use of realloc() and free() in jpegoptim 1.4.5 (Fixed in 1.4.6) Vulnerability Heap-based Buffer Over-read in JerryScript 1.0 via RegExp Payload Heap-based Buffer Over-read in JerryScript 1.0 via RegExp Payload XSS Vulnerability in Tenable Appliance Versions 4.6.1 and Earlier Memory Corruption Vulnerability in Moxa OnCell G3100-HSPA Series Web Interface Vulnerability: Unauthenticated Disclosure of Sensitive Information in Moxa OnCell G3100-HSPA Series Insecure Configuration Protocol and Lack of Authentication in Moxa OnCell G3100-HSPA Series Memory Corruption Vulnerability in Moxa OnCell G3100-HSPA Series Web Interface Memory Corruption Vulnerability in Moxa OnCell G3470A-LTE Series Web Interface Memory Corruption Vulnerability in Moxa OnCell G3470A-LTE Series (Version 1.6 Build 18021314 and prior) Weak Cookie Parameter Brute Force Vulnerability in Moxa OnCell G3100-HSPA Series CSRF Vulnerability in Moxa OnCell G3100-HSPA Series Version 1.4 Build 16062919 and Prior Integer Overflow Vulnerability in ATLANT (ATL) Smart Contract Allows Arbitrary Token Retrieval by Contract Owner Remote Root Command Execution Vulnerability in Belkin N750 Firmware 1.10.22 Cross-Site Scripting (XSS) Vulnerability in Moderator Log Notes Plugin 1.1 for MyBB Heap-based Buffer Over-read Vulnerability in Libmobi 0.3 Heap-based Buffer Over-read in Libmobi 0.3 Heap-based Buffer Over-read Vulnerability in Libmobi 0.3 Information Disclosure Vulnerability in Libmobi 0.3 Heap-based Buffer Over-read Vulnerability in Libmobi 0.3 Information Disclosure Vulnerability in Libmobi 0.3 via Crafted Mobi File Heap-based Buffer Overflow in Libmobi 0.3 Allows Remote Code Execution via Crafted Mobi File Heap-based Buffer Over-read Vulnerability in TagLib 1.11.1 Remote Root Command Execution Vulnerability in Belkin N750 Firmware 1.10.22 Stack-based Buffer Overflow in parseChars function of Liblouis 3.5.0 CSRF Vulnerability in EasyService Billing 1.0 via quotation-new3-new2.php?add=true&id= URI Cross-site Scripting Vulnerability in EasyService Billing 1.0's jobcard-ongoing.php SQL Injection Vulnerability in EasyService Billing 1.0 CSRF Vulnerability Allows Unauthorized User Addition in EasyService Billing 1.0 The tradeTrap Vulnerability: Exploiting the Buy Function in Gold Reward (GRX) Smart Contract Title: Cross-Site Request Forgery (CSRF) Vulnerability in SCALANCE M875 Web Interface Stored Cross-Site Scripting (XSS) Vulnerability in SCALANCE M875 Web Interface Local File System Password Disclosure Vulnerability in SCALANCE M875 Stack Buffer Overflow Vulnerability in Belkin N750 Firmware 1.10.22 Reflected XSS Vulnerability in Siemens PLM Software TEAMCENTER (V9.1.2.5) Denial-of-Service Vulnerability in Multiple Firmware Variants and SIPROTEC 5 Relays Denial-of-Service Vulnerability in EN100 Ethernet Module Firmware Variants File Manipulation Vulnerability in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) Improper File Permissions Vulnerability in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) Directory Traversal Vulnerability in Automation License Manager Network Port Scanning Vulnerability in Automation License Manager 5 (All versions < 5.3.4.4) Remote Code Execution Vulnerability in SINUMERIK 828D and 840D sl Web Server Vulnerability in SINUMERIK 828D and 840D sl VNC Server Local Privilege Escalation in SINUMERIK CNC Systems Remote Unauthenticated Root Access via Telnet on Belkin N750 (Firmware Version 1.10.22) Local Privilege Escalation in SINUMERIK CNC Systems Privilege Escalation Vulnerability in SINUMERIK CNC Systems Privilege Escalation Vulnerability in SINUMERIK CNC Systems Buffer Overflow in SINUMERIK CNC Systems Vulnerability: Denial-of-Service in SINUMERIK VNC Server Local Privilege Escalation Vulnerability in SINUMERIK CNC Systems Vulnerability in SINUMERIK 808D and 828D: Remote Code Execution and DoS Heap-based Buffer Over-read Vulnerability in DISCOUNT 2.2.3a Information Disclosure Vulnerability in HAProxy 1.8.0 through 1.8.9 Cross-Site Scripting (XSS) Vulnerability in Nessus before 7.1.0 SQL Injection Vulnerability in iScripts eSwap v2.4 User Panel's search.php 'Told' Parameter XSS Vulnerability in Cockpit 0.5.5: Exploiting Collections, Forms, or Regions Reflected XSS Vulnerability in Monstra CMS 3.0.4 Login XSS Vulnerability in Monstra CMS 3.0.4 Registration Form Session Management Issue in Monstra CMS 3.0.4: Password Change Does Not Invalidate Open Sessions Session Management Issue in Monstra CMS 3.0.4: Password Change Does Not Invalidate Open Sessions Unprotected Wireless LAN Vulnerability on Vgate iCar 2 Wi-Fi OBD2 Dongle Devices Unencrypted Data Transmission Vulnerability in Vgate iCar 2 Wi-Fi OBD2 Dongle Devices Unauthenticated Remote Control Vulnerability in Vgate iCar 2 Wi-Fi OBD2 Dongle Devices Privilege Escalation via Unvalidated Program Execution in Windscribe VPN Session Fixation Vulnerability in Nessus before 7.1.0 Authenticated Remote Code Execution in TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 Devices via Crafted JSON Data Hardcoded Password Vulnerability in TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 Devices Stored XSS Vulnerability in MULTIDOTS WooCommerce Quick Reports Plugin for WordPress Stored Cross-site scripting (XSS) vulnerability in MULTIDOTS Advance Search for WooCommerce plugin Cross-Site Scripting (XSS) Vulnerability in PHPMyWind 5.5 Stack Exhaustion Vulnerability in dtSearch 7.90.8538.1 and Prior: Remote Denial of Service Heap-based Buffer Overflow in DGifDecompressLine Function in GIFLIB Arbitrary Code Execution Vulnerability in NUUO's NVRMini2 3.8.0 and Below Heap-based Buffer Overflow in DGifDecompressLine Function Unauthenticated Remote Command Execution in ASUS HG100 Devices Denial of Service Vulnerability in ASUS HG100 Devices via IPv4 Packet Flood CSRF Vulnerability in WUZHI CMS 4.1.0 Allows Unauthorized Friendship Link Addition Arbitrary Code Execution Vulnerability in OpenCart's Program Extension Upload Feature Directory Traversal Vulnerability in OpenCart 3.0.2.0 Use-after-free vulnerability in Long Range Zip (lrzip) 0.631 due to lack of size validation in decompress_file Unchecked Buffer Size Vulnerability in Lizard Compression Algorithm Use-After-Free Vulnerability in handle_error() in LibSass Backdoor Vulnerability in NUUO's NVRMini2 3.8.0 and Below CSRF Vulnerability in PublicCMS V4.0.20180210 Allows Unauthorized Admin Account Creation CSRF and XSS Vulnerability in PHP Scripts Mall Website Seller Script 2.0.3 CSRF Vulnerability in Moderator Log Notes Plugin 1.1 for MyBB Heap-based Buffer Over-read Vulnerability in DISCOUNT 2.2.3a's isfootnote Function Remote Denial of Service Vulnerability in DISCOUNT 2.2.3a Firebase Token Exposure Vulnerability in Werewolf Online Application 0.8.8 for Android Stack-based Buffer Overflow in sr_do_ioctl Function in Linux Kernel FLIF 0.3: Long Loop Vulnerability in image_load_pnm Information Disclosure Vulnerability in Linux Kernel's compat_get_timex Function Default root:admin credentials used for ASUSTOR ADM 3.1.0.RFQ3 applications pose a webshell upload vulnerability Remote Code Execution and Denial of Service Vulnerability in Western Digital TV Media Player and TV Live Hub Unauthenticated Remote Code Execution Vulnerability in ASUSTOR ADM 3.1.0.RFQ3 NAS Portal SQL Injection Vulnerability in ASUSTOR ADM 3.1.0.RFQ3 Photo Gallery Application Stored XSS Vulnerability in Website Name Field in Creatiwity wityCMS 0.6.1 Unrestricted File Upload Vulnerability in PHP Scripts Mall Naukri Clone Script 3.0.3 SQL Injection Vulnerability in wpForo Plugin for WordPress Heap Corruption and Application Crash Vulnerability in VideoLAN VLC Media Player 3.0.1 mySCADA myPRO 7 ProjectID Discovery Vulnerability Phreaking Vulnerability: Exploiting HCL Legacy IVR Systems for Unauthorized Service Activations Divide by Zero Denial of Service Vulnerability in libjpeg-turbo 1.5.90 Stored XSS vulnerability in Yosoro 1.0.4 Arbitrary File Upload Vulnerability in NUUO NVRmini 2's upload.php CSV Injection Vulnerability in Advanced Order Export For WooCommerce Plugin CSV Injection Vulnerability in WordPress Comments Import & Export Plugin (v2.0.4 and earlier) Cross-Site Request Forgery (CSRF) Vulnerability in CScms v4.1 Allows Unauthorized Account Modification SQL Injection Vulnerability in WUZHI CMS 4.1.0 via api/sms_check.php?param= URI Use After Free Vulnerability in VideoLAN VLC Media Player 2.2.x Allows Arbitrary Code Execution via Crafted MKV Files Insecure Certificate Validation in Burp Suite Community Edition 1.7.32 and 1.7.33 Heap-Based Buffer Overflow in Exiv2 0.26's getData Function in preview.cpp Cross-Site Scripting (XSS) Vulnerability in ChangUonDyU Advanced Statistics Plugin 1.0.2 for MyBB SQL Injection Vulnerability in SITEMAKIN SLAC v1.0 Heap-Based Buffer Overflow in md4c before 0.2.5 due to mishandling of splits in md_split_simple_pairing_mark Bypassing Domain Whitelist Filter in Auth0 angular-jwt before 0.1.10 CSRF Vulnerability in SearchBlox 8.6.6 UserServlet Username Enumeration Vulnerability in SecurityCenter Versions Prior to 5.7.0 Root Privilege Escalation Vulnerability in Sonus SBC Devices Sonus SBC Remote Command Execution (RCE) Vulnerability Arbitrary File Download Vulnerability in Sonus SBC Devices Insecure Data Storage in Olive Tree FTP Server Application 1.32 for Android Heap-Based Buffer Overflow in md4c 0.2.5: Vulnerability in md_merge_lines Heap-Based Buffer Over-Read Vulnerability in md4c 0.2.5 Heap-Based Buffer Over-Read Vulnerability in md4c 0.2.5: md_is_link_reference_definition_helper Unrestricted P2P Connections Vulnerability in EOS.IO DAWN 4.2 Stored XSS Vulnerability in WUZHI CMS 4.1.0 via Account Settings Cross-Site Scripting (XSS) Vulnerability in SecurityCenter Reports Feature DLL Hijacking Vulnerability in AXON PBX 2.02 Allows Remote Code Execution Reflected XSS Vulnerability in AXON PBX 2.02 via AXON->Auto-Dialer->Agents->Name Field XSS Vulnerability in SGIN.CN Xiangyun Platform V9.4.10 via login_url Parameter Account Hijacking Vulnerability in YzmCMS v3.2 through v3.7 Out-of-Bounds Write Vulnerability in Little CMS 2.9 via Crafted TIFF File Out-of-Bounds Write Vulnerability in Little CMS 2.9 via Crafted TIFF File XSS Vulnerability in YIBAN Easy Class Education Platform 2.0 via articlelist.php k Parameter Stored XSS in DomainMod 4.10.0: /settings/profile/index.php new_first_name parameter vulnerability Stored XSS in DomainMod 4.10.0: /settings/profile/index.php new_last_name parameter vulnerability Stack Buffer Overflow in Mikrotik RouterOS License Upgrade Interface Stack-based Buffer Overflow in Insteon HD IP Camera White 2864-222: Control-Flow Hijacking via Crafted usr Key EETHER Smart Contract Vulnerability: Unauthorized Asset Increase via Integer Overflow Reflected XSS Vulnerability in MISP 2.4.91 via eventattribute.ctp Arbitrary Code Injection in OTRS Customer Panel Application Stored XSS via SVG Upload in YOOtheme Pagekit 1.0.13 and Earlier User Enumeration Vulnerability in Mahara Amazon Echo Reprompt Vulnerability Reflected XSS Vulnerability in GamePlan Theme for WordPress (Version 1.5.13.2) due to Insufficient Input Sanitization Deserialization of Untrusted Data Vulnerability in Eventum 3.5.0 Memory Exhaustion Vulnerability in Mikrotik RouterOS Session Fixation Vulnerability in ClipperCMS 1.3.3 XSS Vulnerability in ClipperCMS 1.3.3 Module name Field Integer overflow vulnerability in EAP-TLS protocol implementation in PPPD Stack-Based Buffer Overflow in DecodeGifImg Function of ngiflib.c in MiniUPnP ngiflib 0.4 Heap-Based Buffer Over-Read Vulnerability in MiniUPnP ngiflib 0.4's GifIndexToTrueColor Function Segmentation Fault Vulnerability in Liblouis 3.5.0's lou_logPrint Function Segmentation Fault Vulnerability in GifIndexToTrueColor Function of MiniUPnP ngiflib 0.4 Unauthenticated Settings Change Vulnerability in MULTIDOTS WooCommerce Category Banner Management Plugin Stack Exhaustion Vulnerability in Mikrotik RouterOS Unauthenticated DoS Attack Vulnerability in MULTIDOTS Mass Pages/Posts Creator Plugin for WordPress Brother HL Series Printers XSS Vulnerability in etc/loginerror.html Stored XSS in SeaCMS 6.61 via siteurl parameter in admin_collect.php XML External Entity (XXE) Vulnerability in SearchBlox 8.6.7 API Remote Code Execution Vulnerability in Centreon 3.4.6 and Centreon Web 2.8.23 via RPN Value in Virtual Metric Form Stored XSS Vulnerability in Centreon 3.4.6 and Centreon Web 2.8.23 Multiple SQL Injection Vulnerabilities in Centreon 3.4.6 and Centreon Web 2.8.23 Memory Corruption Vulnerability in Mikrotik RouterOS Integer Overflow Vulnerability in Espruino before 1.99 Leads to Denial of Service NULL Pointer Dereference Vulnerability in Espruino before 1.98 Out-of-bounds Read Vulnerability in Espruino before 1.98 Buffer Overflow Vulnerability in Espruino before 1.99 Allows Denial of Service and Information Disclosure Buffer Overflow Vulnerability in Espruino Allows for Denial of Service Buffer Overflow Vulnerability in Espruino before 1.99 Allows Denial of Service and Potential Privilege Escalation Buffer Overflow Vulnerability in Espruino Syntax Parsing Buffer Overflow Vulnerability in Espruino Syntax Parsing Buffer Overflow and Out-of-bounds Read Vulnerability in Espruino Out of Bounds Write Vulnerability in Netatalk before 3.1.12 Remote Code Execution in Quest NetVault Backup 11.2.0.13 Privilege Escalation Vulnerability in Samsung Members (ZDI-CAN-5361) Denial of Service Vulnerability in npm mosca 2.8.1 Arbitrary Code Execution Vulnerability in Tencent Foxmail 7.2.9.115 Arbitrary Code Execution via Format Event Handling in Foxit Reader 9.0.0.29935 Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.0.29935 (ZDI-CAN-5416) Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.0.29935 (ZDI-CAN-5417) Remote Code Execution Vulnerability in Quest NetVault Backup 11.2.0.13 Remote Code Execution Vulnerability in Foxit Reader 9.0.1.1049 (ZDI-CAN-5756) Remote Code Execution Vulnerability in Foxit Reader 9.0.1.1049 (ZDI-CAN-5896) Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.1049 (ZDI-CAN-5873) Remote Code Execution Vulnerability in Foxit Reader 9.0.1.1049 via addAdLayer Method Use After Free Vulnerability in ImageMagick 7.0.7-36 Q16's ReadMATImage Function Heap-based Buffer Over-read Vulnerability in ImageMagick 7.0.7-37 Q16's SetGrayscaleImage Function Stack-Based Buffer Overflow in SELA v0.1.2-alpha's init_apev2_keys Function XSS Vulnerability in Sinatra 400 Bad Request Page XSS Vulnerability in EMS Master Calendar before 8.0.0.201805210 via URL Parameters Default and Unremovable Support Credentials in HomeWorks QS Lutron Integration Protocol Authentication Bypass Vulnerability in Quest NetVault Backup 11.2.0.13 Arbitrary Call and SMS Notification Vulnerability in Rondaful M1 Wristband Smart Band 1 Devices CSRF Vulnerability in MULTIDOTS Add Social Share Messenger Buttons Plugin CSRF Vulnerability in MULTIDOTS Woo Checkout for Digital Goods Plugin Cleartext Storage of User Passwords in Dialogic PowerMedia XMS Administrative Console Hard-coded Cryptographic Key Vulnerability in Dialogic PowerMedia XMS Administrative Console CSRF Vulnerability in Dialogic PowerMedia XMS Administrative Console Arbitrary File Read Vulnerability in Dialogic PowerMedia XMS Administrative Console Unrestricted File Upload Vulnerability in Dialogic PowerMedia XMS Administrative Console Cleartext Storage of Passwords in Cookies Vulnerability in Dialogic PowerMedia XMS Unauthenticated Remote Denial-of-Service Vulnerability in ZyXEL P-870H-51 DSL Router XML External Entity (XXE) Vulnerability in Dialogic PowerMedia XMS Web Service Hard-coded Credentials Vulnerability in Dialogic PowerMedia XMS Administrative Console Privilege Escalation via Incorrect Permission Assignment in Dialogic PowerMedia XMS Arbitrary SQL Command Execution in Dialogic PowerMedia XMS Administrative Console Arbitrary File Existence and Size Disclosure in Artifex Ghostscript Unset pageURL vulnerability in WebKitGTK+ leading to application crash Cross-Site Scripting (XSS) Vulnerability in oauth2orize-fprm before 0.2.1 via Crafted URL XSS Vulnerability in Hue 3.12 via /pig/save/ Name and Script Parameters Privilege Escalation Vulnerability in Joyent SmartOS (ZDI-CAN-4983) Unescaped Text XSS Vulnerability in Graylog Notifications Unescaped Text XSS Vulnerability in Graylog Dashboard Names CSV Injection Vulnerability in Nikto 2.1.6 and Earlier: Remote Command Injection via HTTP Response Header Netwave IP Camera Information Disclosure Vulnerability Netwave IP Camera Information Disclosure Vulnerability Memory Leak Vulnerability in ImageMagick 7.0.7-20 Q16 x86_64: Denial of Service via Crafted CALS Image File Memory Leak Vulnerability in ImageMagick 7.0.7-20 Q16 x86_64's ReadDCMImage Function Infinite Loop Vulnerability in MiniUPnP ngiflib 0.4 Privilege Escalation Vulnerability in Joyent SmartOS (ZDI-CAN-4984) Arbitrary Code Execution via Spotify Music Player URI Handler (ZDI-CAN-5501) CSRF Vulnerability in GreenCMS v2.3.0603 Allows Arbitrary PHP Code Execution CSRF Vulnerability in GreenCMS v2.3.0603 Allows Unauthorized Admin Account Creation Login Rate Limiting Bypass in Monstra CMS 3.0.4 via login_attempts cookie manipulation CSRF Vulnerability in CmsEasy 6.1_20180508 Allows Unauthorized Article Addition Privilege Escalation Vulnerability in ABB MicroSCADA 9.3 with FP 1-2-3 CSRF Vulnerability in CmsEasy 6.1_20180508 Allows DoS Attack via Rich Text Editor Default and Unremovable Support Credentials in RadioRA 2 Lutron Integration Protocol Allow Total Super User Control Default and Unremovable Support Credentials in Stanza Lutron Integration Protocol Allow Total Super User Control Stack-based Buffer Overflow in parseChars function in Liblouis 3.5.0 Stack-based Buffer Overflow in includeFile function in compileTranslationTable.c Stack-based Buffer Overflow in Liblouis 3.5.0's compileHyphenation Function Remote Code Execution in FlexPaper 2.3.6 via setup.php and change_config.php OwnerUnderflow: Exploiting an Integer Overflow in BTCR Smart Contract to Unauthorizedly Increase Digital Assets Cross-Site Scripting (XSS) Vulnerability in Ignite Realtime Openfire before 3.9.2 XSS Vulnerability in Web Viewer for Hanwha and Samsung DVRs Arbitrary Code Execution Vulnerability in Amazon Music Player 6.1.5.1213 Cross-Site Scripting (XSS) Vulnerability in Balbooa Gridbox Extension for Joomla! Vulnerability: Inability to Change Management Password in Emerson DeltaV Smart Switch Command Center Application Bypassing Administrator Mode Authentication on Canon LBP Devices via frame.cgi Vulnerability Out-of-Bounds Read Vulnerability in LibSass through 3.5.4 NULL Pointer Dereference in LibSass Function: selector_append NULL Pointer Dereference Vulnerability in LibSass <3.5.3 NULL Pointer Dereference in LibSass: Denial of Service and Potential Impact Out-of-Bounds Read Vulnerability in LibSass through 3.5.4 Out-of-Bounds Read Vulnerability in LibSass through 3.5.4 Unauthenticated Arbitrary CAN Message Injection in Volkswagen Customer-Link App and HTC Customer-Link Bridge User Mode Write AV Vulnerability in FastStone Image Viewer 6.2 User Mode Write AV Vulnerability in FastStone Image Viewer 6.2 User Mode Write AV Vulnerability in FastStone Image Viewer 6.2 User Mode Write AV Vulnerability in FastStone Image Viewer 6.2 User Mode Write AV Vulnerability in FastStone Image Viewer 6.2 User Mode Write AV Vulnerability in FastStone Image Viewer 6.2 User Mode Read and Execute AV Vulnerability in FastStone Image Viewer 6.2 Unauthenticated Reflected Cross-Site Scripting (XSS) in wpForo Forum Plugin Privilege Escalation via DTrace DOF Files in Joyent SmartOS (ZDI-CAN-5106) Invalid Write Vulnerability in libopenmpt Allows Denial of Service or Possible Other Impact Canon MF210 and MF220 Web Interface PIN Bypass Vulnerability TLS Certificate Verification Bypass in WebKitGTK+ WebSocket Connections WebSocket Connection Deanonymization Vulnerability in WebKitGTK+ Improper Session Handling Vulnerability on TP-Link TL-WR840N and TL-WR841N Devices XSS Vulnerability in Recent Threads Plugin for MyBB Unauthenticated Remote Access to Critical Log Files in Zoho ManageEngine Desktop Central Vulnerability: Information Disclosure in Zoho ManageEngine Desktop Central CSRF Vulnerability in Xovis PC2, PC2R, and PC3 Devices through 3.6.0 Xovis PC2, PC2R, and PC3 Devices: XXE Vulnerability Null Pointer Dereference Vulnerability in Squid 3.5.27-20180318 Allows Remote Denial of Service Directory Traversal Vulnerability in Xovis PC2, PC2R, and PC3 Devices through 3.6.0 SQL Injection in WUZHI CMS 4.1.0 via 'code' parameter in api/uc.php Heap-based Buffer Over-read in libpff_name_to_id_map_entry_read function Heap-based Buffer Overflow in Libmobi 0.3's mobi_pk1_decrypt Function Heap-based Buffer Over-read in Libmobi 0.3's mobi_parse_index_entry Function Heap-based Buffer Overflow in Libmobi 0.3's mobi_decode_font_resource Function Heap-based Buffer Over-read in libfsntfs_attribute_read_from_mft Function Heap-based Buffer Over-read in libfsntfs_reparse_point_values_read_data function Heap-based Buffer Over-read in libfsntfs_mft_entry_read_header Function Arbitrary Code Execution via XFA borderColor Attribute in Foxit Reader 9.0.0.29935 Denial of Service Vulnerability in libfsntfs_security_descriptor_values_free Function Heap-based Buffer Over-read in libfsntfs_mft_entry_read_attributes function Unfiltered Output in e107 v2.1.7 Leads to XSS Vulnerability XSS Vulnerability in Ximdex 4.0: Exploiting sname or fname Parameter in index.php?action=createaccount Arbitrary PHP Code Execution via Image Upload in Pluck CMS Out-of-Bounds Read Vulnerability in The Sleuth Kit (TSK) Out-of-Bounds Read Vulnerability in The Sleuth Kit (TSK) Out-of-Bounds Read Vulnerability in The Sleuth Kit (TSK) Remote Code Execution Vulnerability in Foxit Reader 9.0.0.29935 via BitmapDPI Attribute Handling Out-of-Bounds Read Vulnerability in The Sleuth Kit (TSK) Predictable Session IDs in NEC Univerge Sv9100 WebPro 6.00.00 Devices: Account Information Disclosure Vulnerability Cleartext Password Storage Vulnerability in NEC Univerge Sv9100 WebPro 6.00.00 Devices Denial of Service and Potential Impact in init_copy Function of mruby 1.4.1 Cloudera Manager 5.15 Incorrect Access Control Vulnerability Insecure WinRM Authentication in Puppet Discovery Prior to 1.2.0 Default TLS Certificate Vulnerability in Puppet Discovery World Readable Credentials in Puppet device_manager Module Plaintext Transmission of User Credentials in RBAC LDAP with startTLS in Puppet Enterprise Remote Code Execution Vulnerability in Foxit Reader 9.0.0.29935 Insecure SSH Connection Establishment in Previous Versions of Puppet cisco_ios Module Unverified SSL Connection in Previous Versions of Puppet Agent Puppet cisco_ios Module: SSH Session Debug Information Leakage Vulnerability Vulnerability: Code Exploitation in PHP Runtime for Apache OpenWhisk Docker Skeleton Runtime for Apache OpenWhisk: User Function Replacement Vulnerability XML External Entity (XXE) vulnerability in Apache Cayenne CayenneModeler Vulnerability: Apache Tomcat JK Connector Path Normalization Bypass Arbitrary Code Execution via ePub File Parsing in Foxit Reader 9.0.0.29935 User Impersonation Vulnerability in PySpark Apache Tika XML Entity Expansion Vulnerability Vulnerability: File Overwrite in Apache Tika HTTP/2 Denial of Service Vulnerability Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0 Vulnerability: Impersonation of Authenticated Users Unauthenticated Access to Servlets in Apache Hadoop with Kerberos Authentication Enabled Incomplete Security Fix in Apache Hadoop 2.7.4 to 2.7.6 Allows Arbitrary Command Execution as Root User Incorrect User Access Control in Apache Hadoop Versions 2.7.5 to 2.7.6, 2.8.3 to 2.8.4, and 2.9.0 to 2.9.1 with Non-Default Groups Mapping User/Group Information Corruption Vulnerability in Apache Hadoop Privilege Escalation via HTTP API in CouchDB Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.0.29935 (ZDI-CAN-5488) Inadequate Authentication in Apache Spark's Standalone Master REST API Denial of Service Vulnerability in Apache Commons Compress' ZipArchiveInputStream SQL Injection Vulnerability in Apache VCL Versions 2.1 - 2.5 Apache VCL Block Allocation Form Input Validation Vulnerability SQL Injection Vulnerability in Apache VCL Versions 2.1 - 2.5 Missing TLS Hostname Verification in Apache ActiveMQ Client Remote Code Execution Vulnerability in Apache Struts Versions 2.3 to 2.3.34 and 2.5 to 2.5.16 Unprotected Local Resource Vulnerability in Apache Hive 2.3.3 and 3.1.0 Stack-based Buffer Overflow Vulnerability in UnixAuthenticationService in Apache Ranger 1.2.0 Apache Storm UI Deserialization Vulnerability Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.0.29935 (ZDI-CAN-5489) Remote Code Execution Vulnerability in Apache SpamAssassin PDFInfo Plugin Local User Code Injection Vulnerability in Apache SpamAssassin 3.4.2 Apache Subversion Server Process Exit Vulnerability Insecure Header Stripping Vulnerability in SSLHeaders Plugin Apache Tomcat Redirect Vulnerability Apache Impala: Unauthorized User Data Injection Vulnerability Vulnerability: Unrestricted File System Access via Apache Karaf SSH Service Unauthenticated Access to Apache Karaf Gogo Console via Pax Web Extender Whiteboard Apache Karaf XXE Vulnerability in Features Deployer Path Traversal Vulnerability in Heron-UI Allows Unauthorized File Access Remote Code Execution Vulnerability in Foxit Reader 9.0.0.29935 via GIF Image Parsing (ZDI-CAN-5490) Arithmetic Overflow Vulnerability in Apache Open Office 4.1.5 and Earlier Privilege Escalation via ALTER TABLE/VIEW RENAME in Apache Impala Stack Overflow Vulnerability in Apache Mesos JSON Parser XML Entity Expansion Denial of Service Vulnerability in Apache Tika 1.19 (CVE-2018-11761) Denial of Service Vulnerability in Apache PDFBox Remote File Access Vulnerability in Apache Thrift Node.js Web Server User Impersonation Vulnerability in Apache Oozie 3.1.3-incubating to 5.0.0 Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.0.29935 (ZDI-CAN-5491) Apache Fineract 1.3.0 SQL Injection Vulnerability in GroupSummaryCounts Table SQL Injection Vulnerability in Apache Fineract: Arbitrary SQL Command Execution Authorization Bypass Vulnerability in Apache Solr Uninitialized Pointer Crash in Subversion's mod_dav_svn Apache HTTPD Module Apache Spark: Information Disclosure Vulnerability in Zinc Server Command Injection Vulnerability in Apache SpamAssassin Heap-based Buffer Overflow in m_cat Function in Qemu's slirp/mbuf.c Arbitrary File Deletion and Read Vulnerability in Zoho ManageEngine Applications Manager Version 13 before build 13740 Loop Vulnerability in libjpeg 9c's rdtarga.c Due to Mishandling of EOF in read_pixel Race Condition Vulnerability in LUT Configuration Update in Android Releases Multiple ACS Scan Requests Vulnerability in Snapdragon Auto, Consumer IOT, Industrial IOT, Mobile, and IoT Platforms Arbitrary Script Execution with Root Privileges in EMC RSA Identity Governance and Lifecycle Side Channel Vulnerability in Multiple Snapdragon Processors Integer Overflow Vulnerability in WLAN Memory Allocation in Snapdragon Mobile and Snapdragon Wear Devices Integer Overflow Vulnerability in WLAN Memory Allocation on Snapdragon Mobile (SD 835, SD 845, SD 850, SDA660) Double Free Vulnerability in Power Module of CAF Android Releases Stack-Based Buffer Overflow Vulnerability in Snapdragon Mobile and Wear Firmware Routines Buffer Overflow Vulnerability in WLAN Ext Scan Handler Out-of-Bounds Write Vulnerability in WMA Roam Synchronization Handler Looping Vulnerability in Random MAC Address Generation on Snapdragon Mobile Devices Dell EMC Products XXE Injection Vulnerability Integer Overflow Vulnerability in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, SD 410/12, SD 820A Heap Overflow Vulnerability in PMIC Function in Android Releases from CAF Out-of-Bounds Access Vulnerability in WLAN Function in Android Releases from CAF Double Free Vulnerability in Snapdragon WLAN Command Injection Vulnerability in EMC RecoverPoint for Virtual Machines Double Free Vulnerability in Android WLAN Driver Command IOCTL Memory Allocation Vulnerability in Android WLAN Association Potential Use After Free Vulnerability in Android Releases from CAF Non-Time-Constant Comparison Vulnerability in Snapdragon Processors Timing/Side Channel Vulnerability in Snapdragon Mobile Processors QSEE Kernel Memory Corruption Vulnerability in Snapdragon Platforms Buffer Overflow Vulnerability in Snapdragon Processors Command Injection Vulnerability in EMC RecoverPoint for Virtual Machines Buffer Overflow Vulnerability in Qualcomm Snapdragon Processors Out-of-Bound Write Vulnerability in Android Releases from CAF Out-of-Bounds Write Vulnerability in Android Releases from CAF Buffer Overflow Vulnerability in Snapdragon Mobile and Snapdragon Wear Devices Buffer Overflow Vulnerability in Snapdragon Mobile WLAN (SD 835, SD 845, SD 850, SDA660) Buffer Overflow Vulnerability in SCP11 Sample OCE Code in Multiple Snapdragon Platforms Buffer Overflow Vulnerability in Snapdragon Mobile WLAN Function Handling WMI Commands WLAN Encrypt/Decrypt Module Buffer Copy Vulnerability in Snapdragon Mobile (SD 835, SD 845, SD 850) Buffer Overwrite Vulnerability in Snapdragon Mobile (SD 835, SD 845, SD 850) when Processing IE Set Command Buffer Overwrite Vulnerability in Snapdragon Mobile (SD 845, SD 850) WLAN Input Length Validation Cross-Site Scripting (XSS) Vulnerability in Dell EMC Isilon OneFS Web Administration Interface Potential Buffer Overflow Vulnerability in Android Releases from CAF WLAN Buffer Overflow Vulnerability in Snapdragon Mobile (SD 845, SD 850, SDA660) WLAN Module Buffer Overflow Vulnerability in Snapdragon Mobile (SD 845, SD 850, SDA660) Buffer Overwrite Vulnerability in Android Releases from CAF Vulnerability: Unauthorized Writing and Reading of Fuses in Multiple Snapdragon Platforms Integer Overflow Vulnerability in Snapdragon Mobile and Snapdragon Wear Devices WLAN Integer Overflow Vulnerability in Snapdragon Mobile and Snapdragon Wear Devices Buffer Overflow Vulnerability in Snapdragon Mobile (SD 845) WLAN Function Buffer Overflow Vulnerability in Android Releases from CAF with Linux Kernel Buffer Overflow Vulnerability in WMA Handler in Android Releases from CAF Cross-Site Scripting Vulnerability in Dell EMC Isilon OneFS Web Administration Interface Buffer Overwrite Vulnerability in Multiple Qualcomm Chipsets Buffer Overwrite Vulnerability in WLAN Function in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear Buffer Overflow Vulnerability in Snapdragon Mobile WLAN Function Buffer Overflow Vulnerability in Snapdragon Mobile SD 845 WLAN Roam Buffer Handling Critical Buffer Overflow Vulnerability in Snapdragon Mobile (SD 835, SD 845, SD 850, SDA660) Allows Passphrase Length Exceeding 32 Characters Buffer Overflow Vulnerability in Snapdragon Mobile (SD 845, SD 850) WLAN Function WLAN Buffer Overflow Vulnerability in Snapdragon Mobile (SD 835, SD 845, SD 850, SDA660) Buffer Overflow Vulnerability in Snapdragon Mobile Processors Critical Vulnerability: Invalid Memory Access in WLAN Function on Android Releases Buffer Overflow Vulnerability in Snapdragon Mobile SD 845 Cross-Site Scripting Vulnerability in Dell EMC Isilon OneFS Web Administration Interface Buffer Overflow Vulnerability in Snapdragon Mobile WLAN Function Buffer Overflow Vulnerability in Snapdragon Mobile WLAN Controller Out of Bound Access Vulnerability in Policy Mgr Unit Test in CAF Android Releases Buffer Overflow Vulnerability in Snapdragon Mobile WLAN Function Integer Overflow and Buffer Overflow Vulnerability in WLAN Function of CAF Android Releases SCP11 Crypto Services TA Unauthorized Access Vulnerability Memory Access Vulnerability in Android Releases from CAF with Linux Kernel Cross-Site Scripting (XSS) Vulnerability in Dell EMC Isilon OneFS Web Administration Interface Out of Bounds Read Vulnerability in WLAN HOST Function Buffer Overflow Vulnerability in Android Releases from CAF Integer Overflow Vulnerability in Android Releases from CAF Improper Length Check Validation in WLAN Function: Potential Memory Corruption Vulnerability Out of Bounds Read Vulnerability in Android Releases Out of Bounds Read Vulnerability in Android Releases from CAF Improper Validation of Radio Index in Multiple Snapdragon Platforms Cross-Site Scripting (XSS) Vulnerability in Pivotal Cloud Foundry UAA Out-of-Bounds Access Vulnerability in WLAN HOST Firmware Out-of-Bounds Write Vulnerability in WLAN HOST via WMA Interfaces in Android Releases Invalid Pointer Dereference Vulnerability in Android Releases from CAF with Linux Kernel WLAN Function Buffer Overflow Vulnerability in CAF Android Releases Default Privileged Access Vulnerability in Android Releases from CAF with Linux Kernel Improper Access Control in CAF Android Releases: Potential Device Node and Executable Vulnerability Improper Access Control in CAF Android Releases: Potential Device Node and Executable Vulnerability Improper Access Control in CAF Android Releases: Potential Device Node and Executable Execution Vulnerability Information Exposure Vulnerability in Cloud Foundry Garden-runC Improper Access Control in CAF Android Releases: Potential Device Node and Executable Vulnerability Improper Script Configuration in CAF Android Releases: A Path to Unprivileged Access Unprivileged Access Vulnerability in CAF Android Releases Improper Configuration of Dev Nodes in CAF Android Releases: A Potential Security Vulnerability Improper Access Control in CAF Android Releases: Potential Device Node and Executable Vulnerability Automatic Memory Release Vulnerability in CAF Android Releases Potential Heap Overflow and Memory Corruption in CAF Android Releases: Improper Error Handling in SOC Infrastructure SessionID Logging Vulnerability in Cloud Foundry Foundation and UAA Improper Failure Condition Handling and Error Code Return Vulnerability in Snapdragon Processors Integer Overflow and Buffer Overflow in WMA Event Handler in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, Mobile, and other Qualcomm Chipsets Integer Overflow Vulnerability in WLAN Function in Qualcomm Snapdragon Processors Buffer Overflow Vulnerability in Multiple Snapdragon Processors Out of Bounds Array Index Vulnerability in Snapdragon Auto, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music in Multiple Qualcomm Chipsets Buffer Overflow Vulnerability in WMI Command Processing in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9886, QCS605, SD 210/SD 212/SD 205, SD 425, SD 600, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX20, SDX24, SM7150, SXR1130 Heap Overflow Vulnerability in WLAN Function in Multiple Snapdragon Platforms X-Forwarded-Proto Header Bypass Vulnerability in Cloud Foundry Routing-Release Integer Truncation Vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS605, Qualcomm 215, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SM7150 Improper Access to HLOS in Snapdragon Processors Improper Input Validation Vulnerability in Snapdragon Processors Improper Input Validation Leads to Out of Bounds Write Vulnerability in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in Multiple Qualcomm Chipsets Improper Input Validation Vulnerability in Multiple Snapdragon Platforms Out-of-Bounds Memory Access Vulnerability in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9379, QCA9886, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 820, SD 820A, SD 835, SDX20, SDX24, Snapdragon_High_Med_2016 Buffer Over-read Vulnerability in WLAN Function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in Multiple Qualcomm Chipsets Buffer Overflow Vulnerability in Multiple Snapdragon Products Multiple ACS Scan Requests Vulnerability in Snapdragon Auto, Consumer IOT, Industrial IOT, and Mobile Devices Out-of-Bounds Access Vulnerability in WLAN Function of Snapdragon Processors Uninitialized Kernel SKB Memory Exposure Vulnerability Memory Leak and Unexpected Behavior in Fastboot Flash Command Processing Heap Overflow Vulnerability in Wireless Service Messaging Module for Snapdragon Auto, Compute, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables Unauthenticated Port Forwarding Vulnerability in CAF Android Releases Double Free Vulnerability in Snapdragon Auto, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wired Infrastructure and Networking Untracked Usage Entries Vulnerability in Snapdragon Platforms Uninitialized Extra Buffer Vulnerability in WLAN Function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile Vulnerability: Authentication Bypass via Refresh Tokens in Cloud Controller Unapproved TrustZone Application Execution Vulnerability in Snapdragon Mobile (SD 845, SD 850) Improper Access Control in XBL_LOADER Module Leads to ZI Region Clear Vulnerability in Snapdragon Mobile (SD 845, SD 850) Out-of-bounds Access Vulnerability in Snapdragon Auto, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables in Multiple Qualcomm Chipsets Out of Bound Read Vulnerability in Snapdragon Auto, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables in Multiple Qualcomm Chipsets Improper Mounting Vulnerability in CAF Android Releases: Potential Security Issue with /dsp/ Device Node Execution Keypad Key Protection Vulnerability in Qualcomm Snapdragon Processors Symlink Attack Vulnerability in Spring Boot Embedded Launch Script Use After Free Vulnerability in SPS Driver Leads to Kernel Error Out-of-Bound Vector Index Access Vulnerability in CAF Android Releases with Linux Kernel Use-after-free Vulnerability in Audio Effects Config Loading Buffer Overread Vulnerability in Camera JPEG Driver Hashed Content Exposure in /etc/passwd: A Critical Security Vulnerability in CAF Android Releases Unrestricted Execution of proptrigger.sh in CAF Android Releases: A Potential Property Manipulation Vulnerability Undefined Behavior Vulnerability in UE Processing Unknown IEI in OTA Message in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SM7150, Snapdragon_High_Med_2016, SXR1130 Vulnerability: Signature Verification Bypass in skel Library Integer overflow vulnerability in multiple Snapdragon platforms Privileged Credential Exposure in Windows Stemcells on Google Cloud Platform Unprotected Dynamic Allocations in Snapdragon Platforms Interrupt Exit Code Flow Vulnerability in Snapdragon Processors ECDSA Signature Code Leakage Vulnerability in Multiple Snapdragon Platforms Insecure Password Logging in Pivotal Cloud Cache Deployment Logs Buffer Overflow Vulnerability in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in Multiple Qualcomm Chipsets Double Free Vulnerability in Snapdragon Mobile and Wear Devices Kernel Memory Corruption Vulnerability in CAF Android Releases Use After Free and Out-of-Bounds Access Vulnerability in DIAG Driver Heap Overflow Vulnerability in CAF Android Releases with Linux Kernel Buffer Overflow Vulnerability in Camera Subsystem's Microcontroller Communication Memory Allocation Failure in Secure Pool Leading to Kernel Panic Un-trusted Pointer De-reference Vulnerability in CAF Android Releases Bypassing Security Constraints in Spring Security and Spring Framework Buffer Overflow Vulnerability in Snapdragon Wear (MDM9206, MDM9607) MQTT Connection Request Vulnerability: SMMU Secure Camera Logic Allows Unauthorized Access to HLOS Memory in Snapdragon Devices Improper Termination Vulnerability in CAF Android Releases Out-of-Bounds Access Vulnerability in Snapdragon Processors Race Condition Vulnerability in MQTT Packet Decode Request Processing in Snapdragon Mobile and Snapdragon Wear (Versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 427, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660, Snapdragon_High_Med_2016) Denial of Service Vulnerability in Snapdragon TrustZone Unprivileged Remote File Read Vulnerability in Apps Manager for PCF Unlocked Secure Keypad Vulnerability in Snapdragon Devices Binder Call Vulnerability: System Halt Exploit in Multiple Snapdragon Platforms Uninitialized Padding Vulnerability in CAF Android Releases Cross-Site Scripting (XSS) Vulnerability in Dell EMC Isilon OneFS Web Administration Interface Stack Overflow Vulnerability in CAF Android Releases: TrustZone Memory Corruption Uninitialized Socket Address Data Leak Vulnerability in CAF Android Releases Unvalidated Blacklisting Region Shared Buffered Memory Vulnerability in Snapdragon Devices Improper Authentication in Locked Memory Region Vulnerability Null Pointer Dereference Vulnerability in NAT Module of CAF Android Releases Directory Traversal and Arbitrary File Overwrite Vulnerability in Perl Archive::Tar Module Denial of Service Vulnerability in GNOME Web (Epiphany) through 3.28.2.1 EPoD: Denial of Service Vulnerability in Go Ethereum (geth) LES Protocol Implementation Signature Spoofing Vulnerability in Enigmail Cross-Site Scripting (XSS) Vulnerability in Dell EMC Isilon OneFS Web Administration Interface GnuPG Original Filename Spoofing Vulnerability Incorrect Access Control Vulnerability in Singularity Overlay File System Remote Code Execution via LDAP Service in FasterXML jackson-databind Remote Code Execution via Jackson-databind Default Typing Vulnerability Vulnerability: Logic Error in transferFrom Function Allows Unauthorized Asset Transfer Symlink Manipulation Vulnerability in Phusion Passenger 5.3.x before 5.3.2 Insecure Permissions Vulnerability in Phusion Passenger 5.3.x: Information Disclosure via Unix Domain Socket Incorrect Access Control Vulnerability in Phusion Passenger 5.3.x: Arbitrary PID Manipulation Privilege Escalation via Race Condition in Phusion Passenger Nginx Module Privilege Escalation Vulnerability in Dell EMC Isilon OneFS XSS Vulnerability in Chevereto Free before 1.0.13 Local File Inclusion Vulnerability in Eaton Intelligent Power Manager v1.6 via server/node_upgrade_srv.js Directory Traversal Out of Bounds Read Vulnerability in YARA 3.7.1 and Prior Out of Bounds Write Vulnerability in YARA 3.7.1 and Prior Arbitrary File Write Vulnerability in OWASP Dependency-Check (before 3.2.0) Cryptographic Link Absence Vulnerability in Samsung and Crucial SSDs Samsung 840 EVO Disk-Encryption Key Access Vulnerability Remote Code Execution in joyplus-cms 1.6.0 via Arbitrary SQL Command Execution Path Traversal Vulnerability in Dell EMC Isilon OneFS Versions 7.1.1.11 - 8.1.0.1 Reflected Cross-site scripting (XSS) vulnerability in SensioLabs Symfony 3.3.6 web profiler Remote Denial of Service Vulnerability in MediaTek AWUS036NH Wireless USB Adapter Directory Traversal Vulnerability in Roxy Fileman v1.4.5 via php/download.php f parameter Cross-Site Scripting (XSS) Vulnerability in Symphony 2.7.6 via pages content page Arbitrary File Upload Vulnerability in DedeCMS V5.7SP2 Arbitrary File Write Vulnerability in DedeCMS 5.7SP2 XSS Vulnerability in Ximdex 4.0: Filter[n][value] Parameter XSS Bypassing Management Mode on Canon LBP7110Cw Web Interface without PIN Canon LBP6030w Web Interface Authentication Bypass Vulnerability Remote Denial of Service Vulnerability in Dell EMC ScaleIO MDM Service Arbitrary File Upload and Remote Code Execution in PHP Scripts Mall Schools Alert Management Script SQL Injection Vulnerability in PHP Scripts Mall Schools Alert Management Script via q Parameter in get_sec.php Arbitrary File Deletion Vulnerability in PHP Scripts Mall Schools Alert Management Script via delete_img.php Arbitrary File Read Vulnerability in PHP Scripts Mall Schools Alert Management Script SQL Injection Vulnerabilities in PHP Scripts Mall Schools Alert Management Script Publicly Readable _seed Value in maxRandom Function Allows Attackers to Always Win in All For One Ethereum Gambling Game Hardcoded Database Account with Administrative Privileges in Dell EMC Data Protection Advisor The tradeTrap Vulnerability: Exploiting the Sell Function of SwftCoin (SWFTC) Smart Contract The tradeTrap Vulnerability in Internet Node Token (INT) Smart Contract Implementation Heap-Based Buffer Over-Read Vulnerability in tinyexr 0.9.5 Local File Inclusion Vulnerability in Creatiwity wityCMS 0.6.2 Denial of Service Vulnerability in BIRD Internet Routing Daemon The tradeTrap Vulnerability: Exploiting the Sell Function in Substratum (SUB) Smart Contract The tradeTrap Vulnerability: Exploiting the Sell Function in Target Coin (TGT) Smart Contract Dell EMC iDRAC7/iDRAC8 CGI Injection Remote Code Execution Vulnerability The tradeTrap Vulnerability: Exploiting the Sell Function of SEC Token Smart Contract Session Fixation Vulnerability in CodeIgniter Unauthenticated TELNET Remote Access Vulnerability in Cloud Media Popcorn A-200 Firmware Authentication Bypass Vulnerability in Eminent EM4544 9.10 Devices UPC Bar Code Vulnerability in Avanti Markets MarketCard: Unauthorized Access and Customer Information Disclosure TradeTrap: Arbitrary Supply Increase Vulnerability in PolyAI Token Contract TradeTrap: Arbitrary Total Supply Increase Vulnerability in Substratum (SUB) Token Contract TradeTrap: Arbitrary Total Supply Increase Vulnerability in INT Token's mintToken Function TradeTrap: Arbitrary Total Supply Manipulation in Target Coin (TGT) ERC20 Token Contract TradeTrap: Arbitrary Total Supply Increase Vulnerability in Fujinto (NTO) Token Contract TradeTrap: Arbitrary Supply Increase Vulnerability in GOAL Bonanza (GOAL) Token Contract TradeTrap: Arbitrary Total Supply Increase Vulnerability in BitAsean (BAS) Token Contract Stack-based Buffer Overflow in parseChars function in Liblouis 3.6.0 Stack Overflow Vulnerability in OPC UA Applications Certificate Validation Bypass in OPC Foundation UA Client Applications Enables Password Decryption S3QL Checksumming Vulnerability: Replay Attacks and File Manipulation Password Exposure in Octopus Deploy 2018.5.1 to 2018.5.7 Unauthenticated Reflected XSS Vulnerability in LAMS before 3.1 Heap-Based Buffer Over-Read Vulnerability in tinyexr 0.9.5 Memory Leak in ParseEXRHeaderFromMemory in tinyexr.h Arbitrary Script Injection in Dimofinf CMS Version 3.0.0 via news.php Reflected Cross-Site Scripting Vulnerability in OEcms v3.1's info.php mod Parameter Heap-based Buffer Over-read in liblnk_data_string_get_utf8_string_size Function Heap-based Buffer Over-read in liblnk_location_information_read_data function Heap-based Buffer Over-read in liblnk_data_block_read Function XSS Vulnerabilities in Grafana Dashboard Links XSS Vulnerability in Sonatype Nexus Repository Manager Administration UI XSS Vulnerabilities in CMS Clipper 1.3.3 Security Tab and User/Resource Group Fields NULL Pointer Dereference in md_process_line function of md4c 0.2.6 Predictable CAPTCHA Disclosure and Unauthorized Login Attempts on D-Link DIR-890L, DIR-885L/R, and DIR-895L/R Devices Arbitrary Script Injection in Airbnb Knowledge Repo 0.7.4 via Post Comments Denial of Service Vulnerability in Dropbox Lepton 1.2.1 Heap-based Buffer Overflow in FLIF TransformPaletteC<FileIO>::process Function Path Traversal Vulnerability in Dell EMC iDRAC7/iDRAC8 Web Server SQL Injection in portfolioCMS 1.0.5 via admin/portfolio.php preview parameter Canon PrintMe EFI Webinterface XSS Vulnerability Remote Code Execution Vulnerability in md4c 0.2.6 Buffer Overflow Vulnerability in Core FTP LE Version 2.2 Build 1921: Potential DoS and Remote Code Execution via PASV Response CSRF Vulnerability in Maccms 10 Allows Unauthorized User Account Addition Buffer Write Vulnerability HTTP Request Splitting Vulnerability in Node.js Command Injection Vulnerability in Dell EMC iDRAC6 Diagnostics Console Node.js Debugger Port Vulnerability Node.js HTTP Server Denial of Service Vulnerability Node.js: Slowloris HTTP Denial of Service Vulnerability Hostname Spoofing in URL Parser for JavaScript Protocol Microarchitectural Store Buffer Data Sampling (MSBDS): Information Disclosure Vulnerability Microarchitectural Load Port Data Sampling (MLPDS) Vulnerability Cross-Site Request Forgery Vulnerability in Dell EMC Isilon OneFS Microarchitectural Fill Buffer Data Sampling (MFBDS) Vulnerability: Information Disclosure via Speculative Execution Privilege Escalation Vulnerability in Intel NVMe and RSTe Driver Pack Installers Dell EMC SupportAssist Enterprise Version 1.1 Default Password Vulnerability Privilege Escalation Vulnerability in Intel(R) CSME, Intel® Server Platform Services, and Intel® Trusted Execution Engine Firmware Privilege Escalation via File Permissions in Intel Driver and Support Assistant Buffer Overflow Vulnerability in Intel Extreme Tuning Utility Arbitrary File Upload Vulnerability in Dell EMC Unisphere for VMAX and VASA Virtual Appliances Privilege Escalation in Intel Extreme Tuning Utility Installer Buffer Overflow Vulnerability in Intel Extreme Tuning Utility Installer Pointer Corruption Vulnerability in Intel Graphics Drivers Denial of Service Vulnerability in Intel Graphics Drivers: Impact on Host System via Local Access Denial of Service Vulnerability in Intel Graphics Drivers Data Leakage Vulnerability in Intel IPP Cryptographic Libraries Vulnerability: Insufficient Input Validation in Intel NUC FW Kits BIOS Update Utility Buffer Overflow Vulnerability in Intel(R) PROSet Wireless v20.50 and Earlier: Local Denial of Service Exploit Hard-coded Password Vulnerability in Dell EMC vApp Manager DLL Injection Vulnerability in Intel Data Center Migration Center Software v3.1 and Earlier: Local Code Execution via Default Directory Permissions Insufficient Session Validation in Intel Rapid Web Server 3: Potential Information Disclosure Vulnerability Potential Code Execution via Default Directory Permissions in Intel OpenVINO Toolkit for Windows DLL Injection Vulnerability in Intel IoT Developers Kit 4.0 Installer Firmware Vulnerability: Insufficient Write Protection in Intel(R) Optane(TM) SSD DC P4800X (before version E2010435) Denial of Service Vulnerability in Intel(R) Optane(TM) SSD DC P4800X Bootloader Firmware Update Routine Privilege Escalation via File Permissions in Intel Computing Improvement Program Firmware Authentication Bypass Vulnerability in Intel Core Processors Missing Access Control Check Vulnerability in Avamar Installation Manager Critical Privilege Escalation Vulnerability in Intel BMC Firmware Firmware Password Disclosure Vulnerability in Intel Server Board and Compute Module Insufficient Access Protection in Intel Server Board Firmware: Potential Arbitrary Code Execution and Information Disclosure Heap Overflow Vulnerability in Intel Trace Analyzer 2018 Privilege Escalation Vulnerability in Intel Distribution for Python (IDP) 2018 Intel NUC Kits Firmware Vulnerability: Arbitrary Code Execution and Privilege Escalation ZeroConfig Service Directory Permissions Vulnerability EDK II Network Stack Buffer Overflow Vulnerability EDK II Firmware Vulnerability: Potential Privilege Escalation, Information Disclosure, and Denial of Service via Improper Configuration Buffer Overflow Vulnerability in Dell EMC NetWorker Buffer Overflow Vulnerability in BlockIo Service for EDK II Corrupted BMP File Vulnerability in EDK II: Potential Denial of Service or Privilege Escalation Insufficient Memory Write Check Vulnerability in SMM Service for EDK II Stack Overflow Vulnerability in DxeCore for EDK II: Potential Privilege Escalation, Information Disclosure, and Denial of Service Intel(R) AMT Insufficient Input Validation Vulnerability Denial of Service Vulnerability in Intel(R) Active Management Technology (Intel(R) AMT) Insufficient Input Validation in Intel CSME and Intel TXE: Physical Access Data Modification Vulnerability Local Privilege Escalation in Intel CSME and Intel TXE Improper Access Control Vulnerability in EMC RSA Archer API Privilege Escalation Vulnerability in Intel(r) CSME and TXE Subsystems Arbitrary Code Execution Vulnerability in Intel CSME, Intel Server Platform Services, and Intel TXE Bypassing MEBx Authentication via Physical Access in Intel CSME and Intel Server Platform Services Intel QuickAssist Technology for Linux: Insufficient Access Control Vulnerability Arbitrary Code Execution Vulnerability in Intel(R) AMT Denial of Service Vulnerability in Intel(R) Server Platform Services HECI Subsystem Buffer Overflow Vulnerability in Intel CSME and Intel TXE Components RSA Archer QuickLinks Redirect Vulnerability Privilege Escalation Vulnerability in Intel(R) Capability Licensing Service Buffer Overflow Vulnerability in Intel Processors Privilege Escalation Vulnerability in Intel Core Processor Firmware Local Privilege Escalation Vulnerability in Intel Core Processor Firmware Memory Initialization Vulnerability in Intel Server Board, Server System, and Compute Module Firmware Certificate Validation Vulnerability in Intel Core Processor Firmware Denial of Service Vulnerability in Intel QuickAssist Technology for Linux Denial of Service Vulnerability in Intel(R) Processors via Improper Page Table Updates Buffer Overflow Vulnerability in Intel(R) CSME, Intel(R) TXE, and Intel(R) Server Platform Services Insufficient Access Control in Intel Graphics Driver for Windows* WebSocket Request Mishandling in Cloud Foundry Gorouter Multiple Pointer Dereferences in Intel Graphics Driver for Windows Denial of Service Vulnerability in Intel(R) Graphics Driver for Windows* Buffer Overflow Vulnerability in Intel(R) Graphics Driver for Windows Memory Corruption Vulnerability in Intel(R) Graphics Driver for Windows Memory Corruption Vulnerability in Intel(R) Graphics Driver for Windows* Denial of Service Vulnerability in Intel(R) Graphics Driver for Windows* Local Privilege Escalation Vulnerability in Intel(R) Graphics Driver for Windows* Insufficient Access Control in Intel Graphics Driver for Windows* Memory Leak Vulnerability in Intel(R) Graphics Driver for Windows* Memory Read Vulnerability in Intel(R) Graphics Driver for Windows Privilege Escalation Vulnerability in Intel(R) Graphics Driver for Windows Integer Overflow Vulnerability in Intel(R) Graphics Driver for Windows* Out of Bound Memory Read Vulnerability in Intel Graphics Driver for Windows User Mode Driver Vulnerability in Intel(R) Graphics Driver for Windows* Buffer Leakage Vulnerability in Intel(R) Graphics Driver for Windows* SIP Request Disclosure Vulnerability Denial of Service Vulnerability in Asterisk Open Source 15.x Arbitrary Script Injection in PKP Open Journal System (OJS) 3.0.0 to 3.1.1-1 via By Author Field Credential Leakage in Cloud Foundry Container Runtime (kubo-release) Prior to 0.14.0 Vulnerability: Logical Check Bypass in RemiCoin (RMC) Token TransferFrom Function Race condition vulnerability in Linux kernel allows for NULL pointer dereference and system crash Memory Corruption Vulnerability in JFS xattr.c in Linux Kernel Reflected Cross Site Scripting (XSS) Vulnerability in Adrenalin 5.4.0 HRMS Software via flexiportal/GeneralInfo.aspx strAction Parameter Symantec Reporter CLI 10.1 and 10.2 OS Command Injection Vulnerability AV Bypass Vulnerability in Norton, Symantec Endpoint Protection, and Symantec Endpoint Protection Small Business Edition AV Bypass Vulnerability in Norton, Symantec Endpoint Protection, and Symantec Endpoint Protection Small Business Edition Privilege Escalation via Hard Coded IV in Norton Identity Safe Reflected Cross-Site Scripting (XSS) Vulnerability in Symantec Security Analytics (SA) Web UI Authentication Bypass Vulnerability in Symantec Messaging Gateway Prior to 10.6.6 Vulnerability in Symantec Messaging Gateway: XML External Entity (XXE) Exploit CSV/DDE Injection Vulnerability in SEP (Mac client) DLL Preloading Vulnerability in Symantec Endpoint Protection Prior to 14.2 MP1 Reflected Cross-Site Scripting (XSS) Vulnerability in Symantec Web Isolation (WI) 1.11 NULL Pointer Dereference in mrb_class due to Improper Handling of .clone Usage Heap-based Buffer Over-read in mruby 1.4.1 due to OP_ENTER vulnerability NULL Pointer Dereference in mrb_class_real due to Lack of Support for class BasicObject in mruby 1.4.1 SQL Injection Vulnerability in Elite CMS Pro 2.01's add_sidebar.php SQL Injection Vulnerability in Harmis Ek Rishta Component for Joomla! XSS Vulnerability in InvoicePlane 1.5.10 via Quote PDF Password(Optional) Field Arbitrary File Upload Vulnerability in LiteCart before 2.1.3 Authenticated Custom Firmware Upgrade via DNS Hijacking Firmware Upgrade Vulnerability on Momentum Axel 720P 5.1.8 Devices Root Access Vulnerability on Momentum Axel 720P 5.1.8 Devices Cleartext Root Password Vulnerability on Momentum Axel 720P 5.1.8 Devices Root Privilege Escalation Vulnerability on Momentum Axel 720P 5.1.8 Devices Arbitrary .php File Upload Vulnerability in portfolioCMS 1.0.5 Integer Overflow Vulnerability in Exiv2 0.26's LoaderTiff::getData() in preview.cpp Integer Overflow Vulnerability in Exiv2 0.26's LoaderExifJpeg Class XSS Vulnerability in HongCMS 3.0.0 via Crafted Input in 404 Error Page Command Injection Vulnerability in acccheck.pl Unofficial Domain Vulnerability in Pivotal Concourse Software Homograph Attack Exploit in Valve Steam 1528829181 BETA Authentication Bypass Vulnerability in Dropbox iOS App XSS Vulnerability in Ximdex 4.0 via xowl/request.php XSS Vulnerability in Ximdex 4.0 DMS Component via /edit URI Stored XSS Vulnerability in Pivotal Spring Batch Admin: Unpatched File Upload Exploit XSS Vulnerability in Yii2-StateMachine Extension v2.x.x Incorrect Event Visibility Rules in Matrix Synapse Federation API Use-After-Free Vulnerability in DOMProxyHandler::EnsureExpandoObject in Pale Moon Heap-based Buffer Overflow in getImageData function in ImageBufferCairo Use After Free Vulnerability in WebKitGTK+ TextureMapperLayer Object Arbitrary SQL Command Execution in Seagate NAS OS 4.3.15.1 via dirId Parameter Insufficient Access Control in Seagate NAS OS 4.3.15.1 Allows Unauthorized Information Retrieval via Empty POST Requests Cross-Site Scripting (XSS) Vulnerability in Seagate NAS OS 4.3.15.1 API Error Pages Seagate NAS OS 4.3.15.1 Filebrowser Directory Traversal Vulnerability File Upload Cross-Site Scripting Vulnerability in Seagate NAS OS 4.3.15.1 Cross-Site Request Forgery (CSRF) Vulnerability in Pivotal Spring Batch Admin Arbitrary Redirect Vulnerability in Seagate NAS OS 4.3.15.1 via 'state' URL Parameter Unvalidated URL Access to Loopback Interface in Seagate NAS OS version 4.3.15.1 Session Token Theft via Cross-Site Scripting in Seagate NAS OS version 4.3.15.1 Cross-Site Scripting (XSS) Vulnerability in Seagate NAS OS 4.3.15.1 Filebrowser Cross-Site Scripting (XSS) Vulnerability in Seagate NAS OS Application Manager Cross-Site Scripting (XSS) via SVG Image Upload in ASUSTOR ADM 3.1.1 File Explorer Arbitrary File Viewing Vulnerability in ASUSTOR ADM File Explorer OS Command Injection in user.cgi in ASUSTOR ADM version 3.1.1 ASUSTOR ADM 3.1.1 Share.cgi Encryption Key Disclosure Vulnerability Arbitrary File Upload via Directory Traversal in ASUSTOR ADM 3.1.1 Improper Access Control Vulnerability in Cloud Foundry BOSH CLI Cross-Site Scripting (XSS) Vulnerability in ASUSTOR ADM 3.1.1 Login Page Arbitrary JavaScript Execution via File Movement in ASUSTOR ADM File Explorer OS Command Injection in user.cgi in ASUSTOR ADM 3.1.1 via secret_key URL Parameter OS Command Injection in SNMP.cgi in ASUSTOR ADM 3.1.1: Unauthorized Command Execution via rocommunity Parameter Arbitrary File Download Vulnerability in ASUSTOR ADM version 3.1.1 Password Change Vulnerability in ASUSTOR ADM Version 3.1.1 ASUSTOR ADM 3.1.1 upload.cgi OS Command Injection Vulnerability OS Command Injection in group.cgi in ASUSTOR ADM 3.1.1: Remote Root Command Execution ASUSTOR ADM 3.1.1 SNMP Password Information Disclosure Vulnerability Title: Denial-of-Service Vulnerability in ASUSTOR ADM 3.1.1 Login Page via Malformed Title Text Stack-based Buffer Overflow in RSA Authentication Agent for Web Use After Free Vulnerability in radare2 2.6.0 via Crafted Java Binary File Heap Out of Bounds Read Vulnerability in radare2 2.6.0 via Crafted Java Binary File Heap Out of Bounds Read Vulnerability in radare2 2.6.0 via Crafted iNES ROM Binary File Hard-coded Password Vulnerability in Momentum Axel 720P 5.1.8 Devices Buffer Overflow in Redis-cli Allows Code Execution and Privilege Escalation Stack-based Buffer Overflow in NTPq and NTPdc Allows Code Execution or Privilege Escalation Authentication Factor Cloning Vulnerability in ECOS Secure Boot Stick (SBS) 5.6.5 Cross-Site Scripting Vulnerability in RSA Authentication Agent 8.0.1 and Earlier for Web ECOS Secure Boot Stick (SBS) 5.6.5 Vulnerability: Compromised Firmware Enables Key Compromise ECOS System Management Appliance (SMA) 5.2.68 Easy Enrollment Authentication Bypass Vulnerability Incomplete Cleanup Vulnerability in ECOS Secure Boot Stick (SBS) 5.6.5: Compromising Authentication and Encryption Keys via Compromised Host PC ECOS Secure Boot Stick (SBS) 5.6.5: Insufficient Verification of Data Authenticity Vulnerability Virtualization Attack Exploits Authentication and Encryption Keys in ECOS Secure Boot Stick (SBS) 5.6.5 Unrestricted Database Access Vulnerability in ECOS System Management Appliance (SMA) 5.2.68 Vendor Backdoor Vulnerability in ECOS Secure Boot Stick (SBS) 5.6.5 Allows Unauthorized Access to Confidential Data Partial Extraction of Confidential Configurations via User-Space Emulation in ECOS Secure Boot Stick (SBS) 5.6.5 ECOS SMA 5.2.68 Vulnerability: Undocumented Factory Backdoor Allows Remote Root SSH Access XSS Vulnerability in ArticleCMS: Exploiting Add an Article Action Insufficient ACL Permissions on Windows Named Pipe in RSA Authentication Agent for Web for IIS Command Injection Vulnerability in Dell EMC RecoverPoint and RecoverPoint for VMs Cross-Site Scripting (XSS) Vulnerability in Knowage (formerly SpagoBI) 6.1.1 Business Model's Catalogue CSRF Vulnerability in Knowage (formerly SpagoBI) 6.1.1 via Every Form Cross-Site Scripting (XSS) Vulnerability in Knowage (formerly SpagoBI) 6.1.1 Incomplete Regular Expression in Signature Verification Allows File Signature Spoofing and Arbitrary Code Execution Arista CloudVision Portal Incorrect Permissions Vulnerability Service Worker Redirection Vulnerability in Firefox < 61 Canvas Buffer Overflow Vulnerability Use-after-free vulnerability in Thunderbird and Firefox allows for potentially exploitable crashes Integer Overflow in SwizzleData Code: Potential Exploitable Crash in Thunderbird and Firefox Integer Overflow Vulnerability in SSSE3 Scaler Use-after-free vulnerability in DOM node mutation events Cross-Site Request Forgery (CSRF) Vulnerability in NPAPI Plugins File System Information Disclosure Vulnerability Out-of-Bounds Read Vulnerability in QCMS Transformations Precision Timing Vulnerability in Thunderbird and Firefox Versions < 61 Windows 10 Vulnerability: Execution of Unwanted Executables without Warning Vulnerability: Unauthorized Access via Embedded Experiments in Firefox WebExtensions Improper Restriction of Excessive Authentication Attempts in Dell EMC ScaleIO LIA Reader View SameSite Cookie Bypass Vulnerability in Firefox < 61 Skia Library Integer Overflow Vulnerability S/MIME Decryption Vulnerability in Thunderbird < 52.9 HTML Reply/Forward Vulnerability in Thunderbird < 52.9: Leaking Plaintext from Decrypted S/MIME Parts Email Decryption Vulnerability in Thunderbird < 52.9: Plaintext Leakage via Embedded Form Submission Memory Corruption Vulnerability in Firefox 61: Potential Arbitrary Code Execution Memory Corruption Vulnerabilities in Firefox 61 and Firefox ESR 60.1 Use-after-free vulnerability in refresh driver timers during shutdown in Firefox and Thunderbird Use-After-Free Vulnerability in IndexedDB Index Deletion Out-of-Bounds Write Vulnerability in Mozilla Updater Command Injection Vulnerability in Dell EMC ScaleIO Light Installation Agent (LIA) Outlook Email Message Drag-and-Drop URL Interpretation Vulnerability Address Bar URL Spoofing Vulnerability in Firefox for Android Unencrypted Password Exposure in Firefox and Thunderbird Versions Prior to 62 SSLv2-compatible ClientHello Request Vulnerability TransportSecurityInfo Crash Vulnerability Type Confusion Exploit in JavaScript Register Allocation: Remote Code Execution in Firefox ESR < 60.2.2 and Firefox < 62.0.3 JavaScript JIT Compiler Inlining Vulnerability in Firefox ESR and Firefox Memory Corruption Vulnerability in Firefox 62: Potential Arbitrary Code Execution Memory Corruption Vulnerabilities in Firefox ESR 60.2 and Thunderbird 60.2 Multiple OS Command Injection Vulnerabilities in Dell EMC Unity Operating Environment (OE) Versions Prior to 4.3.0.1522077968 Memory Corruption Vulnerability in Firefox 62 and Firefox ESR 60.2 Cross-Origin Audio Access in HTTP Live Stream Playback on Firefox for Android Nested Loop User Event Crash Vulnerability in Firefox and Thunderbird Integer Overflow Vulnerability in 32-bit Builds of Firefox and Thunderbird Vulnerability: Domain Fronting Bypass in Firefox ESR < 60.3 and Firefox < 63 Privilege Escalation Vulnerability in Firefox WebExtensions Unauthenticated Local File Access Vulnerability in Firefox WebExtensions Reflected URL Injection Vulnerability in Firefox < 63 Protocol Handler Title Spoofing Vulnerability in Firefox < 63 Vulnerability: Information Exposure in Dell EMC ViPR Controller's VRRP Configuration Information Leakage of Private Browsing History in Firefox for Android (Versions < 63) Denial of Service (DOS) Vulnerability in Firefox < 63 Insecure Origin Context in WebBrowserPersist: NTLM Hash and SameSite Cookie Leakage Mixed Content Vulnerability in Firefox < 63: Insecure Favicon Loading RSA Handshake Vulnerability in NSS Versions Prior to 3.41 Memory Corruption Vulnerability in Firefox 63 and Firefox ESR 60.3 Memory Corruption Vulnerability in Firefox 63 Buffer Overflow Vulnerability in ANGLE Graphics Library in Firefox < 64 XML eXternal Entity (XXE) Vulnerability in TIBCO ActiveMatrix BusinessWorks Reflected Cross-Site Scripting (XSS) Vulnerability in TIBCO Silver Fabric SOAP Admin API LDAP Password Leakage in Dell EMC RecoverPoint Remote Code Execution Vulnerability in TIBCO Spotfire Statistics Services Cross-Site Request Forgery (CSRF) Vulnerability in TIBCO ActiveSpaces Cross-Site Request Forgery (CSRF) Vulnerability in TIBCO FTL Server Cross-Site Request Forgery (CSRF) Vulnerability in TIBCO Messaging - Apache Kafka Distribution - Schema Repository Cross-Site Request Forgery (CSRF) Vulnerabilities in TIBCO Rendezvous Components Cross-Site Request Forgery (CSRF) Vulnerability in TIBCO Enterprise Message Service Cross-Site Request Forgery (CSRF) Vulnerability in TIBCO DataSynapse GridServer Manager Denial of Service Vulnerability in Junrar's Archive.java Command Injection Vulnerability in Dell EMC RecoverPoint and RecoverPoint for VMs Insecure Usage of Hashed Password in IceHrm before 23.0.1.OS LDAP Tool Box Self Service Password before 1.3 - Unauthenticated Password Change Vulnerability Buffer Overflow in Evolution-Data-Server Allows Attackers to Trigger Overflow via Long Query Unauthorised Room Hijacking Vulnerability in Synapse before 0.31.2 Unauthenticated Remote Code Execution in WP Live Chat Support Pro Plugin XSS Vulnerability in JEESNS 1.2.1 Allows Ordinary Users to Capture Administrator Cookies Weak CGI Session ID Vulnerability in Dell EMC iDRAC XSS Vulnerability in SeaCMS V6.61 via Site Name Parameter on Admin Config Page XSS Vulnerability in JavaMelody through 1.60.0 via clear_counter Action Memory-Cache Side-Channel Vulnerability in cryptlib: Return Of the Hidden Number Problem (ROHNP) ROHNP: Memory-Cache Side-Channel Attack on DSA and ECDSA Signatures in LibreSSL Memory-cache side-channel attack on ECDSA signatures in Botan 2.5.0 through 2.6.0 before 2.7.0 Memory-Cache Side-Channel Vulnerability in wolfSSL's ECDSA Signatures (ROHNP) ROHNP: Memory-Cache Side-Channel Attack on ECDSA Signatures ROHNP: Exploiting Memory-Cache Side-Channel Vulnerability in Elliptic Curve Cryptography Library ROHNP: Memory-Cache Side-Channel Attack on MatrixSSL ECDSA Signatures Command Injection Vulnerability in Dell EMC iDRAC SNMP Agent ROHNP: Memory-Cache Side-Channel Attack on DSA Signatures in BoringSSL Insecure Default Permissions in CorsairService Service Allows Arbitrary Command Execution Authentication Bypass Vulnerability in Dropbox Android App Authentication Bypass Vulnerability in Dropbox Android App Integer Overflow in restore_tqb_pixels function leads to Heap-based Buffer Overflow and Remote Code Execution Whale Browser before 1.3.48.4 Vulnerability: Address Bar Spoofing Whale Browser Installer DLL Hijacking Vulnerability Authorization Bypass Vulnerability in RSA Identity Lifecycle and Governance Workflow Architect Component Type Confusion Vulnerability in Redis Server Allows Remote Denial-of-Service Exploitable Random Number Generation in SimpleLottery Smart Contract Allows Guaranteed Wins Critical Authentication Bypass Vulnerability in Intelbras NPLUG 1.0.0.14 Wireless Repeater Devices CSRF Vulnerability in Intelbras NPLUG 1.0.0.14 Wireless Repeater Devices expressCart before 1.1.6 Vulnerability: Unauthorized Admin User Creation via /admin/setup Referer Header Denial of Service Vulnerability in FFmpeg's mpeg4_encode_gop_header Function Inconsistent Bits-per-Sample Value in FFmpeg 4.0 AVI to MPEG4 Conversion Vulnerability Reflected Cross-Site Scripting Vulnerability in Dell EMC Unity and UnityVSA NULL pointer dereference vulnerability in libavcodec in FFmpeg 4.0 during AVI to MPEG4 conversion Certificate Revocation Vulnerability in NetIQ eDirectory Prior to 9.1.1 NetIQ iManager 3.1.1 XSS Vulnerability Patch Fortify Software Security Center (SSC) XXE Vulnerability SQL Injection Vulnerability in Micro Focus Secure Messaging Gateway OS Command Injection Vulnerability in Micro Focus Secure Messaging Gateway (SMG) Web Administration Authenticated User Package Deletion Vulnerability in openSUSE openbuildservice OpenBuildService Unauthorized Package Deletion Vulnerability Arbitrary File Upload Vulnerability in Micro Focus GroupWise Administration Console Null Pointer Dereference Vulnerability in Micro Focus Enterprise Developer and Enterprise Server XML External Entity (XXE) Vulnerability in RSA Authentication Manager Security Console SQL Injection Vulnerability in SUSE Linux SMT RegistrationSharing Module XXE Vulnerability in SUSE Linux SMT Allows Remote Data Reading and DoS Improper Authentication Vulnerability in SUSE Linux SMT Allows Remote Server Spoofing Path Traversal Vulnerability in obs-service-tar_scm of Open Build Service Improper Input Validation in obs-service-tar_scm of Open Build Service: Remote Code Execution and Information Disclosure External Network Access and Data Exposure Vulnerability in openSUSE Open Build Service Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory Directory Deletion Vulnerability in Open Build Service Remote File Extraction Vulnerability in Open Build Service Improper Input Validation in Open Build Service Allows Remote DoS RSA Authentication Manager Security Console Host Header Injection Vulnerability Critical XSS Vulnerability Patched in NetIQ Access Manager 4.4 SP3 Clipboard Data Leakage Vulnerability in Olive Tree Ftp Server Application 1.32 for Android Authentication-Required SQL Injection Vulnerabilities in OCS Inventory 2.4.1 Search Engine Remote Command Execution Vulnerability in OCS Inventory 2.4.1 Unencrypted Connection Vulnerability in Dell EMC iDRAC9 Arbitrary File Upload Vulnerability in PHPOK 4.9.032 Arbitrary File Deletion Vulnerability in PHPOK 4.9.032 Directory Traversal and Arbitrary File Read Vulnerability in PublicCMS V4.0.20180210 Directory Traversal and Arbitrary File Read Vulnerability in PublicCMS V4.0.20180210 Remote Denial of Service Vulnerability in DISCOUNT 2.2.3a's Markdown Library SQL Injection Vulnerability in iCMS v7.0.8 via spider.admincp.php Insecure Certificate Validation in Motorola MBP853 Camera Firmware Authorization Bypass Vulnerability in Dell EMC Unity and UnityVSA Cross-Site Scripting (XSS) Vulnerability in Nagios Fusion before 4.1.4 Heap-Based Buffer Over-Read Vulnerability in tinyexr 0.9.5 Assertion Failure in ComputeChannelLayout in tinyexr.h URL Redirection Vulnerability in Dell EMC Unity and UnityVSA Integer Overflow Vulnerability in mintToken Function of Substratum (SUB) Smart Contract Remote File Upload Vulnerability in ShopNx SQL Injection Vulnerability in RSA Web Threat Detection Administration and Forensics Applications Deterministic Session ID Generation Vulnerability in ntopng Directory Listing Vulnerability in MaDDash 2.0.2 Directory Listing Vulnerability in MaDDash 2.0.2 Directory Listing Vulnerability in MaDDash 2.0.2 Directory Listing Vulnerability in MaDDash 2.0.2 Default Factory Account Vulnerability in Telesquare SDT-CS3B1 and SDT-CW3B1 Devices Unrestricted File Upload Vulnerability in Intex N150 Devices CSRF Injection Vulnerabilities in Intex N150 Router Firmware Stored Cross-Site Scripting Vulnerability in RSA Authentication Manager Operation Console Arbitrary File Deletion via Directory Traversal in MetInfo 6.0.0 Arbitrary PHP Code Injection in MetInfo 6.0.0 Arbitrary Code Execution Vulnerability in JBoss RichFaces 4.5.3 through 4.5.17 (RF-14309) Remote Code Execution Vulnerability in JBoss RichFaces 3.1.0 - 3.3.4 (RF-14310) Critical SQL Injection Vulnerability in Quick Chat Plugin for WordPress Path Disclosure Vulnerability in Eclipse Jetty Server HTTP Header Injection Vulnerability in Eclipse Vert.x 3.0 to 3.5.1 Session Hijacking and Data Manipulation Vulnerability in Eclipse Jetty 9.4.0 - 9.4.8 Vulnerability: Unauthorized Access and Execution of Untrusted Code via Java Attach API in Eclipse OpenJ9 0.8 Reflected Cross-Site Scripting Vulnerability in RSA Authentication Manager Security Console CSRF Vulnerability in Eclipse Vert.x 3.0.0 - 3.5.2 WebSocket HTTP Upgrade Vulnerability in Eclipse Vert.x 3.0.0 - 3.5.3 Path Traversal Vulnerability in Eclipse Vert.x StaticHandler Vulnerability: Assertion Triggered by Invalid Topic in Eclipse Mosquitto XML Parser Vulnerability in Eclipse Vert.x OpenAPI XML Type Validator Denial of Service Vulnerability in Eclipse Jetty Server Retained Message Access Revocation Vulnerability in Eclipse Mosquitto Buffer Overflow Vulnerability in jio_snprintf() and jio_vsnprintf() Methods in Eclipse OpenJ9 Dereferencing Pointers in Native Code: Vulnerability in OpenJDK + Eclipse OpenJ9 Version 0.11.0 Builds Null Check Omission Vulnerability in Eclipse OpenJ9 JIT Compiler Reflected Cross-Site Scripting Vulnerability in RSA Identity Lifecycle and Governance Default Allow Policy in Eclipse Mosquitto ACL Configuration Authentication Bypass Vulnerability in Eclipse Mosquitto 1.0 to 1.5.5 Insecure Signature Verification in Yarnpkg/Website Install Script Sensitive Information Leakage in Zuul 3.x before 3.1.0 Algorithmic Complexity Denial of Service Vulnerability in Email::Address Module Insufficient Mount Target Path Check in Cantata-Mounter D-Bus Service Vulnerability: Authentication Bypass in Spring Cloud SSO Connector 2.1.2 Arbitrary Unmount Vulnerability in Cantata-Mounter Cantata-Mounter D-Bus Service Allows Injection of Additional Mount Options Cantata-Mounter D-Bus Service Shell Command Injection Vulnerability Linaro LAVA File Download Vulnerability Linaro LAVA Server Arbitrary File Disclosure Vulnerability Remote Code Execution Vulnerability in Linaro LAVA Denial of Service Vulnerability in Spring Framework's STOMP over WebSocket Endpoint Arbitrary DNS Query and Traffic Amplification Vulnerability in Microsoft Forefront Unified Access Gateway 2010 Sensitive User Credential Storage in Avast Free Antivirus Prior to 19.1.2360 Title: CSRF Vulnerability in TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n Devices Authentication Bypass Vulnerability in TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n Clickjacking Vulnerability in TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n Devices Authenticated Blind Command Injection in TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n Devices Heap-Based Buffer Overflow in bmp_compress1_row in sam2p 0.49.4 Password Reset Vulnerability in OXID eShop Authorization Bypass Vulnerability in Spring Framework 5.0.5 with Spring Security Self-XSS vulnerability in DragonByte vBSecurity 3.x through 3.3.0 for vBulletin 3 and vBulletin 4 Cross-Site Scripting (XSS) Vulnerability in phpMyAdmin's Designer Feature CSRF Vulnerability Allows Unauthorized Creation of Admin Account in AKCMS 6.1 CSRF Vulnerability Allows Deletion of Articles in AKCMS 6.1 Buffer Overflow Vulnerability in reSIProcate's ConnectionBase::preparseNewBytes Function OPC UA Java and .NET Legacy Stack XXE Vulnerability: Remote Denial of Service Cross-Site Scripting (XSS) Vulnerability in valeuraddons German Spelling Dictionary v1.3 Arbitrary Script Injection in PKP Open Monograph Press (OMP) Search Field Arbitrary Code Execution Vulnerability in Polaris Office 2017 8.1 Arbitrary File Access Vulnerability in Spring Data Commons with XMLBeam Ubiquiti Networks EdgeSwitch Admin CLI Format-String Vulnerability Privilege Escalation and Arbitrary Code Execution in Ubiquiti Networks EdgeSwitch Unintended Video Exposure Vulnerability in Polycom RealPresence Web Suite Information Disclosure Vulnerability in Reliable Controls MACH-ProWebCom 7.80 Devices Remote Code Execution via activateuser.aspx in Episerver Ektron CMS Out of Bounds Write Vulnerability in ImageMagick 7.0.8-3 Q16's BMP Image Handling Remote Code Execution Vulnerability in Spring Security OAuth Out of Bounds Write Vulnerability in ImageMagick 7.0.8-3 Q16's ReadDIBImage and WriteDIBImage Heap-Based Buffer Overflow in ReadImage Function of sam2p 0.49.4 CSRF Vulnerability in LFCMS 3.7.0 Allows Arbitrary User Addition CSRF Vulnerability in LFCMS 3.7.0 Allows Unauthorized User Addition Information Disclosure in GreenCMS 2.3.0603 via Direct Request for Data/Log/year_month_day.log Arbitrary Protocol XSS Vulnerability in GitLab Community Edition and Enterprise Edition Persistent XSS Vulnerability in GitLab Wiki Markdown Feature Persistent XSS Vulnerability in GitLab Charts Feature Insecure Client Authentication in Docker Moby Server-Side Request Forgery Vulnerability in OX App Suite 7.8.4 and earlier Arbitrary File Write Vulnerability in Spring-integration-zip Information Exposure in OX App Suite 7.8.4 and earlier Directory Traversal Vulnerability in OX App Suite 7.8.4 and Earlier Arbitrary File Inclusion Vulnerability in phpMyAdmin 4.8.x before 4.8.2 Uninitialized Memory Vulnerability in Phusion Passenger's switchGroup() Function Integer Overflow in QEMU Guest Agent Allows for Remote Code Execution Privilege Escalation via Offline Token Validation in Cloud Foundry UAA Open Redirect Vulnerability in Eventum 3.5.0 via switch.php XSS Vulnerability in Eventum 3.5.0 via field_name Parameter in update.php Cross-Site Scripting (XSS) Vulnerability in Eventum 3.5.0 via switch.php XSS Vulnerability in Eventum 3.5.0 via garlic_prefix Parameter XSS Vulnerability in Eventum 3.5.0 validate.php XSS Vulnerability in Eventum 3.5.0 via cat Parameter in popup.php XSS Vulnerability in Eventum 3.5.0 via list.php CSRF Vulnerability in Eventum 3.5.0 Allows Unauthorized Creation of Admin User Arbitrary File Write Vulnerability in Pivotal spring-integration-zip (CVE-2018-1261) SQL Injection Vulnerability in NEWMARK NMCMS 2.1 via sect_id Parameter Arbitrary File Read Vulnerability in Redatam7 Path Disclosure Vulnerability in Redatam7 WebServer Race condition vulnerability in vbg_misc_device_ioctl() in Linux kernel through 4.17.2 allows for local denial of service and information leakage Information Disclosure Vulnerability in CirCarLife Scada Unauthorized Upgrades Vulnerability in CirCarLife Scada v4.2.4 SQL Injection Vulnerability in iThemes Security Plugin for WordPress Unvalidated Device Name Allows JavaScript Execution in Bose Soundtouch App Log Cache Vulnerability: Unauthorized Access to UAA Client Secret Buffer Overflow Vulnerability in Insteon HD IP Camera White 2864-222 WebService Binary Stack Exhaustion in C++ Demangling Functions in GNU libiberty Incorrect Access Control in Froxlor 0.9.39.5: Unauthorized Access to Tickets NULL Pointer Dereference in WEBP::GetLE32 Function Bypassing Brute-Force Protection in MISP 2.4.92 via PUT Method File Path Sanitization Vulnerability in Cloud Foundry Diego Reflected Cross Site Scripting (XSS) vulnerability in Adrenalin HRMS version 5.4.0 Reflected XSS Vulnerability in Adrenalin 5.4 HRMS Software via ShiftEmployeeSearch.aspx Reflected Cross Site Scripting (XSS) Vulnerability in Adrenalin 5.4 HRMS Software via LeaveEmployeeSearch.aspx Reflected Cross Site Scripting (XSS) Vulnerability in Adrenalin HRMS 5.4.0 via 'ReportId' Parameter in /RPT/SSRSDynamicEditReports.aspx Reflected Cross-Site Scripting (XSS) in SLiMS 8 Akasia 8.3.1 Bibliography Module via admin/modules/bibliography/index.php?keywords= URI Reflected Cross-Site Scripting (XSS) in SLiMS 8 Akasia 8.3.1 Circulation Module via loan_rules.php URI Reflected Cross-Site Scripting (XSS) in SLiMS 8 Akasia 8.3.1 Membership Module via admin/modules/membership/index.php?keywords= URI Reflected Cross-Site Scripting (XSS) in SLiMS 8 Akasia 8.3.1 Master File Module Reflected Cross-Site Scripting (XSS) in SLiMS 8 Akasia 8.3.1 Stock Take Module CSRF Protection Bypass in SLiMS 8 Akasia 8.3.1 Information Disclosure and Path Traversal Vulnerabilities in Cloud Foundry Cloud Controller Authentication Bypass Vulnerability in SV3C L-SERIES HD Camera V2.3.4.2103-S50-NTD-B20170508B Improper Authentication Vulnerability in SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) Allows Unauthorized Access and Configuration Modification Hard-coded Password Vulnerability in SV3C L-SERIES HD Camera Devices Arbitrary Account Reset Vulnerability in SV3C L-SERIES HD Camera Improper Access Control in Cloud Foundry Silk CNI Plugin OS Command Injection in SV3C L-SERIES HD Camera V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B SV3C HD Camera Web Interface Information Disclosure Vulnerability Cross-Site Scripting (XSS) Vulnerability in SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B) SV3C HD Camera Web Interface Information Disclosure Vulnerability Session Cookie Vulnerability in SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) URL Redirection Vulnerability in SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) Unauthenticated WebSocket SSRF Vulnerability in Portainer Denial of Service Vulnerability in CoAPthon3 1.0 and 1.0.1 App GUID Structure Validation Bypass in Cloud Foundry Loggregator Denial of Service Vulnerability in CoAPthon 3.1 and 4.x Out-of-bounds Read Vulnerability in CivetWeb's send_ssi_file Function Assertion Failure in DecodePixelData in tinyexr.h Segmentation Fault in tinyexr 0.9.5's wav2Decode Function LDAP Injection in phpLDAPadmin 1.2.2 via server_id parameter and login panel Denial of Service Vulnerability in Cloud Foundry Loggregator TOCTOU Race Condition in ONOS ACL Allows Network Access Bypass via Packet Injection Arbitrary Command Execution Vulnerability in TP-Link TL-WA850RE Wi-Fi Range Extender (Hardware Version 5) Stack-based Buffer Overflow in TP-Link TL-WA850RE Wi-Fi Range Extender Hardware v5 Denial of Service Vulnerability in TP-Link TL-WA850RE Wi-Fi Range Extender (Hardware Version 5) Cross-Site Scripting (XSS) Vulnerability in mao10cms 6 via m=bbs&a=index Page Cross-Site Scripting (XSS) Vulnerability in mao10cms 6 on Article Page NULL Pointer Dereference Vulnerability in GNU Binutils 2.30 Excessive Memory Consumption Vulnerability in GNU Binutils 2.30 Heap-based Buffer Overflow in finish_stab() Function in GNU Binutils 2.30 Remote Code Execution Vulnerability in Spring Framework EvilReflex: Exploiting the approveAndCallcode Vulnerability in Globalvillage Ecosystem (GVE) Smart Contract EvilReflex: Exploiting the approveAndCallcode Vulnerability in Block 18 (18T) ERC20 Token XSS Vulnerability in DIGISOL DG-BR4000NG Devices via SSID Validation Buffer Overflow Vulnerability in DIGISOL DG-BR4000NG Devices via Long Authorization HTTP Header Directory Traversal Vulnerability in Spring Framework Vulnerability: Privilege Escalation via Admin Password Disclosure in D-Link DIR-601 2.02NA Reflective XSS Vulnerability in Joomla! Language Switcher Module Local File Inclusion Vulnerability in Joomla! 2.5.0 through 3.8.8 File Overwrite and Information Disclosure Vulnerability in GIMP 2.10.2 Linux Kernel Trace Events Filter Parsing Vulnerability XSS Vulnerability in DIGISOL DG-HR3400 Devices via Modified SSID Google Home and Chromecast Devices Vulnerable to DNS Rebinding Attack for Location Tracking Multipart Request Injection Vulnerability in Spring Framework Remote Code Execution Vulnerability in Spring Data Commons Information Disclosure Vulnerability in SAJ Solar Inverter CSRF Vulnerability in BEESCMS 4.0 Allows Arbitrary Addition of Administrators Unlimited Resource Allocation Vulnerability in Spring Data Commons Remote Code Execution Vulnerability in Spring Framework Out-of-bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-bounds Write Vulnerability in Adobe Acrobat and Reader Use-after-free vulnerability in Adobe Acrobat and Reader versions 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Information Exposure Vulnerability in Windows 2012R2 Stemcells on vSphere Out-of-bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Cloud Foundry Garden-runC Docker Image Layer Quota Bypass Vulnerability Use-after-free vulnerability in Adobe Acrobat and Reader versions 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier Out-of-bounds Write Vulnerability in Adobe Acrobat and Reader Use-after-free vulnerability in Adobe Acrobat and Reader versions 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier Use-after-free vulnerability in Adobe Acrobat and Reader versions 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use-after-free vulnerability in Adobe Acrobat and Reader versions 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Authorization Enforcement Vulnerability in Apps Manager: Unauthorized Access to Org Information Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Double Free Vulnerability in Adobe Acrobat and Reader Use-after-free vulnerability in Adobe Acrobat and Reader versions 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier Buffer Errors Vulnerability in Adobe Acrobat and Reader Heap Overflow Vulnerability in Adobe Acrobat and Reader Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-bounds Write Vulnerability in Adobe Acrobat and Reader Heap Overflow Vulnerability in Adobe Acrobat and Reader Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Cookie-based Remote Code Execution in Pivotal RabbitMQ for PCF Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Use-after-free vulnerability in Adobe Acrobat and Reader versions 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier Use-after-free vulnerability in Adobe Acrobat and Reader versions 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier Type Confusion Vulnerability in Adobe Acrobat and Reader Type Confusion Vulnerability in Adobe Acrobat and Reader Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Use-after-free vulnerability in Adobe Acrobat and Reader versions 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier Use-after-free vulnerability in Adobe Acrobat and Reader versions 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier Heap Overflow Vulnerability in Adobe Acrobat and Reader Untrusted Pointer Dereference Vulnerability in Adobe Acrobat and Reader Blind SQL Injection Vulnerability in Pivotal Greenplum Command Center Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Adobe Acrobat and Reader Privilege Escalation Vulnerability Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Authentication Bypass Vulnerability in Adobe Connect Versions 9.7.5 and Earlier: Risk of Session Hijacking Insecure Library Loading Vulnerability in Adobe Connect Versions 9.7.5 and Earlier: Privilege Escalation Risk Reflected Cross-Site Scripting Vulnerability in Adobe Experience Manager Versions 6.0-6.4 Input Validation Bypass Vulnerability in Adobe Experience Manager Versions 6.0-6.4 Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Server-Side Request Forgery Vulnerability in Adobe Experience Manager 6.4 and Earlier: Risk of Sensitive Information Disclosure Apache MXNet Vulnerability: Unintended Exposure of Clustered Setup Memory Corruption Vulnerability in Adobe Photoshop CC 2018 and CC 2017 Memory Corruption Vulnerability in Adobe Photoshop CC 2018 and CC 2017 Type Confusion Vulnerability in Adobe Acrobat and Reader Heap Overflow Vulnerability in Adobe Digital Editions 4.5.8 and Below: Arbitrary Code Execution Heap Overflow Vulnerability in Adobe Digital Editions 4.5.8 and Below: Arbitrary Code Execution Use-after-free vulnerability in Adobe Acrobat and Reader versions 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier Out of Bounds Read Vulnerability in Adobe Digital Editions 4.5.8 and Below Out of Bounds Read Vulnerability in Adobe Digital Editions 4.5.9 and Below Out of Bounds Read Vulnerability in Adobe Digital Editions 4.5.8 and Below Out of Bounds Read Vulnerability in Adobe Digital Editions 4.5.8 and Below Bypassing Argument Escaping/Cleanup in Apache Hive JDBC Driver Out of Bounds Read Vulnerability in Adobe Digital Editions 4.5.8 and Below Out of Bounds Read Vulnerability in Adobe Digital Editions 4.5.8 and Below Use After Free Vulnerability in Adobe Digital Editions 4.5.8 and Below: Arbitrary Code Execution Heap Overflow Vulnerability in Adobe Digital Editions 4.5.8 and Below: Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe Flash Player 30.0.0.134 and Earlier Security Bypass Vulnerability in Adobe Flash Player 30.0.0.134 and Earlier Out-of-Bounds Read Vulnerability in Adobe Flash Player 30.0.0.134 and Earlier Out-of-Bounds Read Vulnerability in Adobe Flash Player 30.0.0.134 and Earlier Adobe Flash Player Privilege Escalation Vulnerability Improper Certificate Validation Vulnerability in Adobe Creative Cloud Desktop Application Apache httpd mod_session Remote Content Influence Vulnerability Heap Overflow Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Heap Overflow Vulnerability in Adobe Acrobat and Reader Heap Overflow Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Type Confusion Vulnerability in Adobe Acrobat and Reader Heap Overflow Vulnerability in Adobe Acrobat and Reader Heap Overflow Vulnerability in Adobe Acrobat and Reader Stack Overflow Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader File Exposure Vulnerability in Apache Hive Server 2 Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Double Free Vulnerability in Adobe Acrobat and Reader Integer Overflow Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Heap Overflow Vulnerability in Adobe Acrobat and Reader Heap Overflow Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader XML External Entity (XXE) Vulnerability in Apache log4net Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Heap Overflow Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Buffer Errors Vulnerability in Adobe Acrobat and Reader Buffer Errors Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Type Confusion Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Unprotected CRUD Operations in Apache OpenMeetings: Denial of Service for Privileged Users Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader RMI Registry Wildcard Binding Vulnerability in Apache JMeter Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Type Confusion Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Kafka Data Loss Vulnerability via Manually Created Fetch Request Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Integer Overflow Vulnerability in Adobe Acrobat and Reader Use-after-free vulnerability in exif_read_from_impl in PHP 7.2.x through 7.2.7 Account Creation Vulnerability in Octopus Deploy 3.0 onwards (before 2018.6.7) Exploitable Vulnerability: Insecure Random Number Generation in MyCryptoChamp Smart Contract Stack Protector Canary Spill Vulnerability in GCC 4.1-8 (ARM Targets) Heap-based Buffer Overflow in CCN-lite 2.0.1: Memory Management Issue in mkAddToRelayCacheRequest SQL Injection Vulnerability in Apache Fineract REST API Unbounded Iteration DoS Vulnerability in Xen Vulnerability: Read-Write Access to Supposedly Read-Only SCSI Disks in Xen Xen Denial of Service Vulnerability in XSA-260 Fix Arbitrary Code Execution and Privilege Escalation via Directory Traversal in WordPress 4.9.6 Integer Overflow in POSIX Timer Code in Linux Kernel Buffer Overflow Vulnerability in SolarWinds DameWare Mini Remote Control (pre-12.1) SQL Injection Vulnerability in Apache Fineract Heap-based buffer overflow in cpSeparateBufToContigBuf function in LibTIFF Mitel ST 14.2 Conferencing Component Reflected XSS Vulnerability XSS Vulnerability in Easy Magazine's Search Bar Persistent XSS Vulnerabilities in CyberArk Endpoint Privilege Manager L1 KVM Guest Privilege Escalation and Denial of Service Vulnerability XSS Vulnerability in joyplus-cms 1.6.0: admin_player.php RESTLESS: Unvalidated URL Transmission in Rclone 1.42 Allows Data Leakage Remote Code Execution Vulnerability in Brynamics Online Trade - Online trading and cryptocurrency investment system Local File Disclosure Vulnerability in Webgrind 1.5 SQL Injection Vulnerability in Apache Fineract REST API Unspecified Impact Vulnerability in libsoup 2.63.2 Off-by-one Error and Out-of-bounds Write Vulnerability in WebKitGTK+ 2.20.3 SQL Injection Vulnerability in HongCMS 3.0.0 via admin\controllers\database.php Infinite Loop Vulnerability in Miniz 2.0.7's tinfl_decompress Function Remote Code Execution Vulnerability in PublicCMS V4.0.20180210 via ZIP Archive Upload Buffer Over-read Vulnerability in calc_hash in libpbc.a Segmentation Fault Vulnerability in libpbc.a's _pbcP_message_default in proto.c Heap-Based Buffer Over-Read Vulnerability in libpbc.a Segmentation Fault Vulnerability in libpbc.a's _pbcB_register_fields in bootstrap.c Cross-Site Scripting (XSS) Vulnerability in CraftedWeb through 2013-09-24 SQL Injection Vulnerability in Apache Fineract getReportType Method Information Disclosure Vulnerability in Brickstream 2300 Devices Information Disclosure Vulnerability in Electro Industries GaugeTech Nexus Devices Remote Access Control Reconfiguration Vulnerability in Emerson Liebert IntelliSlot Web Card Devices Remote Information Disclosure Vulnerability in BWS Systems HA-Bridge Devices Default Password Vulnerability in Sollae Serial-Ethernet-Module and Remote-I/O-Device-Server Devices Unsecured TELNET Access on Lantronix MSS Devices Pharos Controls Devices Vulnerability: Unauthorized Access to Sensitive Information Information Disclosure Vulnerability in Northern Electric & Power (NEP) Inverter Devices NULL Pointer Dereference Vulnerability in hfs.ko during Mount of Crafted hfs Filesystem Use-after-free vulnerability in ntfs_read_locked_inode in Linux kernel 4.15.0 Stack-based Out-of-Bounds Write Vulnerability in Linux Kernel 4.15.0's ntfs.ko Filesystem Driver Stack-based Out-of-Bounds Write Vulnerability in Linux Kernel 4.15.0's ntfs_attr_find Function Heap-based Buffer Overflow in PlayEnhMetaFileRecord in Wine 3.7 Out-of-Bounds Write Vulnerability in PlayEnhMetaFileRecord in Wine 3.7 Excessive Memory Consumption Vulnerability in GNU Binutils 2.30 Arbitrary File Write Vulnerability in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 Apache Commons Email Bounce Address Manipulation Vulnerability Arbitrary Code Execution via Unrestricted File Upload in SeedDMS Arbitrary Code Execution via Cache Directory Manipulation in SeedDMS SQL Injection Vulnerability in SeedDMS Users Management Functionality Arbitrary Web Script Injection via action URL Parameter in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 Persistent Cross-Site Scripting (XSS) Vulnerability in SeedDMS Categories Feature Arbitrary Code Execution Vulnerability in Apache Ignite's Serialization Mechanism Vulnerability: Exploitable approveAndCall Function in Aditus (ADI) Smart Contract Inadequate Verification of Extended Attribute Access in Apache Hadoop HDFS Unsecured RMI Connection Vulnerability in Apache JMeter 2.x and 3.x CSRF Vulnerability in EasyCMS 1.3 Allows Unauthorized User Deletion Command Execution Vulnerability in OpenTSDB 2.3.0 Cross-Site Scripting (XSS) Vulnerability in OpenTSDB 2.3.0 Vulnerability: Predictable Random Number Generation in CryptoSaga Smart Contract Remote Code Execution via Directory Traversal in Go Doc Dot Org (gddo) SQL Injection Vulnerability in SoftExpert (SE) Excellence Suite 2.0: Remote Authenticated SQL Heuristics via cddocument Parameter Unrestricted File Upload Vulnerability in WAGO e!DISPLAY Devices Denial of Service Vulnerability in Apache Qpid Broker-J 7.0.0: Unauthenticated Crash via PLAIN and XOAUTH2 SASL Mechanisms Arbitrary File Upload Vulnerability in WAGO e!DISPLAY Devices Code Injection Vulnerability in WAGO e!DISPLAY Devices Denial-of-Service Vulnerability in PoDoFo 0.9.6-rc1 Stack-based Buffer Over-read Vulnerability in PoDoFo PDF Library Authentication Bypass Vulnerability in Hycus CMS 1.0.4 via '=' 'OR' Credentials Arbitrary File Download Vulnerability in GreenCMS 2.3.0603 via index.php?m=admin&c=media&a=downfile URI Privilege Escalation Vulnerability in Pearson VUE Certiport Console 8 and IQSystem 7 Arbitrary File Retrieval Vulnerability in Apache Allura Information Disclosure Vulnerability in phpwcms 1.8.9 via Invalid CSRF Token Value Field Stored XSS Vulnerability in CMS MaeloStore V.1.5.0 Admin Interface Telephone Field Brute-Force Vulnerability in OneFileCMS through 2012-04-14 Arbitrary PHP Code Execution Vulnerability in OneFileCMS Arbitrary PHP Code Execution Vulnerability in OneFileCMS Reflected XSS Vulnerability in Zoho ManageEngine Applications Manager Unauthenticated File Read Vulnerability in Zoho ManageEngine Products Reflected XSS Vulnerability in Zoho ManageEngine Products Arbitrary File Deletion Vulnerability in Zoho ManageEngine Desktop Central 10.0.255 Persistent XSS Vulnerability in Advanced Electron Forum (AEF) v1.0.9 Private Message Module XSS Vulnerability in Sandoba CP:Shop v2016.1 Persistent XSS Vulnerability in Inhaltsprojekte Module of Weblication CMS Core & Grid v12.6.24 Cross-Site Scripting (XSS) Vulnerability in OpenTSDB 2.3.0 Heap-based Buffer Over-read in MP4Box Heap-Based Buffer Over-Read in MP4Box's hdlr_dump Function Heap-based Buffer Over-read in GPMF_parser.c Heap-based Buffer Over-read in GPMF_parser.c: GPMF_Next Function Vulnerability Heap-based Buffer Over-read in GPMF_parser.c Out-of-Bound Access Vulnerability in Apache HTTP Server (CVE-XXXX) CSRF Vulnerability in WSTMall v1.9.1_170316 Allows Unauthorized User Account Addition Heap-based Buffer Over-read in GPMF_parser.c: GPMF_Validate Function Vulnerability Improper Integrity Check in SAFE'N'SEC SoftControl/SafenSoft SysWatch, TPSecure, and Enterprise Suite Allows Remote Code Execution Bypassing Code-Signing Protection in SAFE'N'SEC SoftControl/SafenSoft SysWatch Recoverable Password Storage Vulnerability in SAFE'N'SEC SoftControl/SafenSoft SysWatch Apache HTTP Server NULL Pointer Dereference Vulnerability Arbitrary Script File Upload Vulnerability in HongCMS 3.0.0 XSS Vulnerability in Xiaomi Mi Router 3 API 404 Page Command Injection Vulnerability in Xiaomi Mi Router 3 (v2.22.15) WiFi Access Remote Code Execution in Metinfo v6.0.0 via admin/column/save.php Arbitrary File Deletion Vulnerability in YXcms 1.4.7 Heap-Based Buffer Over-Read in GPMF_parser.c Apache HTTP Server Denial of Service Vulnerability in mod_cache_socache Remote Denial of Service Vulnerability in jpeg-compressor 0.1 CSRF Vulnerability in DamiCMS v6.0.0 and 6.1.0 Allows Unauthorized Administrator Account Addition CSRF Vulnerability in ECESSA ShieldLink SL175EHQ 10.7.4 Devices Allows Unauthorized Superuser Account Addition Denial of Service Vulnerability in GNU Binutils 2.30 Arbitrary File Fetching via Directory Traversal in Jester Web Framework 0.2.0 Heap-based Buffer Overflow in bmp_load function of jpeg-compressor 0.1 Unrestricted File Upload Vulnerability in OpenSID 18.06-pasca via Attachment Document in Article Feature Reflected Cross Site Scripting (XSS) Vulnerability in OpenSID 18.06-pasca via cari parameter Security Bypass Vulnerability in Apache Tomcat CSRF Vulnerability in OpenSID 18.06-pasca Allows Unauthorized Account Creation Integer Overflow Vulnerability in LNK Token Smart Contract's Mint Function Denial of Service Vulnerability in 1Password 6.8 for Android Code Execution via Unsafe YAML Loading in scripts/grep-excuses.pl in Debian devscripts Arbitrary SQL Command Execution Vulnerability in Yeswiki Cercopitheque 2018-06-19-1 and Earlier SQL Injection Vulnerability in GLPI 9.2.x through 9.3.0 Inconsistent Application of Security Constraints in Apache Tomcat SQL Injection Vulnerability in Zoho ManageEngine Applications Manager 13.x Privilege Escalation Vulnerability in CyberArk Endpoint Privilege Manager Integer Overflow in alarm_timer_nsleep function in Linux Kernel Arbitrary File Overwrite Vulnerability in Cinnamon Settings Users GUI Arbitrary Code Injection through Cross-Site Scripting (XSS) Vulnerability in MantisBT View Filters Page Vulnerability in zzcms 8.3 Allows Arbitrary File Deletion and Database Access Apache Pluto 3.0.0 Multipart Portlet War File Path Information Disclosure Vulnerability Guessable CAPTCHA Issue in Easy!Appointments 1.3.0 Easy!Appointments 1.3.0 Missing Authorization Vulnerability: Exposing Hashed Passwords and Salts XSS Vulnerability in ModSecurity 3.0.0 via onerror Attribute of IMG Element Memory Leak Vulnerability in libming 0.4.8 CSRF Vulnerability in OpenCart Account Password Change Functionality Integer Overflow Vulnerability in AzurionToken (AZU) Smart Contract's mintToken Function Integer Overflow Vulnerability in DYchain (DYC) Smart Contract Allows Arbitrary Balance Manipulation Vulnerability: Entity Expansion and DTD Attacks in Apache jUDDI 3.2 through 3.3.4 Integer Overflow Vulnerability in mintToken Function of EncryptedToken (ECC) Smart Contract Integer Overflow Vulnerability in mintToken Function of CCindex10 (T10) Smart Contract Integer Overflow Vulnerability in Coffeecoin (COFFEE) Smart Contract's mintToken Function Integer Overflow Vulnerability in mintToken Function of ETCBK Smart Contract Integer Overflow Vulnerability in FIBToken (FIB) Smart Contract Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in mintToken Function of Carbon Exchange Coin Token (CEC) Smart Contract Integer Overflow Vulnerability in Betcash (BC) Token Contract's mintToken Function Integer Overflow Vulnerability in CTB Token's mintToken Function Integer Overflow Vulnerability in Jitech (JTH) Token Contract's mintToken Function Integer Overflow Vulnerability in mintToken Function of GoodTo (GTO) Smart Contract Implementation XML External Entity Expansion (XXE) Vulnerability in Apache Solr's DataImportHandler Integer Overflow Vulnerability in Goutex (GTX) Token Contract's mintToken Function Integer Overflow Vulnerability in GZS Token (GZS) Smart Contract's mintToken Function Integer Overflow Vulnerability in MODI Token (MODI) Smart Contract's mintToken Function Integer Overflow Vulnerability in Plaza Token (PLAZA) Smart Contract's mintToken Function Integer Overflow Vulnerability in mintToken Function of Good Time Coin (GTY) Smart Contract Integer Overflow Vulnerability in FreeCoin (FREE) Smart Contract Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in mintToken Function of IADOWR Coin (IAD) Smart Contract Integer Overflow Vulnerability in Coinstar (CSTR) Smart Contract's mintToken Function Integer Overflow Vulnerability in mintToken Function of Futures Pease (FP) Smart Contract Integer Overflow Vulnerability in Universal Coin (UCOIN) Smart Contract's mintToken Function Apache NiFi SplitXML Processor External XML Entity Vulnerability Integer Overflow Vulnerability in YiTongCoin (YTC) Smart Contract Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in sumocoin (SUMO) Smart Contract's mintToken Function Integer Overflow Vulnerability in mintToken Function of Reimburse Token (REIM) Smart Contract NULL pointer dereference and panic in lookup_slow() due to lack of validation in cached inodes allocation Kernel Panic Vulnerability in xfs_attr_leaf.c Memory Corruption and Denial of Service Vulnerability in Linux Kernel Denial of Service Vulnerability in Linux Kernel through 4.14 Out-of-Bounds Read and Divide-by-Zero Vulnerability in f2fs Image Handling Denial of Service Vulnerability in Linux Kernel through 4.17.3 Denial of Service Vulnerability in f2fs Filesystem Image Handling Apache NiFi JMS Deserialization Denial of Service Vulnerability Divide-by-Zero Error in f2fs Image Validation Privilege Escalation via WCF Endpoint in RedSwimmer KioskSimple 1.4.7.0 DLL Preloading Vulnerability in AnyDesk Version 4.1.3 and Earlier on Windows 7 SP1 SSRF Vulnerability in OX App Suite 7.8.4 and Earlier Cross-Site Scripting (XSS) Vulnerability in OX App Suite 7.8.4 and Earlier Stored XSS Vulnerability in ClipperCMS 1.3.3 via Tools -> Configuration Screen Local Root Jailbreak Vulnerability in ADB Broadband Gateways/Routers: Exploiting Epicentro Platform Epicentro Platform Authorization Bypass Vulnerability: Unauthorized Access and Manipulation of ADB Broadband Gateways/Routers Use-after-free vulnerability in Apache Xerces-C XML Parser Privilege Escalation Vulnerability in ADB Broadband Gateways/Routers on Epicentro Platform Partial Denial of Service Vulnerability in Wanscam HW0021 IP Cameras: ONVIF Service Crash Heap-based Buffer Over-read Vulnerability in Tcpreplay 4.3.0 beta1 Integer Overflow Vulnerability in Easy Trading Token (ETT) Smart Contract Implementation Command Injection Vulnerability in KERUI Wifi Endoscope Camera (YPC99) via ssid Parameter Unauthenticated Access and Control of KERUI Wifi Endoscope Camera (YPC99) SQL Injection Vulnerability in zzcms 8.3 via tablename parameter in /user/del.php Replay Attack Vulnerability in Apache HTTP Digest Authentication Denial of Service Vulnerability in RealOne Player 2.0 Build 6.0.11.872 Arbitrary File Deletion Vulnerability in OneFileCMS through 2017-10-08 Arbitrary File Read Vulnerability in OneFileCMS through 2017-10-08 Integer Overflow Vulnerability in MoxyOnePresale Smart Contract Allows Arbitrary Token Retrieval by Contract Owner Integer Overflow Vulnerability in SP8DE PreSale Token (DSPX) Smart Contract Arbitrary Token Retrieval Vulnerability in Etherty Token (ETY) Smart Contract Arbitrary Token Retrieval Vulnerability in SP8DE Token (SPX) Smart Contract Apache Derby Network Server Database Boot Vulnerability Integer Overflow Vulnerability in Bitotal (TFUND) Smart Contract Allows Arbitrary Token Retrieval by Contract Owner Arbitrary Token Retrieval Vulnerability in SpadePreSale Smart Contract Arbitrary Token Retrieval Vulnerability in Spadeico Smart Contract Windows Installation Process Vulnerability in Golden Frog VyprVPN (pre-2018-06-21) XSS Vulnerability in TP-Link Archer C1200 1.13 Build 2018/01/24 rel.52299 EU Devices via PATH_INFO to /webpages/data URI XSS Vulnerability in Ultimate Member Plugin for WordPress XSS Vulnerability in Events Manager Plugin 5.9.4 for WordPress Stack-based Buffer Overflow in libsndfile 1.0.28 Allows Remote Code Execution Apache Hive Unauthorized EXPLAIN Operation Vulnerability Remote Code Execution via Antidote Update Mechanism Potential Integer Overflow Vulnerability in Pandora (PDX) Token Smart Contract Implementation Integer Overflow Vulnerability in mintToken Function of JavaSwapTest (JST) Smart Contract Integer Overflow Vulnerability in LEF Token Smart Contract Implementation Arbitrary File Write Vulnerability in Apache Hive 2.1.0 to 2.3.2 Memory Leak in XMagickCommand Function in ImageMagick 7.0.8-4 Integer Overflow Vulnerability in GEMCHAIN (GEM) Smart Contract's mintToken Function Integer Overflow Vulnerability in mintToken Function of bonusToken (BNS) Smart Contract Implementation Integer Overflow Vulnerability in CryptonitexCoin's mintToken Function Integer Overflow Vulnerability in mintToken Function of AssetToken Smart Contract Integer Overflow Vulnerability in mintToken Function of Bankcoin (BNK) Smart Contract Directory Traversal Vulnerability in Apache ODE Process Deployment Web Service Integer Overflow Vulnerability in etktokens (ETK) Smart Contract's mintToken Function Integer Overflow Vulnerability in MultiGames (MLT) Smart Contract Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in ALEX Token Contract's mintToken Function Integer Overflow Vulnerability in mintToken Function of Ethernet Cash (ENC) Smart Contract Integer Overflow Vulnerability in EPPCOIN (EPP) Smart Contract's mintToken Function Integer Overflow Vulnerability in JustDCoin (JustD) Smart Contract Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in AthletiCoin (ATHA) Smart Contract's mintToken Function Integer Overflow Vulnerability in Yu Gi Oh (YGO) Token Contract's mintToken Function Integer Overflow Vulnerability in mintToken Function of NetkillerBatchToken Smart Contract for Yu Gi Oh (YGO) Ethereum Token Integer Overflow Vulnerability in mintToken Function of Ethereum Cash Pro (ECP) Smart Contract Cron Scheduler Vulnerability in Apache Zeppelin Integer Overflow Vulnerability in mintToken Function of Snoqualmie Coin (SNOW) Smart Contract Integer Overflow Vulnerability in LadaToken (LDT) Smart Contract's mintToken Function Integer Overflow Vulnerability in mintToken Function of BZXcoin Smart Contract Implementation Integer Overflow Vulnerability in EliteShipperToken (ESHIP) Smart Contract's mintToken Function Integer Overflow Vulnerability in CryptoABS (ABS) Smart Contract's mintToken Function Integer Overflow Vulnerability in AIChain's mintToken Function Integer Overflow Vulnerability in Trust Zen Token (ZEN) Smart Contract Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in mintToken Function of MiningRigRentals Token (MRR) Smart Contract Integer Overflow Vulnerability in mintToken Function of ECPoints Smart Contract Integer Overflow Vulnerability in mintToken Function of Air-Contact Token (AIR) Smart Contract Vulnerability: Segfault in Apache Traffic Server (ATS) due to Carefully Crafted Request Integer Overflow Vulnerability in IMM Coin (IMC) Smart Contract's mintToken Function Integer Overflow Vulnerability in Troo Token's mintToken Function Integer Overflow Vulnerability in loncoin (LON) Smart Contract's mintToken Function Integer Overflow Vulnerability in JWC Token Contract's mintToken Function Integer Overflow Vulnerability in TravelZedi Token (ZEDI) Smart Contract Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in mintToken Function of APPC Smart Contract Integer Overflow Vulnerability in MMTCoin (MMT) Smart Contract's mintToken Function Integer Overflow Vulnerability in CIBN Live Token (CIBN LIVE) Smart Contract's mintToken Function Integer Overflow Vulnerability in MyBO Token's mintToken Function Integer Overflow Vulnerability in Unolabo (UNLB) Smart Contract's Mint Function HTTP Response Splitting Vulnerability in Apache Allura Integer Overflow Vulnerability in mintToken Function of DVChain Smart Contract Implementation Integer Overflow Vulnerability in Super Carbon Coin (SCC) Smart Contract's mintToken Function Integer Overflow Vulnerability in Jobscoin (JOB) Smart Contract Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in mintToken Function of Hentaisolo (HAO) Smart Contract Implementation Integer Overflow Vulnerability in TTCoin Smart Contract Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in Cranoo (CRN) Token Contract's mintToken Function Integer Overflow Vulnerability in T-Swap-Token (T-S-T) Smart Contract Sell Function Integer Overflow Vulnerability in Welfare Token Fund (WTF) Smart Contract Sell Function Integer Overflow Vulnerability in STeX Exchange ICO Smart Contract Implementation Integer Overflow Vulnerability in ETHEREUMBLACK (ETCBK) Smart Contract Sell Function Incomplete SASL Negotiation Validation in Apache Thrift Java Client Library Integer Overflow Vulnerability in DateMe (DMX) Smart Contract's Sell Function Integer Overflow Vulnerability in TiTok - Ticket Token's Sell Function Integer Overflow Vulnerability in MyBO Smart Contract's Sell Function Integer Overflow Vulnerability in sellBuyerTokens Function of SwapToken Smart Contract Implementation Integer Overflow Vulnerability in ETHERCASH (ETC) Smart Contract Sell Function Integer Overflow Vulnerability in OHNI Smart Contract's Sell Function Integer Overflow Vulnerability in ProvidenceCasino (PVE) Smart Contract Sell Function Integer Overflow Vulnerability in PornCoin (PRNC) Smart Contract Sell Function Integer Overflow Vulnerability in MoneyTree (TREE) Smart Contract Sell Function Integer Overflow Vulnerability in Nectar (NCTR) Smart Contract Sell Function XSLT-based Code Execution and File Manipulation Vulnerability in Apache Syncope Integer Overflow Vulnerability in Providence Crypto Casino (PVE) Smart Contract's Sell Function Integer Overflow Vulnerability in MyToken Smart Contract's Sell Function Integer Overflow Vulnerability in EthereumLegit Smart Contract's Sell Function Integer Overflow Vulnerability in TravelCoin (TRV) Smart Contract Sell Function GMile Smart Contract Vulnerability: Integer Overflow in Sell Function Leads to Asset Reduction Integer Overflow Vulnerability in Sample Token (STK) Smart Contract's Sell Function Integer Overflow Vulnerability in GreenMed (GRMD) Smart Contract Sell Function Integer Overflow Vulnerability in CoinToken's Sell Function Integer Overflow Vulnerability in ICOD Smart Contract's Sell Function Integer Overflow Vulnerability in YourCoin (ICO) Smart Contract Implementation (ETH033) Sensitive Security Value Recovery Vulnerability in Apache Syncope Integer Overflow Vulnerability in MAVCash Smart Contract Sell Function Integer Overflow Vulnerability in ExtremeToken Smart Contract's Sell Function Integer Overflow Vulnerability in ObjectToken (OBJ) Smart Contract Sell Function Integer Overflow Vulnerability in RTokenMain Smart Contract Implementation Integer Overflow Vulnerability in VEU_TokenERC20 Smart Contract's Sell Function Integer Overflow Vulnerability in MyYLC Smart Contract's Sell Function Integer Overflow Vulnerability in YLCToken Smart Contract's Sell Function Integer Overflow Vulnerability in MoneyChainNet (MCN) Smart Contract Sell Function Integer Overflow Vulnerability in Crowdnext (CNX) Smart Contract Sell Function RiptideCoin (RIPT) Smart Contract Vulnerability: Integer Overflow in Sell Function Leads to Asset Reduction Reverse Proxy Vulnerability in Apache Tomcat JK ISAPI Connector Integer Overflow Vulnerability in DestiNeed (DSN) Smart Contract Sell Function Integer Overflow Vulnerability in EnterToken Smart Contract's Sell Function Integer Overflow Vulnerability in EnterCoin's Sell Function Integer Overflow Vulnerability in GSI Token's Sell Function Denial of Service Vulnerability in Apache Commons Compress' Zip Package Remote Code Execution in Apache Wicket-jQuery-UI WYSIWYG Editor NULL Pointer Dereference in libming 0.4.8's getString Function in decompile.c Excessive Memory Allocation Vulnerability in libming 0.4.8's readBytes Function Cross-Site Scripting (XSS) Vulnerability in Entrust Datacard Syntera CS 5.x Login Page XSS Vulnerability in PHP Scripts Mall Auditor Website 2.0.1 via lastname or firstname parameter HTTP Host Header Spoofing Vulnerability in Blackboard Learn 2018-07-02 Missing .htaccess Files in Mediawiki 1.31 Tarball Vulnerability Truncation Vulnerability in zsh Shebang Lines Apache Struts REST Plugin XML DoS Vulnerability Stored XSS vulnerability in Apache Zeppelin prior to 0.8.0 via Note permissions Insufficiently Random Values Vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) Information Exposure Vulnerability in SYNO.Core.ACL in Synology DiskStation Manager (DSM) Session Fixation Vulnerability in Synology Photo Station Remote Code Execution Vulnerability in Synology SSL VPN Client Command Injection Vulnerability in Synology Diskstation Manager (DSM) FTP Server Command Injection Vulnerability in Synology Router Manager (SRM) FTP Server Default Permissions Vulnerability in Synology Diskstation Manager (DSM) Allows Unauthorized Access to Sensitive Information Default Permissions Vulnerability in Synology Router Manager (SRM) Allows Unauthorized Access to Sensitive Information Information Exposure Vulnerability in Synology File Station SYNO.FolderSharing.List Information Exposure Vulnerability in Synology Router Manager (SRM) SYNO.Core.ACL Information Exposure Vulnerability in Synology Router Manager (SRM) Information Exposure Vulnerability in Synology DiskStation Manager (DSM) before 6.2.1-23824 Information Exposure Vulnerability in Synology Router Manager (SRM) Allows Unauthorized Access to Sensitive Data Arbitrary Code Injection via Control Panel SSO Settings in Synology DiskStation Manager (DSM) Information Exposure Vulnerability in SYNO.Personal.Profile in Synology Application Service Information Exposure Vulnerability in SYNO.Personal.Application.Info Denial-of-Service Vulnerability in Synology MailPlus Server before 2.0.5-0606 Information Exposure Vulnerability in Synology Drive Non-Endpoint Channel Access Vulnerability in Synology Android Moments 1.2.3-199 Arbitrary File Upload Vulnerability in Synology Calendar Attachment Uploader Denial of Service Vulnerability in Apache Mesos: Crashing of libprocess when parsing malformed JSON payload Out-of-Array Read Vulnerability in FFmpeg's AVI to MPEG4 Conversion FFmpeg 4.0.1 AVI to MPEG4 Conversion Denial of Service Vulnerability Out-of-Array Access Vulnerability in FFmpeg 4.0.1 NULL Pointer Dereference Vulnerability in FFmpeg 4.0.1 AVI to MPEG4 Conversion Improper Context Profile Maintenance in libavcodec: Denial of Service Vulnerability FFmpeg 4.0.1 AVI to MPEG4 Conversion Vulnerability Command Injection in formDlna in TOTOLINK A3002RU v1.0.8 via ftpUser POST Parameter Command Injection in TOTOLINK A3002RU v1.0.8 via ntpServerIp2 POST Parameter Arbitrary JavaScript Execution in TOTOLINK A3002RU v1.0.8 via Cross-Site Scripting in notice_gen.htm Arbitrary JavaScript Execution Vulnerability in TOTOLINK A3002RU v1.0.8 Arbitrary Code Execution Vulnerability in Apache Storm Arbitrary JavaScript Execution via Username in TOTOLINK A3002RU version 1.0.8 Command Injection in TOTOLINK A3002RU v1.0.8 via formDlna's sambaUser Parameter Arbitrary JavaScript Execution in TOTOLINK A3002RU v1.0.8 via Cross-Site Scripting in notice_gen.htm Plaintext Password Exposure in TOTOLINK A3002RU 1.0.8 Router Command Injection in TOTOLINK A3002RU Version 1.0.8 via formAliasIp POST Parameter Unauthenticated Password Change Vulnerability in TOTOLINK A3002RU Version 1.0.8 Command Injection in TOTOLINK A3002RU v1.0.8 via formAliasIp subnet Parameter Password Disclosure Vulnerability in TOTOLINK A3002RU Version 1.0.8 System Command Injection in User.create Method in Buffalo TS5600D1206 Version 3.61-0.10 Unauthenticated POST Request Vulnerability in Buffalo TS5600D1206 Version 3.61-0.10 User Impersonation Vulnerability in Apache Storm System Command Injection in network.set_auth_settings in Buffalo TS5600D1206 version 3.70-0.10 Improper Access Controls in Buffalo TS5600D1206 NASAPI (Version 3.61-0.10) Enable Unauthorized Function Calls Directory Traversal Vulnerability in Buffalo TS5600D1206 Version 3.61-0.10 Cross-Site Scripting (XSS) Vulnerability in Buffalo TS5600D1206 Version 3.61-0.10 Bypassing Authentication via Modified HTTP Host Header in Buffalo TS5600D1206 version 3.61-0.10 Integer Overflow Vulnerability in GROWCHAIN (GROW) Smart Contract's _sell Function Integer Overflow Vulnerability in Bittelux (BTX) Smart Contract Implementation Potential Integer Overflow Vulnerability in ChuCunLingAIGO (CCLAG) Token's Transfer Functions Integer Overflow Vulnerability in PFGc Token Smart Contract Implementation Cross-Site Scripting (XSS) Vulnerability in TerraMaster TOS 3.1.03 ajaxdata.php HTTP/2 Request Worker Exhaustion Vulnerability Command Injection Vulnerability in TerraMaster TOS 3.1.03: Execute System Commands via groupname Parameter Cross-Site Scripting (XSS) Vulnerability in TerraMaster TOS 3.1.03 Control Panel Arbitrary File Upload Vulnerability in TerraMaster TOS 3.1.03 Explorer Application Cross-Site Scripting (XSS) Vulnerability in TerraMaster TOS 3.1.03 File Manager Cross-Site Scripting (XSS) Vulnerability in TerraMaster TOS 3.1.03 handle.php Cross-Site Scripting (XSS) Vulnerability in TerraMaster TOS 3.1.03 Control Panel Command Injection in TerraMaster TOS 3.1.03: Remote Code Execution via ajaxdata.php Session Fixation Vulnerability in TerraMaster TOS 3.1.03 Web Application Command Injection in TerraMaster TOS 3.1.03: Remote Code Execution via ajaxdata.php Stored XSS in Imperavi Redactor 3 in Angular Redactor 1.1.6 User Impersonation Vulnerability in Apache Spark CSRF Vulnerability in Gleez CMS 1.2.0 Vulnerability: Password Decryption and Privilege Escalation in Crestron TSW-X60 and MC3 Hardcoded Credentials Vulnerability in Anda App's Server API Improper Handling of Fragment Start in mpatch_apply Function in Mercurial Integer Addition and Subtraction Mishandling in mpatch.c in Mercurial before 4.6.1 Buffer Overread Vulnerability in Mercurial's mpatch_decode Function Cross-Site Scripting (XSS) Vulnerability in TerraMaster TOS 3.1.03 Taskbar Command Injection Vulnerability in Apache Tika Server (Versions 1.7 to 1.17) SQL Injection in logtable.php in TerraMaster TOS version 3.1.03: Exploiting the Event Parameter Cross-Site Scripting (XSS) Vulnerability in TerraMaster TOS 3.1.03 Control Panel Session Token Exposure in TerraMaster TOS 3.1.03: Unauthorized Access to Active Sessions Command Injection Vulnerability in TerraMaster TOS 3.1.03: Exploiting checkport Parameter in ajaxdata.php TerraMaster TOS 3.1.03 Logtable.php System Command Injection Vulnerability Insecure Access Controls in ajaxdata.php of TerraMaster TOS v3.1.03 Enable Unauthorized User Group Creation Privilege Escalation in TerraMaster TOS version 3.1.03 via Incorrect Access Control in ajaxdata.php Cross-Site Scripting (XSS) Vulnerability in TerraMaster TOS 3.1.03 Control Panel Command Injection in ajaxdata.php in TerraMaster TOS 3.1.03: Execution of System Commands via checkName Parameter Cross-Site Scripting (XSS) Vulnerability in TerraMaster TOS 3.1.03 via modgroup Parameter in usertable.php UTF-8 Decoder Overflow Vulnerability in Apache Tomcat Cross-Site Scripting (XSS) Vulnerability in TerraMaster TOS Text Editor User Enumeration in TerraMaster TOS 3.1.03 via modgroup Parameter in usertable.php Information Exposure Vulnerability in Fortinet FortiOS: Revealing Private IP and Hostname via Application Control Block Page Fortinet FortiOS Information Disclosure Vulnerability: Revealing Serial Number via PPTP Protocol FortiOS Information Exposure Vulnerability via Admin WebUI Command Injection Vulnerability in Fortinet FortiClient for Windows 6.0.4 and Earlier Apache Directory LDAP API TLS Connection Leak Vulnerability FortiOS External Control of System Vulnerability: Unauthorized Routing Settings Modification via ZebOS Component LDAP Server Login Credentials Leakage Vulnerability in Fortinet FortiOS and FortiADC Cross-Site Scripting (XSS) Vulnerability in Fortinet FortiAnalyzer and FortiManager Uninitialized Memory Buffer Leak in Fortinet FortiOS: Potential Disclosure of Sensitive Data in HTTP Response LDAP Server Plaintext Password Exposure in Fortinet FortiSIEM 5.2.0 and Below Versions Path Traversal Vulnerability in Fortinet FortiOS and FortiProxy Infinite Loop Vulnerability in Apache Tika's BPGParser (Versions before 1.18) Fortinet FortiOS and FortiProxy XSS Vulnerability Buffer Overflow Vulnerability in Fortinet FortiOS and FortiProxy SSL VPN Web Portal Password Modification Vulnerability Heap Buffer Overflow in Fortinet FortiOS and FortiProxy SSL VPN Web Portal Fortinet FortiOS SSL VPN Web Portal Host Header Redirection Vulnerability Argument Injection Vulnerability in Sourcetree for macOS via Mercurial Filenames Argument Injection Vulnerability in Sourcetree for Windows via Mercurial Filenames Incomplete fix for cross site scripting (XSS) vulnerability in Atlassian JIRA Server Cross-Site Scripting (XSS) Vulnerability in Atlassian Fisheye and Crucible Review Attachment Resource Remote Content Spoofing Vulnerability in Atlassian Confluence Infinite Loop Vulnerability in Apache Tika's ChmParser (Versions before 1.18) Unauthenticated Access to CloudToken Daemon on Linux Allows Unauthorized AWS Credential Retrieval Information Disclosure Vulnerability in Jira Server Cross-Site Scripting (XSS) Vulnerability in Atlassian Fisheye and Crucible before 4.6.0 CSRF Vulnerability in Atlassian Confluence Questions Allows Comment Modification to Answer CSRF Vulnerability in Atlassian Confluence Questions Allows Modification of Comments into Answers Cross-Site Scripting (XSS) Vulnerability in Atlassian Jira Epic Colour Field Argument Injection Vulnerability in Sourcetree for macOS via Git Subrepositories in Mercurial Repositories Argument Injection Vulnerability in Sourcetree for Windows via Git Subrepositories in Mercurial Repositories Cross-Site Request Forgery (CSRF) Vulnerability in Atlassian Fisheye and Crucible Administrative Smart-Commits Resource Privilege Escalation Vulnerability in Atlassian Fisheye and Crucible Installer Insecure Session Token Storage in Apache Guacamole Improper Access Control Vulnerability in Atlassian Jira Versions 7.6.9 to 7.13.1 Open Redirect Vulnerability in XsrfErrorAction Resource in Atlassian Jira Open Redirect Vulnerability in Atlassian Jira Versions 7.6.9 to 7.13.1 Cross-Site Scripting (XSS) Vulnerability in Atlassian Jira's Two-Dimensional Filter Statistics Gadget Server Side Request Forgery (SSRF) vulnerability in Atlassian Jira Inode Ownership Vulnerability in Linux Kernel Integer Overflow in uvesafb_setcmap Function in Linux Kernel CSRF Vulnerability in Jirafeau 3.4.1: Unprotected Delete File Feature Reflected XSS Vulnerability in Jirafeau Allows Session Theft and Admin Privilege Escalation Reflected XSS Vulnerability in Jirafeau Allows Session Theft and Admin Privilege Escalation Denial of Service and Arbitrary Command Execution Vulnerability in Info-ZIP Zip 3.0 Privilege Escalation via Clickable Company Logo in Zoho ManageEngine Desktop Central Privilege Escalation via Clickable Company Logo in Zoho ManageEngine Desktop Central Plex Media Server 1.13.2.5154 XXE Vulnerability XML External Entity Processing (XXE) Vulnerability in Universal Media Server (UMS) 7.1.0 XML External Entity Processing (XXE) Vulnerability in Vuze Bittorrent Client 5.7.6.0 Command Injection in ajaxdata.php in TerraMaster TOS 3.1.03 Memory Leak in libsndfile 1.0.28's psf_allocate in common.c File Upload and Remote Code Execution Vulnerability in NetIQ Access Manager Administrative Console Memory Leak in Malloc Extension of Google gperftools 2.7 Heap-based Buffer Over-read in Fast C++ CSV Parser's io::trim_chars function XSS Vulnerability in TCExam before 14.1.2 via ff_ or xl_ Field Cross-Site Scripting (XSS) Vulnerability in Omeka 2.6.1 tag-form.php PAM Vulnerability: Unauthenticated Remote Host Access XSS Vulnerability in Boostnote v0.11.7: Markdown Text Highlighting Exploit Biometric Authentication Bypass in LINE jp.naver.line iOS App Authentication Bypass Vulnerability in LINE jp.naver.line iOS App XXE Vulnerability in WXPayUtil of WeChat Pay Java SDK Allows Merchant Notification URL Attacks NetIQ iManager Communication Downgrade Vulnerability NULL Pointer Dereference Vulnerability in Audiofile Library 0.3.6 Nagios Core 4.4.1 and Earlier qh_help NULL Pointer Dereference Vulnerability SQL Injection vulnerability in SolarWinds Network Performance Monitor 12.3 via /api/ActiveAlertsOnThisEntity/GetActiveAlerts TriggeringObjectEntityNames parameter. Heap-Based Buffer Overflow in EOS.IO JIT-WASM 4.1 via Crafted WAST File CSRF Vulnerability in SeaCMS 6.61 Allows Unauthorized Admin Account Creation CSRF Vulnerability in SeaCMS 6.61 Allows Unauthorized User Account Addition Authentication Bypass Vulnerability in LINE jp.naver.line Android App Arbitrary SQL Command Execution in Dolibarr ERP/CRM 7.0.3 via statut Parameter Arbitrary SQL Command Execution in Dolibarr ERP/CRM 7.0.3 via country_id Parameter Arbitrary SQL Command Execution in Dolibarr ERP/CRM 7.0.3 via statut_buy Parameter Elevation of Privilege Vulnerability in NetIQ iManager Arbitrary SQL Command Execution in Dolibarr ERP/CRM 7.0.3 via status_batch Parameter NULL Pointer Dereference Vulnerability in qh_echo of Nagios Core 4.4.1 and Earlier NULL Pointer Dereference Vulnerability in qh_core of Nagios Core 4.4.1 and Earlier eDirectory Denial of Service Vulnerability in Versions Prior to 9.1 Integer Overflow Vulnerability in MoonToken's mintToken Function Integer Overflow Vulnerability in mintToken Function of T-Swap-Token (T-S-T) Smart Contract Integer Overflow Vulnerability in mintToken Function of t_swap Smart Contract Integer Overflow Vulnerability in PaulyCoin's mintToken Function Integer Overflow Vulnerability in Crystals Token Contract's mintToken Function Integer Overflow Vulnerability in EpiphanyCoin's mintToken Function Integer Overflow Vulnerability in Cavecoin's mintToken Function Integer Overflow Vulnerability in mintToken Function of IcoContract Smart Contract Implementation Reflected Cross-Site Scripting Vulnerability in NetIQ iManager Administrative Web Interface Integer Overflow Vulnerability in mintToken Function of BuyerToken Smart Contract Integer Overflow Vulnerability in BeyondCashToken's mintToken Function Integer Overflow Vulnerability in CloutToken Smart Contract Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in mintToken Function of OHNI Smart Contract Implementation Integer Overflow Vulnerability in FansChainToken's mintToken Function Integer Overflow Vulnerability in mintToken Function of VSCToken Smart Contract Implementation Integer Overflow Vulnerability in PhilCoin's mintToken Function Integer Overflow Vulnerability in CTESale Smart Contract Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in mintToken Function of DMPToken Smart Contract Integer Overflow Vulnerability in SlidebitsToken's mintToken Function SSL Handshake Renegotiation Vulnerability in NetIQ Identity Manager Driver Integer Overflow Vulnerability in QRG Token's mintToken Function Integer Overflow Vulnerability in mintToken Function of TRIUM Smart Contract Implementation Integer Overflow Vulnerability in ETHERCASH (ETC) Smart Contract Implementation Integer Overflow Vulnerability in mkethToken's mintToken Function Integer Overflow Vulnerability in CBRToken's mintToken Function Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in mintToken Function of BitcoinAgileToken Smart Contract Integer Overflow Vulnerability in HELP Token's mintToken Function Integer Overflow Vulnerability in PlatoToken's mintToken Function Integer Overflow Vulnerability in Crypto Alley Shares (CAST) Smart Contract Implementation Integer Overflow Vulnerability in OllisCoin's mintToken Function Allows Arbitrary Balance Manipulation NetIQ Identity Manager Driver Log File Information Disclosure Vulnerability Integer Overflow Vulnerability in FILM Token's mintToken Function Integer Overflow Vulnerability in Carrot Token's mintToken Function Integer Overflow Vulnerability in mintToken Function of Naga Ethereum Token Contract Integer Overflow Vulnerability in DaddyToken's mintToken Function Integer Overflow Vulnerability in mintToken Function of SusanTokenERC20 Smart Contract Integer Overflow Vulnerability in KMCToken's mintToken Function Integer Overflow Vulnerability in RajTestICO's mintToken Function Integer Overflow Vulnerability in COBToken's mintToken Function Integer Overflow Vulnerability in mintToken Function of KAPAYcoin Smart Contract Implementation Integer Overflow Vulnerability in Crowdsale Smart Contract Allows Arbitrary Balance Manipulation NetIQ Identity Manager Driver Log File Enumeration Vulnerability Integer Overflow Vulnerability in mintToken Function of MSXAdvanced Smart Contract Implementation Integer Overflow Vulnerability in HRWtoken's mintToken Function Integer Overflow Vulnerability in HeliumNetwork's mintToken Function Integer Overflow Vulnerability in mintToken Function of South Park Token Token (SPTKN) Smart Contract Integer Overflow Vulnerability in MMCoin's mintToken Function Integer Overflow Vulnerability in ecogreenhouse Token Contract's mintToken Function Integer Overflow Vulnerability in mintToken Function of SDR22 Ethereum Token Contract Integer Overflow Vulnerability in mintToken Function of SLCAdvancedToken Smart Contract Implementation Integer Overflow Vulnerability in mintToken Function of VITToken Smart Contract Implementation Integer Overflow Vulnerability in IamRich Token's mintToken Function Fortinet FortiManager XSS Vulnerability in CLI Config Installation Log Integer Overflow Vulnerability in Welfare Token Fund (WTF) Smart Contract Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in CorelliCoin's mintToken Function Integer Overflow Vulnerability in SmartHomeCoin's mintToken Function Integer Overflow Vulnerability in Ubiou Token Contract's mintToken Function Integer Overflow Vulnerability in esportz Token Contract's mintToken Function Integer Overflow Vulnerability in mintToken Function of aman Ethereum Token Contract Integer Overflow Vulnerability in SCAM Token Contract's mintToken Function Integer Overflow Vulnerability in C3 Token's mintToken Function Integer Overflow Vulnerability in TCash Smart Contract's mintToken Function Integer Overflow Vulnerability in DigitalCloudToken Smart Contract Allows Arbitrary Balance Manipulation Fortinet FortiOS 5.6.0 SSH Username Format String Vulnerability Integer Overflow Vulnerability in TopscoinAdvanced's mintToken Function Integer Overflow Vulnerability in PinkyToken's mintToken Function Integer Overflow Vulnerability in EXGROUP Token Contract's mintToken Function Integer Overflow Vulnerability in SmartPayment's mintToken Function Integer Overflow Vulnerability in PornCoin (PRNC) Smart Contract Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in Flow Token Contract's mintToken Function Integer Overflow Vulnerability in mintToken Function of WangWangToken Smart Contract Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in ElevateCoin's mintToken Function Integer Overflow Vulnerability in DhaCoin's mintToken Function Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in mintToken Function of BetterThanAdrien Smart Contract Allows Arbitrary Balance Manipulation Fortinet FortiManager 6.0.1 and below versions: Information Disclosure Vulnerability Integer Overflow Vulnerability in mintToken Function of HunterCoin Smart Contract Implementation Integer Overflow Vulnerability in MaxHouse Token's mintToken Function Integer Overflow Vulnerability in Mindexcoin's mintToken Function Integer Overflow Vulnerability in ALUXToken's mintToken Function Integer Overflow Vulnerability in SpeedCashLite (SCSL) Token Contract's mintToken Function Integer Overflow Vulnerability in PACCOIN's mintToken Function Integer Overflow Vulnerability in mintToken Function of ERC20_ICO Smart Contract Integer Overflow Vulnerability in EthereumLegit's mintToken Function Integer Overflow Vulnerability in mintToken Function of SIPCToken Smart Contract Integer Overflow Vulnerability in mintToken Function of Bcxss Ethereum Token Contract Improper Access Control Allows Arbitrary Content Modification in Fortinet FortiManager and FortiAnalyzer Integer Overflow Vulnerability in mintToken Function of GSI Ethereum Token Contract Integer Overflow Vulnerability in CryptoLeu's mintToken Function Integer Overflow Vulnerability in ZIBToken's mintToken Function Integer Overflow Vulnerability in GemstoneToken's mintToken Function Integer Overflow Vulnerability in Numisma's mintToken Function Integer Overflow Vulnerability in HashShield's mintToken Function Integer Overflow Vulnerability in mintToken Function of CCASH Smart Contract Implementation Integer Overflow Vulnerability in ProvidenceCasinoToken's mintToken Function Integer Overflow Vulnerability in Mimicoin's mintToken Function Integer Overflow Vulnerability in NeuroToken's mintToken Function Open Redirect Vulnerability in FortiView Feature of Fortinet FortiManager and FortiAnalyzer Integer Overflow Vulnerability in Coquinho Coin (CQNC) Smart Contract's mintToken Function Integer Overflow Vulnerability in Bgamecoin's mintToken Function Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in mintToken Function of Trabet_Coin_PreICO Smart Contract Integer Overflow Vulnerability in Micro BTC (MBTC) Smart Contract Implementation Integer Overflow Vulnerability in MoneyTree (TREE) Smart Contract Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in JaxBox Smart Contract Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in mintToken Function of COSMOTokenERC20 Smart Contract Integer Overflow Vulnerability in mintToken Function of Trabet_Coin Smart Contract Integer Overflow Vulnerability in mintToken Function of rhovit Smart Contract Implementation Integer Overflow Vulnerability in UTCT Token Contract's mintToken Function Reflected XSS Vulnerability in Fortinet FortiSandbox before 3.0 Integer Overflow Vulnerability in KelvinToken's mintToken Function Integer Overflow Vulnerability in mintToken Function of YourCoin (ICO) Smart Contract (ETH033) Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in BMVCoin's mintToken Function Integer Overflow Vulnerability in UPayToken Smart Contract Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in mintToken Function of GATcoin Smart Contract Implementation Integer Overflow Vulnerability in Co2Bit Token Contract's mintToken Function Integer Overflow Vulnerability in RETNToken's mintToken Function Integer Overflow Vulnerability in mintToken Function of SDR Smart Contract Implementation Integer Overflow Vulnerability in MktCoin's mintToken Function Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in HitToken's mintToken Function Integer Overflow Vulnerability in kkTestCoin1 (KTC1) Smart Contract Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in GoramCoin's mintToken Function Integer Overflow Vulnerability in mintToken Function of PGM_Coin Smart Contract Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in TripPay Smart Contract Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in DataShieldCoin's mintToken Function Integer Overflow Vulnerability in YESToken's mintToken Function Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in mintToken Function of JuntsPerCreixer Smart Contract Integer Overflow Vulnerability in mintToken Function of AdvancedShit Smart Contract Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in GalaxyCoin's mintToken Function Integer Overflow Vulnerability in ForeverCoin's mintToken Function Integer Overflow Vulnerability in mintToken Function of ProvidenceCasino (PVE) Smart Contract Integer Overflow Vulnerability in TravelCoin (TRV) Smart Contract Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in My2Token's mintToken Function Integer Overflow Vulnerability in Shmoo Token's mintToken Function Integer Overflow Vulnerability in mintToken Function of yasudem Smart Contract Implementation Integer Overflow Vulnerability in CHERRYCOIN Smart Contract's mintToken Function Integer Overflow Vulnerability in Nectar (NCTR) Token Contract's mintToken Function Integer Overflow Vulnerability in DECToken's mintToken Function Integer Overflow Vulnerability in mintToken Function of Code47 (C47) Smart Contract Integer Overflow Vulnerability in MooAdvToken's mintToken Function Integer Overflow Vulnerability in SIPCOIN Smart Contract's mintToken Function Integer Overflow Vulnerability in KAPcoin's mintToken Function Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in RajTest Smart Contract's mintToken Function Integer Overflow Vulnerability in CardToken's mintToken Function Integer Overflow Vulnerability in CardFactory's mintToken Function Integer Overflow Vulnerability in BitStore's mintToken Function Integer Overflow Vulnerability in mintToken Function of TESTAhihi Smart Contract Integer Overflow Vulnerability in mintToken Function of testcoin Smart Contract Integer Overflow Vulnerability in mintToken Function of SendMe Smart Contract Implementation Integer Overflow Vulnerability in mintToken Function of ResidualValue Smart Contract Cleartext Transmission of Admin Password in Fortinet FortiManager Integer Overflow Vulnerability in AMToken's mintToken Function Integer Overflow Vulnerability in GalacticX Token Contract's mintToken Function Integer Overflow Vulnerability in MiningToken Smart Contract Implementation Integer Overflow Vulnerability in mintToken Function of Briant2Token Smart Contract Integer Overflow Vulnerability in mintToken Function of wellieat Smart Contract Integer Overflow Vulnerability in ExtremeToken's mintToken Function Integer Overflow Vulnerability in ARChain's mintToken Function Integer Overflow Vulnerability in ResidualShare's mintToken Function Archercoin Smart Contract: Integer Overflow Vulnerability in mintToken Function Integer Overflow Vulnerability in mintToken Function of CSAToken Smart Contract Cross-Site Scripting Vulnerability in IBM WebSphere Portal 8.5 and 9.0 Integer Overflow Vulnerability in mintToken Function of MedicayunLink Smart Contract Integer Overflow Vulnerability in CDcurrency's mintToken Function Integer Overflow Vulnerability in Robincoin's mintToken Function Integer Overflow Vulnerability in mintToken Function of CON0217 Ethereum Token Contract Integer Overflow Vulnerability in MAVCash's mintToken Function Integer Overflow Vulnerability in mintToken Function of MJCToken Smart Contract Integer Overflow Vulnerability in mintToken Function of IOCT_Coin Smart Contract Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in CAPTOZ Token Contract's mintToken Function Integer Overflow Vulnerability in mintToken Function of VICETOKEN_ICO_IS_A_SCAM Smart Contract Integer Overflow Vulnerability in MicoinToken's mintToken Function Privilege Escalation and Application Withdrawal Vulnerability in IBM Curam Social Program Management Integer Overflow Vulnerability in TripCash Smart Contract's mintToken Function Integer Overflow Vulnerability in SoundTribeToken's mintToken Function Integer Overflow Vulnerability in mintToken Function of ObjectToken (OBJ) Smart Contract Integer Overflow Vulnerability in mintToken Function of AirdropperCryptics Smart Contract Integer Overflow Vulnerability in mintToken Function of WXSLToken Smart Contract Integer Overflow Vulnerability in mintlvlToken Function of Krown Smart Contract Implementation Integer Overflow Vulnerability in SemainToken's mintToken Function Integer Overflow Vulnerability in MyOffer Token Contract's mintToken Function Integer Overflow Vulnerability in mintToken Function of MomentumToken Smart Contract Integer Overflow Vulnerability in mintToken Function of CrimsonShilling Smart Contract Allows Arbitrary Balance Manipulation Cross-Site Scripting (XSS) Vulnerability in IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through 6.0.5 Integer Overflow Vulnerability in DoccoinPreICO's mintToken Function Integer Overflow Vulnerability in doccoin's mintToken Function Integer Overflow Vulnerability in NEXPARA Token Contract's mintToken Function Integer Overflow Vulnerability in Martcoin's mintToken Function Integer Overflow Vulnerability in MediaCubeToken's mintToken Function Integer Overflow Vulnerability in HBCM Token Contract's mintToken Function Integer Overflow Vulnerability in TurdCoin's mintToken Function CikkaCoin Smart Contract: Integer Overflow Vulnerability in mintToken Function Integer Overflow Vulnerability in Bitpark's mintToken Function Integer Overflow Vulnerability in mintToken Function of VEU_TokenERC20 Contract XML External Entity Injection (XXE) Vulnerability in IBM Content Navigator 2.0 and 3.0 Integer Overflow Vulnerability in EthereumSmart's mintToken Function Integer Overflow Vulnerability in MVGcoin's mintToken Function Integer Overflow Vulnerability in SECoin's mintToken Function Integer Overflow Vulnerability in mintToken Function of GCRTokenERC20 Smart Contract Integer Overflow Vulnerability in RoyalClassicCoin's mintToken Function Integer Overflow Vulnerability in Fiocoin's mintToken Function Integer Overflow Vulnerability in Datiac Token Contract's mintToken Function Integer Overflow Vulnerability in TrueGoldCoinToken's mintToken Function Integer Overflow Vulnerability in mintToken Function of BGC Smart Contract Implementation Integer Overflow Vulnerability in Deploy Token's mintToken Function Integer Overflow Vulnerability in mintToken Function of BitmaxerToken Smart Contract Integer Overflow Vulnerability in mintToken Function of MicoinNetworkToken Smart Contract Integer Overflow Vulnerability in TheGoDigital's mintToken Function Integer Overflow Vulnerability in mintToken Function of ipshoots Smart Contract Integer Overflow Vulnerability in ESTSToken's mintToken Function Integer Overflow Vulnerability in GFC Token Contract's mintToken Function Integer Overflow Vulnerability in mintToken Function of Sample Token (STK) Contract Integer Overflow Vulnerability in Rice Token's mintToken Function Integer Overflow Vulnerability in TheGoDgital Smart Contract Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in mintToken Function of BrianCoin Smart Contract Implementation CSV Injection Vulnerability in IBM Content Navigator 2.0 and 3.0 Integer Overflow Vulnerability in BillionRewardsToken Smart Contract Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in mintToken Function of APP Smart Contract Implementation Integer Overflow Vulnerability in mintToken Function of WorldOpctionChain Smart Contract Integer Overflow Vulnerability in mintToken Function of BSCToken Smart Contract Implementation Integer Overflow Vulnerability in CWS Token Contract's mintToken Function Integer Overflow Vulnerability in BCaaS Token Contract's mintToken Function Integer Overflow Vulnerability in mintToken Function of EristicaICO Smart Contract Implementation Integer Overflow Vulnerability in mintToken Function of UTBTokenTest Smart Contract Integer Overflow Vulnerability in mintToken Function of BTPCoin Smart Contract Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in mintToken Function of NCU Smart Contract Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in mintToken Function of GFCB Ethereum Token Contract Integer Overflow Vulnerability in DinsteinCoin's mintToken Function Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in OBTCoin's mintToken Function Integer Overflow Vulnerability in GoldTokenERC20's mintToken Function Integer Overflow Vulnerability in mintToken Function of ComBillAdvancedToken Smart Contract Integer Overflow Vulnerability in YAMBYO Token Contract's mintToken Function Integer Overflow Vulnerability in OBP Token Contract's mintToken Function Integer Overflow Vulnerability in Goochain's mintToken Function Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in Lottery Token's mintToken Function Integer Overflow Vulnerability in ZPEcoin's mintToken Function Privilege Escalation Vulnerability in IBM Security Guardium Database Activity Monitor Integer Overflow Vulnerability in mintToken Function of LexitToken Smart Contract Integer Overflow Vulnerability in SOSCoin's mintToken Function Integer Overflow Vulnerability in mintToken Function of ViteMoneyCoin Smart Contract Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in exsulcoin's mintToken Function Integer Overflow Vulnerability in mintToken Function of ZIP Smart Contract Implementation Integer Overflow Vulnerability in VornoxCoinToken's mintToken Function Integer Overflow Vulnerability in ICOD Token Contract's mintToken Function Integer Overflow Vulnerability in mintToken Function of normikaivo Smart Contract Integer Overflow Vulnerability in MallToken's mintToken Function Integer Overflow Vulnerability in mintToken Function of CJXToken Smart Contract Sensitive Information Disclosure in IBM Security Guardium Big Data Intelligence (SonarG) 3.1 via URL Parameters Integer Overflow Vulnerability in Instacocoa's mintToken Function Integer Overflow Vulnerability in mintToken Function of RTokenMain Contract Integer Overflow Vulnerability in mintToken Function of MehdiTAZIToken Smart Contract Integer Overflow Vulnerability in GreenEnergyToken's mintToken Function Integer Overflow Vulnerability in GMile Token Contract's mintToken Function Integer Overflow Vulnerability in CTest7 Smart Contract's Mint Function Integer Overflow Vulnerability in RedTicket's mintToken Function Integer Overflow Vulnerability in RobotBTC Smart Contract's mintToken Function Integer Overflow Vulnerability in Play2LivePromo Smart Contract Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in mintToken Function of DestiNeed (DSN) Smart Contract Unintended Access to Security-Critical Resource in IBM Security Guardium Big Data Intelligence (SonarG) 3.1 Integer Overflow Vulnerability in IPMCoin's mintToken Function Integer Overflow Vulnerability in KissMe Token Contract's mintToken Function Integer Overflow Vulnerability in Essence Token's mintToken Function Integer Overflow Vulnerability in mintToken Function of CERB_Coin Smart Contract Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in mintToken Function of eddToken Smart Contract Integer Overflow Vulnerability in mintToken Function of PMHToken Smart Contract Integer Overflow Vulnerability in IdeaCoin's mintToken Function Integer Overflow Vulnerability in mintToken Function of YSS Smart Contract Implementation Integer Overflow Vulnerability in BuyToken Smart Contract Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in Tube Token's mintToken Function IBM WebSphere MQ Client SIGSEGV Vulnerability Integer Overflow Vulnerability in Mjolnir Token Contract's mintToken Function Integer Overflow Vulnerability in Databits Token Contract's mintToken Function Integer Overflow Vulnerability in PMET Token Contract's mintToken Function Integer Overflow Vulnerability in Tradesman Token's mintToken Function Integer Overflow Vulnerability in mintToken Function of CM Ethereum Token Contract Integer Overflow Vulnerability in mintToken Function of BpsToken Smart Contract Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in mintToken Function of sexhdsolo Smart Contract Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in mintToken Function of HormitechToken Smart Contract Integer Overflow Vulnerability in mintToken Function of FuturXe Smart Contract Integer Overflow Vulnerability in BiteduToken's mintToken Function Weak Password Policy in IBM Security Guardium Big Data Intelligence (SonarG) 3.1 Increases User Account Vulnerability Integer Overflow Vulnerability in Antoken's mintToken Function Integer Overflow Vulnerability in GoMineWorld Token Contract's mintToken Function Integer Overflow Vulnerability in HYIPToken Smart Contract Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in SERVVIZIOToken's mintToken Function Integer Overflow Vulnerability in HYIPCrowdsale1 Smart Contract Implementation Integer Overflow Vulnerability in GlobalSuperGameToken's mintToken Function Integer Overflow Vulnerability in ISeeVoiceToken's mintToken Function Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in Eastcoin's mintToken Function Integer Overflow Vulnerability in JixoCoin's mintToken Function Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in mintToken Function of JPMD100B Smart Contract Implementation Inadequate Account Lockout Setting in IBM Security Guardium Big Data Intelligence (SonarG) 3.1 Integer Overflow Vulnerability in HEY Token's mintToken Function Integer Overflow Vulnerability in TokenMACHU's mintToken Function Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in RiptideCoin (RIPT) Smart Contract Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in mintToken Function of ProjectJ Smart Contract Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in mintToken Function of AZTToken Smart Contract Integer Overflow Vulnerability in mintToken Function of EnterToken Smart Contract Integer Overflow Vulnerability in mintToken Function of ELearningCoinERC Smart Contract Implementation Integer Overflow Vulnerability in AnovaBace's mintToken Function Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in mintToken Function of PELOCoinToken Smart Contract Integer Overflow Vulnerability in dopnetwork's mintToken Function SIGSEGV vulnerability in IBM WebSphere MQ (Maintenance levels 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.8, 8.0.0.0 - 8.0.0.8, 9.0.0.0 - 9.0.0.2, and 9.0.0 - 9.0.4) client connecting to a Queue Manager Integer Overflow Vulnerability in OneChain's mintToken Function Integer Overflow Vulnerability in ABLGenesisToken's mintToken Function Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in mintToken Function of TKT Smart Contract Implementation Integer Overflow Vulnerability in SuperEnergy (SEC) Token Contract's mintToken Function Integer Overflow Vulnerability in mintToken Function of Crowdnext (CNX) Smart Contract Integer Overflow Vulnerability in mintToken Function of STCToken Smart Contract Implementation Integer Overflow Vulnerability in kBit Token Contract's mintToken Function Integer Overflow Vulnerability in VanMinhCoin's mintToken Function Integer Overflow Vulnerability in CarToken's mintToken Function Integer Overflow Vulnerability in FinalToken's mintToken Function Session Fixation/Hijacking Vulnerability in IBM Security Guardium Big Data Intelligence (SonarG) 3.1 Integer Overflow Vulnerability in mintToken Function of RichiumToken Smart Contract Integer Overflow Vulnerability in JustWallet's mintToken Function Integer Overflow Vulnerability in Thread Token Contract's mintToken Function Integer Overflow Vulnerability in mintToken Function of DeWeiSecurityServiceToken Smart Contract Integer Overflow Vulnerability in CryptosisToken's mintToken Function Integer Overflow Vulnerability in mintToken Function of OTAKUToken Smart Contract Integer Overflow Vulnerability in CherryCoinFoundation's mintToken Function Integer Overflow Vulnerability in Coinquer's mintToken Function LoliCoin Smart Contract: mintToken Function Integer Overflow Vulnerability Integer Overflow Vulnerability in mintToken Function of BIGCAdvancedToken Smart Contract Cross-Site Scripting (XSS) Vulnerability in IBM Security Guardium Big Data Intelligence (SonarG) 3.1 Integer Overflow Vulnerability in mintToken Function of MoneyChainNet (MCN) Smart Contract Integer Overflow Vulnerability in mintToken Function of NetkillerAdvancedTokenAirDrop Smart Contract Integer Overflow Vulnerability in Yumerium's mintToken Function Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in Ublasti Token Contract's mintToken Function Integer Overflow Vulnerability in BiquToken's mintToken Function Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in LandCoin's mintToken Function Elasticoin Smart Contract: mintToken Function Integer Overflow Vulnerability Integer Overflow Vulnerability in Cornerstone Token's mintToken Function Integer Overflow Vulnerability in ZToken's mintToken Function Integer Overflow Vulnerability in JeansToken's mintToken Function Vulnerability: User Credentials Stored in Plain Text in IBM Security Guardium Big Data Intelligence (SonarG) 3.1 Integer Overflow Vulnerability in UltimateCoin's mintToken Function Integer Overflow Vulnerability in mintToken Function of ExacoreContract Smart Contract Implementation Integer Overflow Vulnerability in TheFlashToken's mintToken Function Integer Overflow Vulnerability in NetkillerToken's mintToken Function Integer Overflow Vulnerability in Bitstarti's mintToken Function Integer Overflow Vulnerability in mintToken Function of RCKT_Coin Smart Contract Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in AppleToken's mintToken Function Integer Overflow Vulnerability in RRToken's mintToken Function Integer Overflow Vulnerability in mintToken Function of CGCToken Smart Contract Integer Overflow Vulnerability in mintToken Function of YLCToken Smart Contract Allows Arbitrary Balance Manipulation Integer Overflow Vulnerability in ESH Token Contract's mintToken Function Integer Overflow Vulnerability in MyYLC Token Contract's mintToken Function Integer Overflow Vulnerability in mintToken Function of EnterCoin Smart Contract Integer Overflow Vulnerability in JiucaiToken's mintToken Function Allows Arbitrary Balance Manipulation Cookie Encryption Vulnerability in PrestaShop Versions 1.6.1.20 and 1.7.x before 1.7.3.4 Integer Overflow and Divide-by-Zero Vulnerability in libpng 1.6.34 Misconfigured Descriptor Region in Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and A1 Products: Firmware Modification Vulnerability Unauthenticated File Retrieval Vulnerability in Descor Infocad FM Server Side Request Forgery (SSRF) Vulnerability in concrete5 8.2.0 File Manager URL Functionality Access Control Vulnerability in ABBYY FlexiCapture HTTP API SQL Injection Vulnerabilities in ABBYY FlexiCapture HTTP API Monitoring Feature Multiple Cross Site Request Forgery (CSRF) vulnerabilities in ABBYY FlexiCapture HTTP API Heap-Based Buffer Overflow in stbi__bmp_load_cont in catimg 2.4.0 Unbounded Recursion Vulnerability in Gravity before 0.5.1 Arbitrary Text Display Vulnerability in GNU Mailman Arbitrary Command Injection Vulnerability in macaddress Module for Node.js Denial-of-Service Vulnerability in SICAM A8000 Web Server Privilege Escalation Vulnerability in SIMATIC WinCC OA V3.14 and Prior User Impersonation and Sensitive Information Disclosure in IBM InfoSphere Master Data Management Collaboration Server Title: Cross-Site Request Forgery (CSRF) Vulnerability in SIMATIC S7-1200 CPU Family Version 4 Privilege Escalation Vulnerability in ROX II (All versions < V2.12.1) Authenticated Remote Code Execution Vulnerability in ROX II (All versions < V2.12.1) Authentication Bypass Vulnerability in SIMATIC IT LMS and Production Suite Denial-of-Service Vulnerability in SIMATIC ET 200SP Open Controller and SIMATIC S7-1500 Software Controller DLL Hijacking Vulnerability in SIEMENS TD Keypad Designer (All Versions) Denial-of-Service Vulnerability in SCALANCE X300, X408, and X414 Web Interface Vulnerability in CP 1604 and CP 1616 Allows for Data Extraction and DoS Attacks Cross-Site Scripting (XSS) Vulnerability in CP 1604 and CP 1616 Cross-Site Request Forgery (CSRF) Vulnerability in CP 1604 and CP 1616 Insufficient Computational Effort in Password Hashes in SIMATIC STEP 7 (TIA Portal) (All Versions < V15.1) Directory Traversal Vulnerability in SIMATIC HMI Panels and WinCC Software URL Redirection Vulnerability in SIMATIC HMI Devices Vulnerability: HTTP Header Injection in SIMATIC HMI Panels and WinCC Runtime Denial-of-Service Vulnerability in SIMATIC S7-1200 and S7-1500 Unauthenticated Access Vulnerability in TIM 1531 IRC (All version < V2.0) Server-Side Template Injection (SSTI) in Twig before 2.4.4 via search_key parameter Hardcoded Secret Key Vulnerability in CA Unified Infrastructure Management Cross-Site Scripting (XSS) Vulnerability in IBM API Connect 5.0.0.0 Hardcoded Passphrase Vulnerability in CA Unified Infrastructure Management Authentication Bypass Vulnerability in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7 Credential Storage Vulnerability in CA PPM Versions 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below XML External Entity (XXE) Vulnerability in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below: Remote Information Disclosure SQL Injection Vulnerability in CA PPM Versions 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below Reflected Cross-Site Scripting Vulnerability in CA PPM GridExcelExport Functionality XML External Entity (XXE) Vulnerability in CA PPM XOG Functionality Root Privilege Escalation Vulnerability in AIX Daemon (IBM X-force ID: 138117) Persistent Cross-Site Scripting (XSS) Vulnerabilities in All In One Favicon WordPress Plugin 4.6 Stack-based Buffer Overflow in cmft::rwReadFile Function in image.cpp Integer Overflow Vulnerability in Rocket Coin (XRC) Smart Contract Allows Unauthorized Balance Manipulation Cross-Site Scripting Vulnerability in IBM Business Process Manager 8.6 Memory Leak in HTSlib 1.8's bgzf_getline Function Memory Leak in fai_read in HTSlib 1.8 Buffer Over-read Vulnerability in HTSlib 1.8's sam_parse1 in sam.c Heap-based Buffer Over-read in Bento4 1.5.1-624: AP4_Mpeg2TsVideoSampleStream::WriteSample Vulnerability SEGV Vulnerability in Bento4 1.5.1-624: AP4_StcoAtom::AdjustChunkOffsets in Core/Ap4StcoAtom.cpp SEGV Vulnerability in Bento4 1.5.1-624: AP4_StszAtom::GetSampleSize in Core/Ap4StszAtom.cpp Cross-Site Scripting (XSS) Vulnerability in yTakkar Instagram-clone through 2018-04-23 SQL Injection Vulnerability in Firebase Cloud Messaging (FCM) + Advance Admin Panel Unauthorized Remote Reboot and Function Execution in MusicCenter / Trivum Multiroom Setup Tool V8.76 Authentication Bypass Vulnerability in MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional Improper Permissions in IBM Tivoli Workload Automation for AIX Leading to Local Privilege Escalation (IBM X-Force ID: 138208) Unauthorized Information Disclosure in MusicCenter / Trivum Multiroom Setup Tool V8.76 Unauthorized Remote Reboot and Function Execution in Touchpad / Trivum WebTouch Setup V9 V2.53 Authentication Bypass Vulnerability in Trivum WebTouch Setup V9 Regular Expression Denial of Service (ReDoS) in MongoDB bson JavaScript Module Directory Traversal Vulnerability in Play Framework 2.6.12-2.6.15 (Windows) XSS Vulnerability in idreamsoft iCMS 7.0.9 via callback parameter in uploadpic request Stack-based Buffer Over-read in HDF HDF5 1.8.20 Library Out of Bounds Read Vulnerability in HDF HDF5 1.8.20 Library Heap-Based Buffer Over-read in HDF HDF5 1.8.20 Library: H5O_fill_old_decode Vulnerability HDF HDF5 1.8.20 Library: memcpy Parameter Overlap Vulnerability in H5Olink.c Sensitive Personal Data Disclosure in IBM Application Performance Management for Monitoring & Diagnostics Heap-Based Buffer Over-read in HDF HDF5 1.8.20 Library: H5O_link_decode Vulnerability Heap-based Buffer Overflow in HDF HDF5 1.8.20 Library's H5FL_blk_malloc Function Heap-based Buffer Overflow in H5G_ent_decode Function of HDF HDF5 1.8.20 Library Buffer Over-read Vulnerability in HDF HDF5 1.8.20 Library Stack-based Buffer Overflow in HDF HDF5 1.8.20 Library's H5FD_sec2_read Function Out-of-Bounds Read Vulnerability in HDF HDF5 1.8.20 Library Stack-based Buffer Overflow in HDF HDF5 1.8.20 Library's H5FD_sec2_read Function Denial of Service Vulnerability in MegaCryptoPolis Smart Contract: Land Purchase Interference Unescaped Username Display Vulnerability in Rocket.Chat Reflected XSS Vulnerability in Rocket.Chat Registration Form GSKit V7 PKCS#1 Padding Side Channel Information Disclosure Vulnerability Memory Overread Vulnerability in Qualcomm Snapdragon Processors Unchecked OTA Field Vulnerability in Qualcomm Snapdragon Processors Integer overflow vulnerability in GNSS XTRA3 function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8909W, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX20, SM7150, SXR1130 Memory Corruption Vulnerability in RIL Daemon in Snapdragon Devices Heap Memory Access After Free Vulnerability Unauthorized Modification of Information in IBM API Connect 5.0.0.0 through 5.0.8.2 via Generated LoopBack APIs Out-of-Bound Mask Range Access Vulnerability in CAF Android Releases Unprivileged Access to Phone Vulnerability in Snapdragon Devices Vulnerability: Missing Lock at XBL_SEC Stage in Snapdragon Processors Information Exposure Vulnerability in dnsmasq on Snapdragon Devices Out-of-Bounds Write Vulnerability in PMIC in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016, SXR1130 Memory Corruption Vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SM7150 Cross-Site Scripting Vulnerability in IBM Financial Transaction Manager for Check Services for Multi-Platform 3.0, 3.0.2, and 3.0.2.1 Use-after-free vulnerability in IPA driver exposes route table's rule in Snapdragon devices Sensitive Information Disclosure Vulnerability in Android Manifest File Improper Array Index Validation Vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130 Race condition vulnerability in EPCO handling in Snapdragon platforms Vulnerability: Improper Input Validation in SCM Handler for Unauthorized Access in Snapdragon Devices Use after free vulnerability in KGSL syncsource cleanup in multiple Snapdragon platforms Timing Side Channel Vulnerability in HMAC Authentication in Snapdragon Processors Buffer Overflow Vulnerability in Key Operations on Snapdragon Platforms Truncated Access Authentication Token Vulnerability in Snapdragon Processors Vulnerability: Metadata Verification and Partial Hash System Calls Corruption in Snapdragon Platforms Denial of Service Vulnerability in IBM Financial Transaction Manager for ACH Services Out-of-Bounds Access Vulnerability in Snapdragon Processors: TZ Index Calculation Issue Out of Bounds Memory Read and Access Vulnerability in GNSS XTRA Parser Arbitrary Write Vulnerability in Snapdragon Processors Improper Array Index Validation Vulnerability in Snapdragon Processors Out of Bound Array Vulnerability in Multiple Snapdragon Platforms Out-of-bounds Memory Access Vulnerability in Qurt Kernel Function in Multiple Snapdragon Platforms Buffer Overflow Vulnerability in Qualcomm Snapdragon Processors Invalid Rule ID Use-After-Free Vulnerability in Snapdragon Devices Sensitive Information Disclosure Vulnerability in IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services Hrtimer Use-After-Free Vulnerability in Qualcomm Snapdragon Devices Buffer Length Check Vulnerability in Multiple Snapdragon Platforms Heap Use After Free Vulnerability in Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, IoT, Mobile, Wearables in Multiple Qualcomm Chipsets Invalid Signature Debug Policy Loading Vulnerability Command Injection Vulnerability in IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.6 Cross-Site Scripting Vulnerability in IBM Rational Products (X-Force ID: 138425) Cross-Site Scripting (XSS) Vulnerability in IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 Cross-Site Scripting (XSS) Vulnerability in IBM Rational Quality Manager Remote File Download Vulnerability in IBM Sterling File Gateway 2.2.0 - 2.2.6 Unauthenticated File Disclosure Vulnerability in Zeta Producer Desktop CMS Unauthenticated Remote Code Execution Vulnerability in Zeta Producer Desktop CMS Path Traversal Vulnerability in Smarty's isTrustedResourceDir() Method XSS Vulnerability in ImpressCMS 1.3.10 via PATH_INFO in Installation Pages Out of Bounds Read Vulnerability in Poppler 0.62: Memory Corruption and Denial of Service CSRF Vulnerability in Grundig Smart Inter@ctive TV 3.0 Devices via Predictable ID Value Cross-Site Scripting (XSS) Vulnerability in IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5 and 5.0 Brute-Force Vulnerability in PHOENIX CONTACT FL SWITCH WebUI Firmware Image Information Leakage Vulnerability in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx Versions 1.0 to 1.34 Plaintext Transmission of User Credentials in PHOENIX CONTACT FL SWITCH WebUI CSRF Vulnerability in PHOENIX CONTACT FL SWITCH WebUI Denial-of-Service Vulnerability in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx Versions 1.0 to 1.34 Stack-Based Buffer Over-Read Vulnerability in Genann Train Function SEGV Vulnerability in Genann's genann_run Function Stored XSS Vulnerability in ClipperCMS 1.3.3 via Full Name Field in Manager Users and Web Users XSS Vulnerability in Catfish CMS v4.7.9 via admin/Index/write.html editorValue Parameter Integer Overflow Vulnerability in SHARKTECH (SKT) Token Smart Contract Allows Unauthorized Balance Manipulation Integer Overflow Vulnerability in MP3 Coin Smart Contract Allows Unauthorized Balance Manipulation Integer Overflow Vulnerability in WeMediaChain's batchTransfer Function Integer Overflow Vulnerability in GlobeCoin (GLB) Token Smart Contract Allows Unauthorized Balance Manipulation Integer Overflow Vulnerability in Malaysia Coins (Xmc) Smart Contract's transferAny Function Integer Overflow Vulnerability in Neo Genesis Token (NGT) Smart Contract Allows Unauthorized Balance Manipulation Directory Traversal Vulnerability in Citrix XenServer 7.1 and Newer 802.1x Authentication Mishandling Vulnerability in Arista EOS through 4.21.0F Codiad Remote Code Execution Vulnerability Cross-Site Scripting (XSS) Vulnerability in IBM WebSphere Portal 8.0, 8.5, and 9.0 OS Command Injection in Xiaomi R3P, R3C, R3, and R3D Wi-Fi Settings SQL Injection Vulnerability in WolfSight CMS 3.2 via PATH_INFO XSS Vulnerability in Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 CSRF Vulnerability in waimai Super Cms 20150505 Allows Unauthorized Admin Account Addition Denial of Service Vulnerability in radare2 2.7.0 via Crafted ELF File Heap-based Buffer Over-read Vulnerability in radare2 2.7.0 Denial of Service Vulnerability in radare2 2.7.0 Bypassing Delivery-Address Change Detection in Paymorrow Module for OXID eShop Information Leakage in Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 Cross-Site Scripting (XSS) Vulnerability in Digisol Wireless Wifi Home Router HR-3300 Unverified Plugin Upload Vulnerability in WordPress 4.9.7 CSRF Vulnerability in Creatiwity wityCMS 0.6.2 Allows Account Takeover via Email Field Modification Cross-Site Scripting (XSS) Vulnerability in IBM Rational Quality Manager (RQM) 5.0 - 6.0.6 Heap-Based Buffer Over-read in HDF HDF5 1.8.20 Library's H5T_copy Function Heap-based Buffer Over-read in HDF HDF5 1.8.20 Library Out of Bounds Read Vulnerability in HDF HDF5 1.8.20 Library Heap-based Buffer Over-read in HDF HDF5 1.8.20 Library Insufficient Path Check in AccountsService Allows Directory Traversal Progress Kendo UI Editor v2018.1.221 Cross-Site Scripting (XSS) Vulnerability Cross-Site Scripting (XSS) Vulnerability in IBM Rational Quality Manager (RQM) 5.0 - 6.0.6 XSS Vulnerability in Bootstrap Collapse Data-Parent Attribute XSS Vulnerability in Bootstrap Scrollspy's data-target Property XSS Vulnerability in Bootstrap Tooltip's data-container Property Incorrect File Access Control in mstdlib 1.2.0 during Copy Operation Denial of Service Vulnerability in RateTransposer::setChannels Function Denial of Service Vulnerability in FIRFilter::evaluateFilterMulti Function Heap-Based Buffer Over-Read Vulnerability in Exiv2 0.26's WebPImage::decodeChunks SEGV Vulnerability in PNGwriter 0.7.0's readfromfile Function SEGV Vulnerability in libpng 1.6.34: png_free_data in png.c SEGV Vulnerability in libwav's print_info function Cross-Site Scripting (XSS) Vulnerability in IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 SEGV Vulnerability in libwav's wav_free Function Infinite Loop Vulnerability in wav_read function of libwav.c SEGV Vulnerability in libwav's apply_gain Function Double Free Vulnerability in MP4v2 Library Privilege Escalation and Configuration Injection Vulnerability in ZNC Path Traversal Vulnerability in ZNC Web Skins Cross-Site Request Forgery (CSRF) Vulnerability in Pimcore before 5.3.0 SQL Injection Vulnerability in Pimcore REST API Multiple Cross-Site Scripting (XSS) Vulnerabilities in Pimcore OS Command Injection in Xiaomi R3D AP Mode Settings COSPAS-SARSAT Protocol Vulnerability: Message Forgery, Replay Attacks, DoS, and Unauthorized Private Messaging Integer Overflow Vulnerability in Tracto (TRCT) Smart Contract's increaseApproval Function Directory Traversal Vulnerability in uc-http Service 1.0.0 on VelotiSmart WiFi B-380 Camera Devices XML External Entity (XXE) Vulnerability in PHPOffice Common before 0.2.9 SQL Injection Vulnerability in content://wappush Content Provider in com.android.provider.telephony Unauthenticated Remote Command Execution in Green Packet WiMax DV-360 2.10.14-g1.0.6.1 Devices via Command Injection CSRF Vulnerability Allows Unauthorized Addition of Admin Account in SRCMS V2.3.1 CSRF Vulnerability in SRCMS V2.3.1 Allows Unauthorized User Account Addition Cross-Site Scripting (XSS) Vulnerability in IBM Rational Team Concert 5.0 - 6.0.5 Insufficient Sanitization in Geo Mashup Plugin for WordPress Memory Leak Vulnerabilities in libsixel 1.8.1 Memory Leak in sixel_allocator_new in allocator.c Unauthorized Remote Backup of Device Configuration in Wi2be SMART HP WMT R1.2.20_201400922 Unauthenticated Remote Password Reset Vulnerability in Wi2be SMART HP WMT R1.2.20_201400922 Unauthenticated Remote Information Disclosure in Wi2be SMART HP WMT R1.2.20_201400922 Cross-Site Scripting (XSS) Vulnerability in IBM Rational Team Concert 5.0 - 6.0.5 Authentication Bypass Vulnerability in D-Link DIR-809 Devices Clear-text Storage of Device Passwords in D-Link DIR-809 and Guest Zone Devices Cross-site Scripting (XSS) Vulnerability in PHP Scripts Mall JOB SITE (aka Job Portal) 3.0.1 via Search Bar Remote Information Disclosure in LICA miniCMTS E8K Devices via Direct POST Request Integer Overflow Vulnerability in MKCB Smart Contract Vulnerability: Unauthorized Modification of SweeperList in UserWallet Contract Integer Overflow Vulnerability in SingaporeCoinOrigin (SCO) Smart Contract Integer Overflow Vulnerability in EUC Smart Contract Implementation Integer Overflow Vulnerability in STeX White List (STE(WL)) Smart Contract Arbitrary Transfer Vulnerability in Virgo_ZodiacToken Smart Contract Local Command Execution Vulnerability in IBM Notes Diagnostics Local Command Execution Vulnerability in IBM Notes Diagnostics Local Command Execution Vulnerability in IBM Notes Diagnostics Cross-Site Scripting (XSS) Vulnerability in IBM Cognos Analytics 11.0 SQL Injection Vulnerability in IBM Maximo Asset Management 7.5 and 7.6 Cross-Site Scripting (XSS) Vulnerability in IBM Maximo Asset Management 7.6 Cross-Site Scripting (XSS) Vulnerability in IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 Privilege Escalation Vulnerability in J9 JVM (IBM SDK, Java Technology Edition 7.1 and 8.0) Authentication Bypass Vulnerability in IBM Security QRadar SIEM 7.2 and 7.3 Denial of Service Vulnerability in IBM WebSphere MQ PAM Authentication IBM WebSphere Portal Combined Cumulative Fix (CF) Installation Security Miss-configuration Vulnerability XML External Entity Injection (XXE) Vulnerability in IBM WebSphere DataPower Appliances Cross-Site Scripting (XSS) Vulnerability in IBM Jazz Foundation Products Information Disclosure Vulnerability in IBM Jazz Foundation Products XML External Entity Injection (XXE) Vulnerability in IBM Marketing Platform 9.1.0, 9.1.2, and 10.1 Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.1049 (ZDI-CAN-6004) Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.1049 Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.1049 (ZDI-CAN-6006) Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.1049 (ZDI-CAN-6007) Remote Code Execution Vulnerability in Foxit Reader 9.0.1.1049 Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.1049 (ZDI-CAN-6009) Arbitrary Code Execution via Type Confusion in Foxit Reader 9.0.1.1049 Arbitrary Code Execution via Type Confusion in Foxit Reader 9.0.1.1049 Arbitrary Code Execution via Type Confusion in Foxit Reader 9.0.1.1049 Weak Cryptographic Algorithms in IBM Security Guardium Big Data Intelligence (SonarG) 3.1: A Potential Decryption Vulnerability Remote Code Execution Vulnerability in Foxit Reader 9.0.1.1049 (ZDI-CAN-6013) Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.1049 Remote Code Execution Vulnerability in Foxit Reader 9.0.1.1049 via getField Method Remote Code Execution Vulnerability in Foxit Reader 9.0.1.1049 (ZDI-CAN-6016) Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.1049 (ZDI-CAN-6017) Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.1049 (ZDI-CAN-6018) Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.1049 (ZDI-CAN-6019) Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.1049 (ZDI-CAN-6020) Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.1049 (ZDI-CAN-6021) Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.1049 (ZDI-CAN-6022) PRNG State Duplication in IBM GSKit: Risk of Duplicate Session IDs and Key Material Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.1049 (ZDI-CAN-6023) Remote Code Execution Vulnerability in Foxit Reader 9.0.1.1049 (ZDI-CAN-6024) Remote Code Execution Vulnerability in Foxit Reader 9.0.1.1049 via getURL Method Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.1049 (ZDI-CAN-6026) Arbitrary Code Execution via Type Confusion in Foxit Reader 9.0.1.1049 (ZDI-CAN-6027) Arbitrary Code Execution via Type Confusion in Foxit Reader 9.0.1.1049 Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.1049 Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.1049 (ZDI-CAN-6030) Remote Code Execution Vulnerability in Foxit Reader 9.0.1.1049 (ZDI-CAN-6031) Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.1049 GSKit Environment Variable Overflow Vulnerability Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.1049 Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.1049 (ZDI-CAN-6034) Remote Code Execution Vulnerability in Foxit Reader 9.0.1.1049 (ZDI-CAN-6035) Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.1049 (ZDI-CAN-6036) Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.1049 Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.1049 (ZDI-CAN-6038) Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.1049 (ZDI-CAN-6039) Remote Code Execution Vulnerability in Foxit Reader 9.0.1.1049 (ZDI-CAN-6059) Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.1049 (ZDI-CAN-6058) Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.1049 (ZDI-CAN-6060) Weak Cryptographic Algorithms in IBM GSKit (IBM DB2) - Vulnerability in Data Encryption Arbitrary Code Execution via Foxit Reader 9.0.1.1049's exportAsFDF XFA Function Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.1049 (ZDI-CAN-5757) Remote Code Execution Vulnerability in Foxit Reader 9.0.1.1049 via FlateDecode Streams (ZDI-CAN-5763) Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.1049 (ZDI-CAN-5771) Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.1049 (ZDI-CAN-5773) Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.1049 (ZDI-CAN-5774) Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.1049 (ZDI-CAN-5770) Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.1049 (ZDI-CAN-5641) Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.1049 (ZDI-CAN-5642) Remote Code Execution Vulnerability in Foxit Reader 9.0.1.5096 Cross-Site Scripting (XSS) Vulnerability in IBM MQ Appliance 9.0.1-9.0.4 Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.5096 Remote Code Execution Vulnerability in Foxit Reader 9.0.1.5096 (ZDI-CAN-6231) Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.5096 (ZDI-CAN-6232) Arbitrary Code Execution Vulnerability in Foxit Reader 9.1.0.5096 (ZDI-CAN-6233) Arbitrary Code Execution via FileAttachment Annotations in Foxit Reader 9.0.1.5096 Integer Overflow in Foxit PhantomPDF Allows Remote Code Execution Remote Code Execution Vulnerability in Foxit Reader 9.0.1.5096 via Circle Annotation Processing Arbitrary Code Execution via FreeText Annotations in Foxit Reader 9.0.1.5096 Remote Code Execution Vulnerability in Foxit Reader 9.0.1.5096 via Manipulated Ink Annotations Arbitrary Code Execution via Line Annotation Processing in Foxit Reader 9.0.1.5096 Cross-Site Scripting (XSS) Vulnerability in IBM API Connect 5.0.0.0 through 5.0.8.2 Arbitrary Code Execution via Reused Pointer in Foxit Reader 9.0.1.5096 Arbitrary Code Execution via Sound Annotation Processing in Foxit Reader 9.0.1.5096 Arbitrary Code Execution via Square Annotation Processing in Foxit Reader 9.0.1.5096 Arbitrary Code Execution via StrikeOut Annotation Processing in Foxit Reader 9.0.1.5096 Arbitrary Code Execution via Text Annotation Processing in Foxit Reader 9.0.1.5096 Arbitrary Code Execution via PolyLine Annotation Processing in Foxit Reader 9.0.1.5096 Remote Code Execution Vulnerability in Foxit Reader 9.0.1.5096 Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.5096 (ZDI-CAN-6267) Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.5096 (ZDI-CAN-6326) Arbitrary Code Execution Vulnerability in Foxit Reader 9.1.0.5096 GSKit Vulnerability in IBM Spectrum Scale: Local Attackers Can Gain Control and Modify Files Arbitrary Code Execution Vulnerability in Foxit Reader 9.1.0.5096 (ZDI-CAN-6330) Arbitrary Code Execution via XFA Events in Foxit Reader (ZDI-CAN-6331) Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.5096 (ZDI-CAN-6332) Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.5096 Arbitrary Code Execution via Annotation Handling in Foxit Reader 9.0.1.5096 Arbitrary Code Execution via Annotation Handling in Foxit Reader 9.0.1.5096 Remote Code Execution Vulnerability in Foxit Reader 9.0.1.5096 (ZDI-CAN-6351) Arbitrary Code Execution Vulnerability in Foxit Reader 9.1.0.5096 (ZDI-CAN-6683) Remote Code Execution Vulnerability in Samsung Galaxy S8 G950FXXU1AQL5 Cross-Frame Scripting Vulnerability in IBM InfoSphere Information Server Remote Code Execution Vulnerability in PoDoFo (ZDI-CAN-5673) Default Admin Password Vulnerability in Oracle GlassFish Open Source Edition 5.0 Integer Underflow Vulnerability in MP4v2 2.0.0 Integer Overflow Vulnerability in MP4v2 2.0.0: Memory Corruption in MP4Array Resizing for ftyp Atom Weak Permissions on Alcatel OSPREY3_MINI Modem Installer Allows Privilege Escalation Remote Information Disclosure Vulnerability in Brynamics Online Trade - Online trading and cryptocurrency investment system Race Condition Vulnerability in HTSlib 1.8 Allows Arbitrary File Overwrite via Symlink Attack Unauthenticated File Read Vulnerability in IBM Storage Products CSRF Vulnerability in XiaoCms X1 v20140305 Allows Unauthorized Password Change User Mode Write Access Violation in Clementine Music Player 1.3.1 TeamViewer Unicode Password Storage Vulnerability Arbitrary File Upload Vulnerability in joyplus-cms 1.6.0 Insecure Handling of Permissions in H2 1.4.197 Backup Function Allows Unauthorized File Access Denial of Service Vulnerability in TP-Link WR840N Devices via Random MAC Address Packets Signed Integer Overflow in CHECK Macro in mruby 1.4.1 Potential Buffer Overflow Vulnerability in Exiv2 0.26's geotag.cpp Infinite Loop Vulnerability in Wireshark MMSE Dissector Cross-Site Request Forgery Vulnerability in IBM Storage Products Zlib Decompression Vulnerability in Wireshark DICOM Dissector Offset Overflow Vulnerability BGP Protocol Dissector Loop Vulnerability ASN.1 BER Dissector Crash Vulnerability in Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15 Buffer Over-read Vulnerability in Wireshark ISMP Dissector Vulnerability: Unauthorized Access to Graphical Sessions in SDDM Stack-based Buffer Overflow in GNU Libextractor's ec_read_file_func (unzip.c) Infinite Loop Vulnerability in GNU Libextractor's EXTRACTOR_mpeg_extract_method Insecure File Permissions in libcgroup 0.41: Information Disclosure Vulnerability Improper Handling of NO Response in Mutt and NeoMutt DLL Hijacking Vulnerability in IBM Notes 8.5 and 9.0 Stack-based Buffer Overflow in Mutt and NeoMutt's imap/message.c IMAP Status Mailbox Literal Count Size Mishandling Vulnerability Stack-based Buffer Overflow in Mutt and NeoMutt's imap_quote_string Function Integer Underflow in imap_quote_string Function Arbitrary Command Execution via Backquote Characters in Mutt and NeoMutt Directory Traversal Vulnerability in Mutt and NeoMutt Zero-length UID Mishandling Vulnerability Arbitrary Command Execution via Backquote Characters in Mutt and NeoMutt Stack-based Buffer Overflow in Mutt and NeoMutt with Long RFC822.SIZE Field in FETCH Response Buffer Overflow via Base64 Data Stack-based Buffer Overflow in nntp_add_group in NeoMutt Memory Allocation Failure in NeoMutt's nntp.c Vulnerability: Unsafe Character Interaction in Mutt and NeoMutt Improper Restriction of '/' Characters in NeoMutt's newsrc.c Directory Traversal and Remote Code Execution in GitLab Projects Import Component Open Redirect Vulnerability in Pulse Secure Pulse Connect Secure and Pulse Policy Secure CoAP Protocol Dissector Null Pointer Dereference Vulnerability Infinite Loop Vulnerability in Wireshark Bazaar Protocol Dissector HTTP2 Dissector Crash Vulnerability in Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15 Arbitrary Code Execution Vulnerability in IBM Notes 8.5 and 9.0 IEEE 802.11 Protocol Dissector Buffer Over-read Vulnerability Directory Traversal Vulnerability in Eclipse Mojarra's getLocalePrefix Function Type Confusion Vulnerability in MP4Atom::factory in MP4v2 2.0.0 Arbitrary File Read Vulnerability in IBM Storage Products XSS Vulnerability in Graylog Typeahead Components Open Redirect Vulnerability in Pagekit before 1.0.14 XSS Vulnerability in InstantCMS 2.10.1's /redirect?url= Parameter Weak XML Parser Configuration in Transition Technologies The Scheduler App 5.1.3 for Jira Allows XXE Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in SEO Panel 3.13.0 and Earlier Session Fixation Vulnerability in WonderCMS XSS Vulnerability in joyplus-cms 1.6.0 via manager/admin_ajax.php can_search_device parameter SQL Injection Vulnerability in joyplus-cms 1.6.0 via manager/admin_ajax.php val parameter Cross-Site Scripting (XSS) Vulnerability in IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 XSS Vulnerability in MyBB New Threads Plugin 1.2 Denial of Service Vulnerability in FFmpeg's libavformat/movenc.c Denial of Service Vulnerability in FFmpeg MOV Audio Format Conversion Multiple Stored Cross-Site Scripting Vulnerabilities in Creme CRM 1.6.12 Multiple Stored Cross-Site Scripting Vulnerabilities in Creme CRM 1.6.12 Organization Creation Page Creme CRM 1.6.12 - HTTP Referer Header Spoofing Vulnerability Arbitrary PHP Code Execution via Image Upload in PHPCMS 9.6.0 Cross-Site Scripting (XSS) Vulnerability in IBM Rational Quality Manager (RQM) 5.0 - 6.0.6 Out-of-Bounds Read Vulnerability in AXML Parser's CopyData Function Out-of-Bounds Write Vulnerability in axmldec 1.2.0 Type Confusion and Out-of-Bounds Memory Access Vulnerability in MP4v2 2.0.0 NULL Pointer Dereference Vulnerability in libxml2's xpath.c:xmlXPathCompOpEval() Function Cross-Site Scripting (XSS) Vulnerability in IBM Application Performance Management - Response Time Monitoring Agent Cross-Site Scripting (XSS) Vulnerability in idreamsoft iCMS 7.0.10 Command Injection Vulnerability in SoftNAS Cloud Web Administration Console SQL Injection Vulnerability in Msvod Cms v10 via images/lists?cid= URI XSS Vulnerability in MetInfo 6.0.0 via Modified Navigation Bar Name Cross-Site Request Forgery Vulnerability in IBM Application Performance Management - Response Time Monitoring Agent (IBM Monitoring 8.1.4) CSRF Vulnerability in MetInfo 6.0.0 Allows Unauthorized User Account Addition Remote Code Execution in SeaCMS v6.61 via Movie Picture Address (v_pic) XSS Vulnerability in SansCMS 0.7 via q Parameter in blog/index.php Division-by-zero vulnerabilities in pi_next_pcrl, pi_next_cprl, and pi_next_rpcl functions in OpenJPEG through 2.3.0: Remote Denial of Service Use-after-free vulnerability in GDM daemon allows for denial of service or potential code execution Persistent XSS Vulnerability in Synacor Zimbra Collaboration Suite (ZCS) Zimbra Web Client (ZWC) 8.8.8 and 8.8.9 Local File Inclusion Vulnerability in man-cgi before 1.16 XML Parsing Vulnerability in IBM SAML-based Single Sign-On Systems Cross-Site Scripting (XSS) Vulnerability in Mondula Multi Step Form Plugin for WordPress OpenStack Keystone Federation Component Access Restriction Bypass Vulnerability Memory Leak in ImageMagick 7.0.8-4: WriteMPCImage Colormap Vulnerability Memory Leak in DecodeImage in ImageMagick 7.0.8-4's pcd.c Memory Leak in ReadMIFFImage in ImageMagick 7.0.8-4 Memory Leak in parse8BIM in ImageMagick 7.0.8-4 Arbitrary Access Control Modification in Wireshark through 2.6.2 Floating-Point Mishandling in espritblock eos4j SDK Allows Unauthorized Currency Transfers Cross-Site Scripting Vulnerability in IBM WebSphere Portal 8.5 and 9.0 SQL Injection Vulnerability in cckevincyh SSH CompanyWebsite Arbitrary File Upload Vulnerability in cckevincyh SSH CompanyWebsite Use-After-Free Remote Code Execution Vulnerability in Foxit Reader and PhantomPDF (V-88f4smlocs) Remote Denial of Service Vulnerability in GNU LibreDWG 0.5.1036 Integer Overflow in dwgCompressor::decompress18 in libdxfrw 0.6.3 Denial of Service Vulnerability in Bento4 v1.5.1-624: Infinite Loop in AP4_File::ParseStream Heap-based Buffer Overflow in MP4v2 2.1.0: MP4Integer32Property::Read Vulnerability Out-of-Bounds Read Vulnerability in trim_whitespace function in libConfuse v3.2.1 NULL Pointer Dereference in Codec::parse in Untrunc Out-of-Bounds Read Vulnerability in libgig 4.1.0 Cross-Site Scripting (XSS) Vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1, 8.5, and 9.0 Out-of-Bounds Read Vulnerability in libgig 4.1.0 Heap-based Buffer Overflow in libgig's RIFF::Chunk::Read Function Out-of-Bounds Read Vulnerability in libgig 4.1.0 Heap-based Buffer Overflow in store16 function in libgig 4.1.0 Out-of-Bounds Read Vulnerability in libgig 4.1.0 Out-of-Bounds Write Vulnerability in libgig 4.1.0 Out-of-Bounds Write Vulnerability in libgig 4.1.0 Out-of-Bounds Write Vulnerability in libgig 4.1.0 Heap-based Buffer Overflow in store32 Function in libgig 4.1.0 Out-of-Bounds Write Vulnerability in libgig 4.1.0 Heap-Based Buffer Over-read in HDF HDF5 1.8.20 Library Buffer Over-read Vulnerability in LDP Parser of tcpdump Buffer Over-read Vulnerability in tcpdump's ICMP Parser Buffer Over-read Vulnerability in VRRP Parser of tcpdump Buffer Over-read Vulnerability in LMP Parser of tcpdump Buffer Over-read Vulnerability in RSVP Parser of tcpdump Buffer Over-read Vulnerability in Rx Parser of tcpdump Buffer Over-read Vulnerability in tcpdump's BGP Parser Buffer Over-read Vulnerability in FRF.16 Parser of tcpdump Buffer Over-read Vulnerability in tcpdump's IKEv1 Parser Weak Password Protection in GSKit (IBM Spectrum Protect and IBM Spectrum Protect Snapshot) CMS KDB Logic Buffer Over-read Vulnerability in Babel Parser of tcpdump NULL Pointer Dereference and SEGV Vulnerability in GNU LibreDWG 0.5.1048 SQL Injection in WUZHI CMS 4.1.0 via coreframe/app/order/admin/goods.php XML External Entity (XXE) Injection Vulnerability in OCS Inventory 2.4.1 Open Redirection Vulnerability in Orange Forum 1.4.0 via next Parameter in views/auth.go XSS Vulnerability in GeniXCMS 1.1.5 Installation Step 1 Cross-Site Scripting (XSS) Vulnerability in ecard.php of Coppermine Photo Gallery (CPG) 1.5.46 Arbitrary File Overwrite Vulnerability in IBM DB2 for Linux, UNIX and Windows XSS Vulnerability in Osclass 3.7.4 via index.php Query String Vulnerability: XXE Attacks in BlogEngine.NET 3.3 via metaweblog.axd POST Body Cross-Site Scripting (XSS) Vulnerability in DNN (formerly DotNetNuke) 9.1.1 via XML Local File Overwrite Vulnerability in IBM DB2 for Linux, UNIX and Windows Stack-based Buffer Overflow in Tenda AC7, AC9, and AC10 Devices via long limitSpeed or limitSpeedup Parameter Arbitrary Code Injection through Cross-Site Scripting (XSS) in Open-Audit Community 2.2.6 Groups Page Historical Remote Command Injection Vulnerability in Vivotek FD8136 Devices Vulnerability: Remote Command Injection in Vivotek FD8136 Devices Stack-based Buffer Overflow in Vivotek FD8136 Devices Allows Remote Code Execution XSS Vulnerability in Tenda D152 ADSL Routers via Crafted SSID Heap-based Buffer Over-read and Application Crash in get_8bit_row in libjpeg-turbo and MozJPEG XSS Vulnerability in HYBBS via Article Title Arbitrary File Overwrite Vulnerability in IBM DB2 for Linux, UNIX and Windows XSS Vulnerability in joyplus-cms 1.6.0 via manager/collect/collect_vod_zhuiju.php Keyword Parameter SQL Injection Vulnerability in manager/admin_ajax.php in joyplus-cms 1.6.0 Arbitrary SQL Command Execution in Kiboko Chained Quiz Plugin for WordPress Arbitrary Web Script Injection Vulnerability in Coremail XT 3.0 Cross-Site Scripting (XSS) Vulnerability in MantisBT 2.x through 2.15.0 DNS Rebinding Vulnerability in mitmproxy v4.0.3 Local File Overwrite Vulnerability in IBM DB2 for Linux, UNIX and Windows Persistent XSS Vulnerability in WUZHI CMS 4.1.0 via form[nickname] Parameter Persistent XSS Vulnerability in WUZHI CMS 4.1.0 via form[content] Parameter SSRF Vulnerability in idreamsoft iCMS V7.0.9 Allows Unauthorized File Access and Intranet Exposure SQL Injection Vulnerability in WUZHI CMS 4.1.0 via index.php?m=promote&f=index&v=search keywords Parameter XSS Vulnerabilities in SeaCMS 6.61 Admin Config Form Fields CSRF Vulnerability in Kirby 2.5.12 Delete Page Functionality Local File Overwrite Vulnerability in IBM DB2 for Linux, UNIX and Windows HTTP Request Injection Vulnerability in Kirby 2.5.12 SEGV Signal Vulnerability in Aubio 0.4.6 SEGV Signal Vulnerability in aubio_pitch_set_unit Buffer Over-read Vulnerability in aubio 0.4.6 Double Free Vulnerability in GNU LibreDWG EAPOL-Key Message Decryption Oracle Vulnerability Insufficient XSS Protection in Feedback.asp of Xiao5uCompany 1.7 Default Admin Password Vulnerability in Invoxia NVX220 Devices Invoxia NVX220 Devices: Restricted CLI Escape Vulnerability Exposes Password Hashes File Upload Vulnerability in IBM Security Identity Manager Virtual Appliance 7.0 Heap Buffer Overflow Vulnerability in Bento4 1.5.1-624 Heap-based Buffer Over-read in Bento4 1.5.1-624 Privilege Escalation Vulnerability in Inteno IOPSYS via Symlink Manipulation Failure to Enable HTTP Strict Transport Security in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 Reflected and Stored XSS Vulnerabilities in PHP Scripts Mall Basic B2B Script 2.0.0 NULL Pointer Dereference Vulnerability in AP4_JsonInspector::AddField in Bento4 1.5.1-624 Invalid Memory Read Vulnerability in AP4_SampleDescription::GetFormat() in Bento4 1.5.1-624 Invalid Memory Read Vulnerability in AP4_SampleDescription::GetType() in Bento4 1.5.1-624 SEGV Vulnerability in libwav's wav_write Function Cross-Site Request Forgery Vulnerability in IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 Stack-based Buffer Overflow in Third-Party PNM Decoding in libpng 1.6.35 Uninitialized Variable in ReadMATImageV4 Function Leads to Memory Corruption NULL Pointer Dereference in gdImageClone Function in libgd Buffer Overflow Vulnerability in Tenda AC7, AC9, and AC10 Routers Command Injection Vulnerability in Tenda AC7, AC9, and AC10 Devices Buffer Overflow Vulnerability in Tenda AC7, AC9, and AC10 Routers' Web Server XML External Entity Injection (XXE) Vulnerability in IBM Rhapsody DM 5.0 through 5.0.2 and 6.0 through 6.0.5 NULL Pointer Dereference in BasicModel Class Memory Corruption Vulnerability in THULAC Library SEGV Vulnerability in NGramFeature::find_bases in libthulac.so Heap-based Buffer Over-read in NGramFeature::find_bases Denial of Service Vulnerability in libxml2 2.9.8 with --with-lzma TCP Stream Inspection Bypass Vulnerability in Suricata IBM Rational DOORS 9.5.1 through 9.6.1.10 Privilege Escalation Vulnerability Arbitrary Code Execution via File Upload Vulnerability in Niushop B2B2C Multi-business Basic Version V1.11 Arbitrary Code Execution Vulnerability in conference-scheduler-cli via Crafted .pickle File TightRope Media Carousel Digital Signage LFI Vulnerability (CSL-1683) Open Redirect Vulnerability in Django Middleware Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) Vulnerabilities in Trash Bin Plugin 1.1.3 for MyBB Integer Overflow Vulnerability in mintTokens Function of SunContract Smart Contract Implementation Arbitrary PHP Code Execution and Sensitive Information Disclosure in GolemCMS Local Privilege Escalation and DLL Hijacking Vulnerability in IBM DB2 Arbitrary Code Execution via Decompilation of .NET Objects CSRF Vulnerability in BageCMS V3.1.3 Allows Unauthorized Addition of Background Administrator Account CSRF Vulnerability in XYHCMS 3.5 Allows Unauthorized Addition of Background Administrator Account Heap-based Buffer Over-read in Bento4 1.5.1-624: AP4_AvccAtom::Create Heap-based Buffer Over-read in Bento4 1.5.1-624 SEGV Vulnerability in Bento4 1.5.1-624: AP4_Mpeg2TsAudioSampleStream::WriteSample Buffer Over-read Vulnerability in Bento4 1.5.1-624 NULL Pointer Dereference in Bento4 1.5.1-624: AP4_DataBuffer::SetData Vulnerability Heap-Based Buffer Over-Read in Bento4 1.5.1-624: AP4_Mp4AudioDsiParser::ReadBits Vulnerability Stack Based Buffer Overflow in IBM DB2 for Linux, UNIX and Windows SEGV Vulnerability in Bento4 1.5.1-624: AP4_Processor::ProcessFragments in Core/Ap4Processor.cpp SQL Injection Vulnerability in CWJoomla CW Article Attachments PRO and CW Article Attachments FREE Extensions for Joomla! Privilege Escalation Vulnerability in Open Ticket Request System (OTRS) Denial of Service Vulnerability in Wancms 1.0 through 5.0 Information Disclosure Vulnerability in CA Technologies Identity Governance and CA Identity Suite Virtual Appliance Buffer Overflow Vulnerability in XListExtensions in libX11 Off-by-one Error in XListExtensions Function: Potential DoS and Other Impacts Local Privilege Escalation Vulnerability in IBM Netezza Platform Software Out-of-Bounds Write Vulnerability in libX11: Potential DoS or Remote Code Execution Denial of Service Vulnerability in GitLab Community and Enterprise Edition 11.1.x Information Disclosure in GitLab Prometheus Metrics CSRF Vulnerability in GitLab System Hooks Test Feature XSS Vulnerability in GitLab CI/CD Pipeline Job Tooltip XSS Vulnerability in GitLab Web IDE File Commit Cross-Site Scripting (XSS) Vulnerability in GitLab Community and Enterprise Edition Cleartext Transmission of Sensitive Customer Data in Thomson Reuters UltraTax CS 2017 Insecure Password Protection in Thomson Reuters UltraTax CS 2017 on Windows Invalid Pointer Dereference in __del_reloc_root() in Btrfs Filesystem Cross-Site Scripting (XSS) Vulnerability in IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize, and IBM FlashSystem Products Out-of-Bounds Access in write_extent_buffer() in Btrfs File System Use-after-free vulnerability in Linux kernel through 4.17.10 when mounting a crafted btrfs image Invalid Pointer Dereference in Btrfs Root Node Mounting Vulnerability Invalid Pointer Dereference in io_ctl_map_page() in Btrfs Image Mounting Out-of-Bounds Access Vulnerability in f2fs Image Mounting Buffer Overflow in truncate_inline_inode() in f2fs Image Unmounting NULL Pointer Dereference in fscrypt_do_page_crypto() in Linux Kernel NULL pointer dereference and panic in hfsplus_lookup() when opening a file in a malformed hfs+ filesystem Buffer overrun vulnerability in Curl NTLM Authentication Code (CVE-2018-16890) Vulnerability: Privilege Escalation via Null Skcipher in Linux Kernel Unauthorized Access and File Manipulation Vulnerability in IBM Storage Products Insecure Retrieval of RabbitMQ Clusterer Component in OpenStack Container Image Build Infinite Loop Vulnerability in libtirpc before version 1.0.2-rc2 Null-Pointer Dereference Vulnerability in libtirpc before version 0.3.3-rc3 SQL Injection Vulnerability in Katello's Errata-Related API Vulnerability: Denial of Service (DoS) in 389-ds-base Race Condition Vulnerability in Linux Kernel's AF_VSOCK Protocol Packet Cache Pollution Vulnerability in PowerDNS Server and Recursor Insecure SSL Configuration in IIOP OpenJDK Subsystem in WildFly LDAP Information Leak Vulnerability in Samba's Server Samba LDAP Server Denial of Service Vulnerability Unauthorized Access to System Files in IBM Storage Products XML Import Vulnerability in Moodle Allows Remote Code Execution via ddwtos Insufficient Filtering in Moodle Boost Theme's Blog Search Parameter Allows Reflected XSS Out of Bound Write Vulnerability in OpenShift Container Platform Stack Buffer Overflow Vulnerability in Linux Kernel's ISCSI Target Code Privilege Escalation Vulnerability in Linux Kernel's create_elf_tables() Function Linux Bridge ML2 Driver IP Address Bypass Vulnerability Vulnerability: Live-migrated instances can inspect traffic of other instances on the same hypervisor SAML Assertion Expiration Bypass Vulnerability in Keycloak Remote Denial of Service Vulnerability in 389-ds-base Unauthorized Access to Sensitive Information in IBM Storage Products Remote Denial-of-Service Vulnerability in Linux Kernel 4.19-rc1 to 4.19-rc3 Undertow Information Leak Vulnerability: Incomplete Header Write Title: Remote Command Execution Vulnerability in Foreman's smart_proxy_dynflow Component PowerDNS Recursor DNSSEC Validation Bypass Vulnerability HPACK Decoder Out-of-Bounds Read Vulnerability in HAProxy NULL pointer dereference vulnerability in __netlink_ns_capable() function in Linux kernel before 4.15-rc8 Expat Hash Collision Denial of Service Vulnerability in Python Denial of Service Vulnerability in 389 Directory Server Privilege Escalation Vulnerability in Red Hat Ceph Storage 2 and 3 Private Key Exposure Vulnerability in IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize, and IBM FlashSystem Products Improper Default Permissions in sos-collector Allows Unauthorized Data Access Incomplete Fix for Multiple Vulnerabilities in GlusterFS Allows Remote Code Execution and Denial of Service Buffer Overflow Vulnerability in Gluster File System's 'features/index' Translator Heap-based Buffer Overflow in Gluster File System's '__server_getspec' Function Arbitrary File Creation Vulnerability in Gluster File System Arbitrary JavaScript Injection via 'state' Parameter in Keycloak Authentication URL Arbitrary Kernel Address Dump Vulnerability in Linux Kernel's show_opcodes() Improper Brute Force Detection Implementation in Keycloak 4.2.1.Final and 4.3.0.Final Open Redirection Vulnerability in JBOSS Keycloak 3.2.1.Final Denial of Service Vulnerability in Gluster File System via 'GF_XATTR_IOSTATS_DUMP_KEY' Xattr Weak Cryptographic Algorithms in IBM Storage Products (X-Force ID: 140397) Multiple Lock Creation Vulnerability in GlusterFS Server Format String Vulnerability in GlusterFS Server 3.8.4 Ceph Vulnerability: Unauthorized Access to dm-crypt Encryption Keys Remote Code Execution Vulnerability in PowerDNS DNSDist Stored Cross-Site Scripting Vulnerability in Foreman 1.18 Privilege Escalation Vulnerability in xorg-x11-server Smart Class Feature Allows Unauthorized Configuration Changes in Red Hat Satellite 6 Expression Language (EL) Injection in RichFaces Framework 3.X through 3.3.4 via UserResource Resource Arbitrary Symbol Injection in ClickHouse remote Table Function Leading to Cross Protocol Request Forgery Attacks Arbitrary File Read Vulnerability in ClickHouse MySQL Client Unauthenticated Access to Internal Cluster Details in IBM Storwize V7000 Unified Management Web Interface 1.6 Unauthorized Use of ClickHouse Database Due to Incorrect Configuration in Deb Package Arbitrary Shared Object Loading Vulnerability in ClickHouse before 18.10.3 Arbitrary File Read Vulnerability in ClickHouse Functions for Loading CatBoost Models Denial of Service and Privilege Escalation Vulnerability in Linux Kernel through 4.17.11 and Xen through 4.11.x Off-by-one Error in CHM PMGI/PMGL Chunk Number Validity Checks Leading to Denial of Service Unauthorized Access to Internal Environment and Sensitive API Details in IBM API Connect 5.0.8.1 and 5.0.8.2 Blank CHM Filenames Vulnerability Buffer Overwrite Vulnerability in libmspack Off-by-one Error in CHM Decompression Macro Cross Site Scripting (XSS) Vulnerability in PRTG WEBGUI (before 19.1.49.1966) Arbitrary File Read Vulnerability in Gxlcms v1.1.4 Stored XSS Vulnerability in XYCMS 1.7 via Crafted add_do.php Request in system/edit_book.php Stored Cross-Site Scripting Vulnerabilities in Subsonic 6.1.1 Internet Radio Settings Stored Cross-Site Scripting Vulnerabilities in Subsonic 6.1.1 Transcoding Settings Unauthenticated Remote Command Execution in IBM API Connect Developer Portal Stored Cross-Site Scripting Vulnerabilities in Subsonic 6.1.1 General Settings Stored Cross-Site Scripting Vulnerabilities in Subsonic 6.1.1 Music Tags Feature Unauthenticated Information Disclosure in Drobo 5N2 NAS 4.0.5-13.28.96115 Unauthenticated Information Disclosure in Drobo 5N2 NAS 4.0.5-13.28.96115 Cross-Site Scripting (XSS) in Drobo 5N2 NAS version 4.0.5-13.28.96115 via /DroboAccess/enable_user endpoint Cross-Site Scripting (XSS) in Drobo 5N2 NAS version 4.0.5-13.28.96115 via /DroboAccess/delete_user endpoint System Command Injection in Drobo 5N2 NAS Version 4.0.5-13.28.96115 via /DroboAccess/enable_user Endpoint Information Disclosure Vulnerability in IBM Sterling File Gateway Unauthenticated Retrieval of MySQL Log Files in Drobo 5N2 NAS 4.0.5-13.28.96115 Command Injection in Drobo 5N2 NAS Version 4.0.5-13.28.96115 via /DroboAccess/delete_user Endpoint Unauthenticated Information Disclosure in Drobo 5N2 NAS 4.0.5-13.28.96115 Unauthenticated Retrieval of MySQL Database Root Password in Drobo 5N2 NAS Version 4.0.5-13.28.96115 Cross-Site Scripting Vulnerability in Drobo 5N2 NAS 4.0.5-13.28.96115 Unauthenticated Access and Control Vulnerability in Drobo 5N2 4.0.5 Command Injection in Drobo 5N2 NAS Version 4.0.5-13.28.96115 Arbitrary File Upload Vulnerability in Drobo Pix Web Application on Drobo 5N2 NAS Insecure Transport Protocol Vulnerability in Drobo 5N2 NAS Version 4.0.5-13.28.96115 Insecure Token Generation Allows Authentication Bypass in Drobo 5N2 NAS Dashboard API Cross-Site Scripting (XSS) Vulnerability in ASUS RT-AC3200 Version 3.0.0.4.382.50010 Missing Cross-Site Request Forgery (CSRF) Protection in ASUS RT-AC3200 Version 3.0.0.4.382.50010 Buffer Overflow Vulnerability in ASUS RT-AC3200 Version 3.0.0.4.382.50010's appGet.cgi Format String Vulnerability in appGet.cgi on ASUS RT-AC3200 Version 3.0.0.4.382.50010 Command Injection Vulnerability in ASUS RT-AC3200 Version 3.0.0.4.382.50010 Predictable Random Number Generation in Cryptogs Smart Contract Implementation Server Side Template Injection (SSTI) in SEOmatic Plugin for Craft CMS before 3.1.4 Arbitrary Code Execution Vulnerability in FasterXML Jackson-databind 2.x Remote Code Execution Vulnerability in FasterXML Jackson-databind 2.x XML External Entity (XXE) Vulnerability in FasterXML jackson-databind 2.x before 2.9.7 Server-side Request Forgery (SSRF) Vulnerability in FasterXML jackson-databind 2.x before 2.9.7 Privilege Escalation via Specially Crafted Filesystem Label in btrfsmaintenance XSS Vulnerability in Ban List Plugin 1.0 for MyBB SSRF Vulnerability in Responsive FileManager 9.13.1 via upload.php Remote Code Execution in Discuz! 2.5 and 3.4 via Database Backup Feature Cross-Site Scripting Vulnerability in IBM BigFix Platform 9.2 and 9.5 WebSocket Server Origin Validation Bypass in Browserify-HMR WebSocket Server Origin Validation Bypass in Parcel parcel-bundler WebSocket Server Origin Validation Bypass in webpack-dev-server ReDoS Vulnerability in Odoo Community Association (OCA) dbfilter_from_header Module Use-after-free vulnerability in ucma_leave_multicast in Linux kernel through 4.17.11 Information Exposure via Crafted Message in Hitachi Command Suite 8.5.3 Buffer Over-read Vulnerability in libpbc.a NULL Pointer Dereference in pbc_wmessage_string in libpbc.a SEGV Vulnerability in libpbc.a: pbc_rmessage_message in rmessage.c SEGV Vulnerability in libpbc.a: pbc_pattern_set_default in pattern.c IBM BigFix Platform Multiple Versions HTTP Response Splitting Vulnerability SEGV Vulnerability in libpbc.a: set_field_one in bootstrap.c SEGV Vulnerability in cloudwu PBC Library SEGV Vulnerability in libpbc.a: memcpy in set_field_one in bootstrap.c SEGV Vulnerability in libpbc.a's wiretype_decode in context.c Use-After-Free Vulnerability in libpbc.a's _pbcM_sp_query in map.c Buffer Overflow in bcmdhd4358 Wi-Fi Driver on Samsung Galaxy S6 SM-G920F (SVE-2018-12029) Remote Command Injection Vulnerability in QTS NAS Software Remote Crash Vulnerability in QTS Media Server Remote Power Off Vulnerability in QTS NAS Software Unspecified Impact Buffer Overflow Vulnerability in QTS NAS Software Inadequate Account Lockout Setting in IBM BigFix Platform 9.2 and 9.5 Information Disclosure Vulnerability in IBM BigFix Platform Double To Header Denial of Service and Arbitrary Code Execution Vulnerability Arbitrary Code Execution Vulnerability in VIVOTEK FD8*, FD9*, FE9*, IB8*, IB9*, IP9*, IZ9*, MS9*, SD9*, and Other Devices CSRF Vulnerability in VIVOTEK FD8177 Devices Arbitrary Code Execution Vulnerability in VIVOTEK FD8177 Devices via ONVIF Interface Arbitrary Code Execution Vulnerability in VIVOTEK FD8177 Devices via eventscript.cgi Authenticated Remote Code Execution via Command Injection in Pydio 4.2.1 through 8.2.1 Vulnerability: Path Override via IIS Headers in Symfony Host Header Injection Vulnerability in Symfony HttpKernel Local Denial of Service Vulnerability in tss_alloc in OpenBSD 6.2 and 6.3 XSS Vulnerability in Click Studios Passwordstate before 8.3 Build 8397 XSS Vulnerability in DataLife Engine (DLE) 13.0 Buffer Overflow Vulnerability in Yubico-Piv 1.5.0 Smartcard Driver Click Hijacking Vulnerability in IBM BigFix Platform Out-of-bounds read vulnerability in Yubico-Piv 1.5.0 smartcard driver Vulnerability: Wireless Transmission Capture-Replay Attack on Medtronic Insulin Pumps Unauthenticated Access to Configuration Files and Profiles in NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) Cross-Site Request Forgery Vulnerability in NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) Cross-Site Scripting Vulnerabilities in NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) Firmware 2.0.29.11 and Prior Open Directory Listing Vulnerability in NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) Improper Authentication Vulnerability in BD Alaris Plus Syringe Pumps Arbitrary Code Execution Vulnerability in Philips' IntelliSpace Cardiovascular (ISCV) Products Buffer Overflow Information Disclosure Vulnerability in Fuji Electric Alpha5 Smart Loader Versions 3.7 and Prior Unquoted Search Path Vulnerability in Philips' IntelliSpace Cardiovascular (ISCV) Products Cross-Site Request Forgery Vulnerability in IBM BigFix Platform 9.2 and 9.5 Buffer Over-read Vulnerability in Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a Vulnerability: Unauthorized Modification of Executable and Library Files in Emerson DeltaV DCS Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 Code Execution Vulnerability in WECON PLC Editor version 1.3.3U Buffer Overflow Exploit in DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 Heap-based Buffer Overflow in Fuji Electric Alpha5 Smart Loader Versions 3.7 and Prior Path Validation Vulnerability in DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 Remote Unauthenticated Reboot Vulnerability in Tec4Data SmartCooler DLL Hijacking Vulnerability in Emerson DeltaV DCS Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 Information Disclosure Vulnerability in Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a Unsanitized User Data Input Vulnerability in Philips PageWriter Cardiographs Missing 'HttpOnly' Attribute on Authorization Tokens and Session Cookies in IBM BigFix Platform Stack Buffer Overflow in Delta Electronics ISPSoft Version 3.0.5 and Prior Superuser Password Vulnerability in Philips PageWriter Cardiographs Arbitrary Remote Code Execution in Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a Banner Disclosure Vulnerability in Philips e-Alert Unit (Non-Medical Device) Version R2.1 and Prior Arbitrary Remote Code Execution Vulnerability in Emerson AMS Device Manager v12.0 to v13.5 Unauthorized Access Vulnerability in ABB eSOMS Version 6.0.2 with LDAP Anonymous Authentication Path Traversal Vulnerability in Advantech WebAccess 8.3.1 and Earlier: Arbitrary Code Execution Remote Code Execution Vulnerability in Opto 22 PAC Control Software Privilege Escalation Vulnerability in Emerson AMS Device Manager v12.0 to v13.5 Use After Free Vulnerability in Fuji Electric V-Server 4.0.3.0 and Prior, Allowing Remote Code Execution Sensitive Information Disclosure in IBM BigFix Platform Code Execution Vulnerability in WECON PI Studio HMI Versions 4.1.9 and Prior Untrusted Pointer Dereference Vulnerabilities in Fuji Electric V-Server 4.0.3.0 and Prior Versions Fuji Electric Energy Savings Estimator DLL Hijacking Vulnerability Heap-Based Buffer Overflow Vulnerability in Fuji Electric V-Server 4.0.3.0 and Prior: Remote Code Execution Risk Improper Validation of User-Supplied Data in WECON Technology PI Studio HMI and PI Studio Versions Out-of-Bounds Write Vulnerabilities in Fuji Electric V-Server 4.0.3.0 and Prior Versions Stack-based Buffer Overflow Vulnerabilities in Advantech WebAccess 8.3.1 and Earlier Integer Underflow Vulnerability in Fuji Electric V-Server 4.0.3.0 and Prior: Remote Code Execution Stack-Based Buffer Overflow Vulnerability in WECON Technology Co., Ltd. PI Studio HMI and PI Studio Out-of-Bounds Read Vulnerability in Fuji Electric V-Server 4.0.3.0 and Prior Arbitrary File Deletion Vulnerability in Advantech WebAccess 8.3.1 and Earlier Remote Denial of Service (DoS) Vulnerability in Rockwell Automation RSLinx Classic Versions 4.00.01 and Prior EMG12 Web Interface Information Exposure and Code Execution Vulnerability Stack-Based Buffer Overflow Vulnerability in Fuji Electric V-Server 4.0.3.0 and Prior Out-of-Bounds Read Vulnerability in Delta Industrial Automation PMSoft v2.11 or Prior Elevated System Privileges Vulnerability on Honeywell Mobile Computers Authentication Bypass Vulnerability in Entes EMG12 Versions 2.57 and Prior RSLinx Classic Versions 4.00.01 and Prior: Remote Denial of Service Vulnerability Improper Privilege Management Vulnerability in Advantech WebAccess 8.3.1 and Earlier Remote Code Execution and Denial of Service Vulnerability in Rockwell Automation RSLinx Classic Versions 4.00.01 and prior Cross-Site Scripting Vulnerability in IBM WebSphere Portal 8.5 and 9.0 Arbitrary File Read Vulnerability in DamiCMS v6.0.0 Intuit Lacerte 2017 Vulnerability: Incorrect Access Control Stored XSS Vulnerability in Subrion CMS v4.2.1: Unescaped Tooltip Information Displayed in Multiple Areas Improper Access Control in Subrion 4.2.1 Allows Unauthorized Access to Admin Panel XSS Vulnerability in Wolf CMS 0.8.3.1 Snippets Tab Stored XSS Vulnerability in rejucms 2.1 via admin/book.php Content Parameter Remote Command Execution Vulnerability in LG N1A1 NAS 3718.510 Insecure Cookie Handling in IBM BigFix Platform 9.2.0 - 9.2.14 and 9.5 - 9.5.9 XSS Vulnerability in Subrion CMS 4.2.1: Unfiltered .html File Uploads Multiple Stored XSS Vulnerabilities in Mondula Multi Step Form Plugin for WordPress Directory Traversal Vulnerability in MikroTik RouterOS WinBox Interface Allows Unauthorized File Access and Modification Cross-Site Scripting (XSS) Vulnerability in Tiki (versions before 18.2, 15.7, and 12.14) via Link Attributes Session Fixation/Hijacking Vulnerability in IBM BigFix Platform 9.2.0 - 9.2.14 and 9.5 - 9.5.9 Stored XSS Vulnerabilities in Tiki: Privilege Escalation via Mouse Hover Out-of-Bounds Read Vulnerability in PHP's exif_process_IFD_in_MAKERNOTE Function Out-of-bounds Array Access Vulnerability in Samsung Galaxy S6 Wi-Fi Driver NULL Pointer Dereference Vulnerability in bcmdhd4358 Wi-Fi Driver on Samsung Galaxy S6 (SVE-2018-11783) Buffer Overflow Vulnerability in Samsung Galaxy S6 Wi-Fi Driver (SVE-2018-11785) Buffer Overflow Vulnerability in Samsung Galaxy S6 Wi-Fi Driver (SVE-2018-11785) Buffer Overflow Vulnerability in Samsung Galaxy S6 Wi-Fi Driver (SVE-2018-11785) Unrestricted File Upload Vulnerability in OCS Inventory NG OCS Inventory Server Incomplete Fix for SSRF Vulnerability in idreamsoft iCMS Insecure Access Control in Password Reset Component of Odoo Community and Enterprise 11.0 and Earlier Arbitrary Code Execution Vulnerability in Odoo Community and Enterprise 11.0 and Earlier CSV Export Vulnerability in Odoo Community and Enterprise 10.0 and 11.0: Unauthorized Access to Hashed Passwords Arbitrary Menuitem Deletion Vulnerability in Odoo Community and Enterprise 11.0 and Earlier Privilege Escalation via Insecure Access Control in Odoo Community and Enterprise Arbitrary Web Script Injection via Crafted Attachment in Odoo Community and Enterprise Insecure Document Handling in Odoo Community and Enterprise 9.0-11.0 Improper Access Control in Odoo TransientModel Framework Insecure Access Control and Message Spoofing in Odoo Portal Messaging System Improper Access Control Allows Unauthorized Password Changes in Odoo Community 9.0 and Odoo Enterprise 9.0 Cross-Site Scripting (XSS) Vulnerability in PHP Template Store Script 3.0.6 Shared Library Loading Vulnerability in IBM DB2 for Linux, UNIX, and Windows Reinstall Vulnerability in Rincewind 0.1 Allows Data Reset Cross-Site Scripting (XSS) Vulnerability in Rincewind 0.1 SQL Injection Vulnerability in Polaris FT Intellect Core Banking 9.7.1 Armor Module Reflected XSS Vulnerability in Polaris FT Intellect Core Banking 9.7.1 Uninitialized Stack Frame Vulnerability in FLIF Image Format Cross-Site Scripting (XSS) Vulnerability in WeaselCMS v0.3.5 via SETTINGS Page Deserialization of Untrusted Data in JetBrains dotPeek and ReSharper Ultimate Allows Code Execution Buffer Overflow Vulnerability in tcpdump Command-Line Argument Parser Buffer Overflow Vulnerability in IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1 Buffer Over-read Vulnerability in OSPFv3 Parser Buffer Over-read Vulnerability in BGP Parser of tcpdump Buffer Over-read Vulnerability in ICMPv6 Parser of tcpdump Integer Overflow Vulnerability in PHP exif_thumbnail_extract Function Segmentation Fault Vulnerability in PHP HTTP Response Parsing Database Dump Restoration Vulnerability in Odoo Community and Enterprise 10.0 and 11.0 Local File Inclusion Vulnerability in Odoo Community and Enterprise 11.0 Improper Host Header Sanitization Vulnerability in Odoo Community and Enterprise 11.0 Cross-Site Scripting (XSS) Vulnerability in Eldenroot Thank You/Like Plugin for MyBB Local Code Execution Vulnerability in CouchDB in Vectra Networks Cognito Brain and Sensor Cross-Site Scripting (XSS) Vulnerability in Vectra Networks Cognito Brain and Sensor Web Management Console Local Privilege Escalation Vulnerability in Vectra Networks Cognito Brain and Sensor before 4.3 Cross-Site Request Forgery (CSRF) Vulnerability in ZyXEL NSA325 V2 version 4.81 Command Injection Vulnerability in ZyXEL NSA325 V2 (v4.81) Zyshclient Bypassing Access Restrictions and Executing Blocked Applications in CyberArk Endpoint Privilege Manager 10.2.1.603 and Earlier HTML Injection Vulnerability in EPSON WF-2750 Printer's AirPrint Setup Page Unfiltered Print Job Vulnerability on EPSON WF-2750 Printers Hard-coded API and Secret Keys in EPSON iPrint Android App for Dropbox, Box, Evernote, and OneDrive Services Improper Data Access in EPSON iPrint Android App Allows Unauthorized Document Reading Firmware Vulnerability in EPSON WF-2750 Printers: Remote Code Execution and Printer Malfunction Multiple Unauthenticated XSS Vulnerabilities in Samsung Syncthru Web Service V4.05.61 Reflected XSS Vulnerability in 3CX Version 15.5.8801.3 Web Server Reflected XSS Vulnerability in 3CX Version 15.5.8801.3 Web Server 3CX Version 15.5.8801.3 Web Server Information Leakage Vulnerability CSRF Vulnerability in Samsung Syncthru Web Service V4.05.61 Remote Code Execution in SeaCMS v6.61 via IP Whitelist Bypass File Upload Vulnerability in ukcms v1.1.7 and Earlier: Unrestricted File Type Upload Directory Traversal Vulnerability in cgit_clone_objects in CGit before 1.2.1 Arbitrary File Deletion Vulnerability in LOYTEC LGATE-902 6.3.2 Devices Directory Traversal Vulnerability in LOYTEC LGATE-902 6.3.2 Devices XSS Vulnerability in LOYTEC LGATE-902 6.3.2 Devices Session Hijacking Vulnerability in IBM Jazz Foundation Products Cross-Site Scripting (XSS) Vulnerabilities in Monstra CMS 3.0.4 via Edit Profile Page Arbitrary Code Execution Vulnerability in uniview EZPlayer 1.0.6 Stored XSS Vulnerability in Matera Banco 1.0.0: User Fullname Field Vulnerability in Matera Banco 1.0.0: Mishandling of Java Errors and Exposure of net.sf.acegisecurity Components CSRF Vulnerability in Matera Banco 1.0.0: /contingency/web/messageSend/messageSendHandler.jsp Path Traversal Vulnerability in Matera Banco 1.0.0 Unauthenticated File Access Vulnerability in /contingency/servlet/ServletFileDownload Multiple Reflected XSS Vulnerabilities in Matera Banco 1.0.0 CSRF Vulnerability in Polaris FT Intellect Core Banking 9.7.1 Armor Module Open Redirect Vulnerability in Polaris FT Intellect Core Banking 9.7.1 Remote Command Execution Vulnerability in NUUO NVRmini Devices via upgrade_handle.php Incorrect Access Control in Polycom Trio Devices Allows Unauthorized Audio Recording via Bluetooth XSS Vulnerability in Polycom Trio Web Administration Console XSS Vulnerability in Add Page Title Field of Little Forum 2.4.12 XSS Vulnerability in Add Page Option of Little Forum 2.4.12 via Menu Link Field Integer Overflow Vulnerability in TCPFLOW Buffer Overflow Vulnerability in LibreOffice's get_app_path Function Cross-Site Scripting (XSS) Vulnerability in IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.2 and 6.0 through 6.0.5 Denial of Service Vulnerability in PHPCMS 9 via Large Parameters in api.php?op=checkcode Request Harmonic NSG 9000 Devices Source Code Disclosure Vulnerability Directory Traversal Vulnerability in Harmonic NSG 9000 Devices Default Password Vulnerability in Harmonic NSG 9000 Devices SEGV Vulnerability in jpeg_encoder: Out-of-Bounds Write in readFromBMP Function Heap-based Buffer Overflow in readFromBMP Function of jpeg_encoder.cpp Mismatched Memory Management Routines in PDF2JSON 0.69's HtmlString Class Mismatched Memory Management Routines in PDF2JSON 0.69's XmlFontAccu::CSStyle Mismatched Memory Management Routines in dilawar sound through 2017-11-27 Arbitrary File Overwrite Vulnerability in IBM FlashSystem V840 and V900 Cross-Site Scripting (XSS) Vulnerability in SquirrelMail 1.4.22 via <svg><a xlink:href= Attack Cross-Site Scripting (XSS) Vulnerability in SquirrelMail 1.4.22 via <form action='data:text Attack XSS Vulnerability in SquirrelMail 1.4.22 via <math><maction xlink:href= Attack XSS Vulnerability in SquirrelMail 1.4.22 via <math xlink:href= Attack XSS Vulnerability in SquirrelMail Mail Message Display Page XSS Vulnerability in SquirrelMail: SVG Animation Exploit Multiple SQL Injection Vulnerabilities in CMS ISWEB 3.5.3 Directory Traversal and Local File Download Vulnerability in CMS ISWEB 3.5.3 CSRF Vulnerability Allows Unauthorized Website Settings Modification in WeaselCMS v0.3.5 CSRF Vulnerability Allows Creation of New Pages in WeaselCMS v0.3.5 Cross-Site Scripting (XSS) Vulnerability in IBM Content Navigator 2.0.3 - 3.0.3 CSRF Vulnerability in Xiao5uCompany 1.7 via admin/Admin.asp SQL Injection Vulnerability in zzcms 8.3 via dl_sendmail.php Stored XSS Vulnerability in zzcms 8.3: user/manage.php and zt/show.php CSRF Vulnerability in zzcms 8.3 via admin/adminadd.php?action=add URI Cross-Site Scripting (XSS) Vulnerability in EMLsoft 5.4.5 via eml/upload/eml/?action=address&do=edit Page CSRF Vulnerability in EMLsoft 5.4.5 CSRF Vulnerability in EMLsoft 5.4.5 SQL Injection in EMLsoft 5.4.5 via numPerPage parameter in action.user.php SQL Injection in EMLsoft 5.4.5 via numPerPage parameter in action.address.php XSS Vulnerability in QCMS 3.0.1 upload/System/Controller/backend/system.php XSS Vulnerability in QCMS 3.0.1 Slideshow Controller Cross-Site Scripting (XSS) Vulnerability in QCMS 3.0.1 Cross-Site Scripting (XSS) Vulnerability in QCMS 3.0.1 Cross-Site Scripting (XSS) Vulnerability in QCMS 3.0.1 Cross-Site Scripting (XSS) Vulnerability in QCMS 3.0.1 Cross-Site Scripting (XSS) Vulnerability in QCMS 3.0.1 Album Controller XSS Vulnerability in QCMS 3.0.1 Backend Category Controller Cross-Site Scripting (XSS) Vulnerability in QCMS 3.0.1 guest.php CSRF Vulnerability in QCMS 3.0.1 via backend/user/admin/add.html URI Vulnerability: Unauthorized Access to Bugreport and Wi-Fi Passwords on ASUS ZenFone 3 Max Vulnerability: User Credentials Stored in Plain Text in IBM Security Guardium EcoSystem 10.5 Vulnerability: Unauthorized Screenshot Capture and Notification Access on ASUS ZenFone 3 Max LG Device SystemUI Application Intents Access Control Vulnerability LG GNSS Application Incorrect Access Control Vulnerability Vulnerability: Unauthorized Screenshot Capture and Notification Access on Sony Xperia L1 Android Device Vulnerability: Unrestricted Text Message Sending in Leagoo Z5C Android Device Vulnerability: Unprotected Broadcast Receiver Allows Unauthorized Factory Reset Vulnerability: Unrestricted Access to Text Messages in Leagoo Z5C Android Device Vulnerability: Unprotected Dynamic Registration of MasterClearReceiver Broadcast Receiver Component Vulnerability: Inoperable Device via SystemRestoreReceiver Broadcast Receiver Vulnerability: Unprotected Broadcast Receiver Allows Unauthorized Factory Reset on Plum Compass Android Device Vulnerability: Pre-installed RCS App Allows Unauthorized Text Messaging and Deletion Vulnerability: Pre-installed RCS App Allows Unauthorized Access to Text Messages Vulnerability: Arbitrary App Installation and Uninstallation via com.asus.dm.installer.DMInstallerService Vulnerability: Arbitrary Command Execution via ASUS Zenfone V Live and ZenFone 3 Max Vulnerability: Unprotected Pre-installed App Component Allows Unauthorized Factory Reset Vulnerability: Unauthorized Access to Modem and Logcat Logs on ZTE Android Devices Arbitrary Command Execution and Audio Recording Vulnerability on Oppo F5 Android Device Vulnerability: Unauthorized Screenshot Capture and Notification Access on Leagoo P1 Android Device Hidden Root Privilege Escalation Vulnerability in Leagoo P1 Android Device Vulnerability: Unprotected Pre-installed App Allows Unauthorized Factory Reset Vivo V7 Android Device Screen Recording Vulnerability Vulnerability: Unauthorized Log File Writing in Vivo V7 Android Device Vulnerability: Unauthorized Access to User's Touch Coordinates via Vivo V7 Device Vulnerability: Unprotected Pre-installed App Component Allows Unauthorized Factory Reset Vulnerability: Log Leakage and Unauthorized Access in Coolpad Canvas Device Vulnerability: Unprotected Broadcast Receiver Allows Unauthorized Factory Reset ZTE ZMAX Champ Android Device Crash Loop Vulnerability Vulnerability: Arbitrary Command Execution via com.fw.upgrade.sysoper App Missing Security Controls in IBM Security Guardium 10.5, 10.6, and 11.0: Unauthorized Access to Sensitive Information Cross-Site Scripting (XSS) Vulnerability in IBM Content Manager Enterprise Edition Resource Manager 8.4.3 and 9.5 IBM WebSphere MQ Header Manipulation Vulnerability Remote Click Hijacking Vulnerability in IBM i2 Enterprise Insight Analysis 2.1.7 Local File Disclosure Vulnerability in IBM i2 Enterprise Insight Analysis 2.1.7 Cross-Site Scripting (XSS) Vulnerability in IBM DOORS Next Generation (DNG/RRC) 6.0.5 Certificate Validation Vulnerability in IBM Security Guardium EcoSystem 10.5 Denial of Service and Potential Impact in libpango CSRF Vulnerability in Auth0 auth0-aspnet and auth0-aspnet-owin Code Execution Vulnerability in Progress Telerik JustAssembly and JustDecompile Insecure Configuration Storage in Zipato Zipabox Smart Home Controller: Remote Attack Vector and Device Takeover Vulnerability Vulnerability: Weak Hashing Algorithm in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 Zipato Zipabox Smart Home Controller: Sensitive Information Disclosure Vulnerability Heap Use-After-Free Vulnerability in LibVNC Server Code Allows Remote Code Execution Heap Out-of-Bound Write Vulnerability in LibVNC Server Code for File Transfer Extension Remote Code Execution Vulnerability in Polycom Group Series, HDX, and Pano XSS Vulnerability in ThinkSAAS (index.php?app=article&ac=comment&ts=do content parameter) Cross-Site Scripting (XSS) Vulnerability in IBM Sterling B2B Integrator Standard Edition 5.2.0 - 5.2.6 XSS Vulnerability in ThinkSAAS (index.php?app=group&ac=create&ts=do groupdesc parameter) Account Number Enumeration Vulnerability Open_basedir check bypass vulnerability in PHP on Windows Untrusted X-XSRF-TOKEN Remote Code Execution Vulnerability in Laravel Framework Improper Input Validation in TitanHQ SpamTitan Allows Internal Attackers to Bypass Anti-Spam Filter Remote Code Execution Vulnerability in CeLa Link CLR-M20 Devices via WebDAV PUT Method Directory Traversal Vulnerability in Ericsson-LG iPECS NMS 30M Arbitrary PHP Code Execution via Unrestricted File Upload in OpenEMR Cross-Site Request Forgery Vulnerability in IBM Robotic Process Automation with Automation Anywhere 10.0 Arbitrary File Read Vulnerability in OpenEMR Patient Portal Arbitrary File Deletion via Directory Traversal in OpenEMR Patient Portal Arbitrary PHP Code Execution via Directory Traversal in OpenEMR SQL Injection Vulnerabilities in OpenEMR Portal/Find Appointment Popup User Arbitrary SQL Command Execution in OpenEMR's find_drug_popup.php SQL Injection Vulnerabilities in OpenEMR Portal/Add_Edit_Event_User.php Arbitrary SQL Command Execution in OpenEMR's find_immunization_popup.php Arbitrary SQL Command Execution in OpenEMR Forms Administration Arbitrary SQL Command Execution in OpenEMR 5.0.1.4 and Earlier SQL Injection Vulnerability in OpenEMR Interface Buffer Overflow Vulnerability in IBM DB2 for Linux, UNIX and Windows Arbitrary SQL Command Execution in OpenEMR 5.0.1.4 and Earlier Arbitrary SQL Command Execution in OpenEMR Interface/De-Identification Forms Authentication Bypass Vulnerability in OpenEMR Portal OS Command Injection in OpenEMR Versions Prior to 5.0.1.4 via Modified hylafax_server Global Variable OS Command Injection in OpenEMR before 5.0.1.4 via Modified print_command Global Variable OS Command Injection in OpenEMR versions before 5.0.1.4 via Modified hylafax_enscript Global Variable OS Command Injection in OpenEMR Versions Prior to 5.0.1.4 via Modified hylafax_server Variable Heap-based Buffer Over-read in libfsclfs_block_read function Heap-based Buffer Over-read in libesedb_page_read_values function Heap-based Buffer Over-read in libesedb_page_read_tags function Heap-based Buffer Over-read in libesedb_catalog_definition_read Function Heap-based Buffer Over-read in libesedb_key_append_data Function SQL Injection Vulnerability in Zoho ManageEngine Applications Manager 13 Reflected XSS Vulnerability in Zoho ManageEngine Applications Manager 13 Denial-of-Service Vulnerability in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 Buffer Overflow Vulnerability in TP-Link WR840N Devices via Long Authorization HTTP Header Denial of Service Vulnerability in Nmap 7.70 with -sV Option Denial of Service and Application Crash Vulnerability in XnView 2.45 Denial of Service and Application Crash Vulnerability in XnView 2.45 Denial of Service and Application Crash Vulnerability in XnView 2.45 CSRF Vulnerability in Gxlcms 2.0 Allows Unauthorized Administrator Account Creation Open Redirect Vulnerability in Gogs before 0.12 Allows Remote Attackers to Conduct Phishing Attacks Weak Password Encryption Vulnerability in IBM InfoSphere Information Server 11.7 Open Redirect Vulnerability in qTest Portal JioFi 4G Hotspot M2S Devices Vulnerable to Denial of Service via XSS Payload in SSID and Security Key Fields XSS Vulnerability in PHP Scripts Mall Car Rental Script 2.0.8 via FirstName and LastName Fields Stored XSS Vulnerability in PHP Scripts Mall Myperfectresume / JobHero / Resume Clone Script 2.0.6 Stored XSS Vulnerability in PHP Scripts Mall Naukri / Shine / Jobsite Clone Script 3.0.4 via USERNAME Field Denial of Service Vulnerability in PHP Scripts Mall Naukri / Shine / Jobsite Clone Script 3.0.4 CSRF Vulnerability in PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 CSRF Vulnerability in PHP Scripts Mall Advanced Real Estate Script 4.0.9 via edit-profile.php Denial of Service Vulnerability in PHP Scripts Mall Advanced Real Estate Script 4.0.9 XSS Vulnerability in PHP Scripts Mall Advanced Real Estate Script via Name Field Cross-Site Scripting (XSS) Vulnerability in PHP Scripts Mall Hotel Booking Script 2.0.4 Denial of Service Vulnerability in PHP Scripts Mall Hotel Booking Script 2.0.4 Intranet Service Exposure via SSRF Vulnerability in Gitea and Gogs CSRF Vulnerability in Gogs Admin Panel Allows Remote Code Execution CSRF Vulnerability in OneThink v1.1 Allows Unauthorized Administrator Privileges CSRF Vulnerability in OneThink v1.1 Allows Unauthorized User Addition Cross-Site Scripting (XSS) Vulnerability in AuraCMS 2.3 via Bukutamu -> AddGuestbook Action CSRF Vulnerability in Juunan06 eCommerce Allows Unauthorized User and Product Manipulation CSRF Vulnerability in Ignited CMS Allows Unauthorized Page Addition CSRF Vulnerability in BPC SmartVista 2 via createrole.jsf Improper Access Control in BPC SmartVista 2 SVFE Module: Unauthorized Access to Admin Functionality Session Fixation Vulnerability in BPC SmartVista 2 via JSESSIONID Parameter Heap-based Buffer Overflow in LibTIFF 4.0.9 TIFF File Processing Cross-Site Scripting (XSS) Vulnerability in IBM Rational Team Concert 5.0 - 6.0.5 Cross-Site Scripting (XSS) Vulnerability in IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 Cross-Site Scripting (XSS) Vulnerability in IBM Rational Quality Manager Default Administrator Account Vulnerability in IBM Maximo Asset Management 7.6 through 7.6.3 Vulnerability in IBM i2 Enterprise Insight Analysis 2.1.7 Allows Remote Information Disclosure Information Disclosure Vulnerability in IBM Maximo Asset Management 7.6 through 7.6.3 Cross-Site Scripting (XSS) Vulnerability in IBM Rational DOORS Next Generation and Rational Requirements Composer Disclosure of BIG-IP Software Version in Rewritten Pages Vulnerability F5 BIG-IP LRO-enabled TCP Traffic Processing Vulnerability Reflected Cross-Site Scripting (XSS) Vulnerability in F5 BIG-IP Configuration Utility Reflected Cross Site Scripting Vulnerability in F5 BIG-IP AFM TMUI Page Reflected Cross Site Scripting Vulnerability in F5 BIG-IP AFM TMUI Page Reflected Cross Site Scripting (XSS) Vulnerability in F5 BIG-IP Configuration Utility Vulnerability: Privilege Escalation and Endpoint Bypass in F5 BIG-IP APM Edge Client Intermittent Decrypt BAD_RECORD_MAC Vulnerability in BIG-IP Virtual Server MPTCP Connection Abort Vulnerability in BIG-IP TMM Restart Vulnerability in BIG-IP with Non-Default Normalize URI Configuration Session ID Leakage in IBM API Connect 5.0.0.0 through 5.0.8.2 Denial of Service Vulnerability in BIG-IP System with Misconfigured Port Lockdown Setting BIG-IP Appliance Mode Bypass Vulnerability Denial-of-Service (DoS) Vulnerability in BIG-IP Systems Vulnerability: TMM Process Core File Generation and HA Action Trigger in BIG-IP Virtual Server with MQTT Profile TMM Restart Vulnerability in BIG-IP APM Memory Leakage Vulnerability in BIG-IP iControl and TMSH Usage Certificate Revocation List (CRL) Download Failure Allows Revoked Certificate Validation in BIG-IP APM Command Execution Vulnerability in BIG-IP Configuration Utility Insecure Handling of SNMPv3 Passphrases in F5 Products Command Execution Vulnerability in BIG-IP Configuration Utility Cross-Site Scripting Vulnerability in IBM Rational Publishing Engine 6.0.5 and 6.0.6 Virtual Server Gzip Bomb Vulnerability on BIG-IP Systems DCDB Convert Utility Group Permissions Vulnerability Privilege Escalation Vulnerability in F5 BIG-IP APM Client Unrestricted Snapshot File Access Vulnerability on BIG-IP Configuration Utility CSRF Vulnerability in APM Webtop 11.2.1 or Greater Allows Session Logout and Re-authentication Inadequate Failure Response Display in APM 13.0.0-13.1.x Cross-Site Scripting Vulnerability in IBM Rational Publishing Engine 6.0.5 and 6.0.6 Cross-Site Scripting (XSS) Vulnerability in IBM Rational Rhapsody Design Manager and IBM Rational Software Architect Design Manager Kraftway 24F2XG Router Firmware 3.5.30.1118 - Remote Privileged Access Vulnerability Critical Denial of Service Vulnerability in Kraftway 24F2XG Router Firmware v3.5.30.1118 Denial of Service Vulnerability in Kraftway 24F2XG Router Firmware v3.5.30.1118 Remote Code Execution Vulnerability in Kraftway 24F2XG Router Firmware 3.5.30.1118 Remote Code Execution Vulnerability in Kraftway 24F2XG Router Firmware 3.5.30.1118 Critical Vulnerability: SSLv2 and SSLv3 Encryption Decryption in Kraftway 24F2XG Router Firmware 3.5.30.1118 Command Injection Vulnerability in Eltex ESP-200 Firmware Version 1.2.0 User Password Hash Extraction Vulnerability in Eltex ESP-200 Firmware Version 1.2.0 Privilege Escalation Vulnerability in Eltex ESP-200 Firmware v1.2.0 Insecure Sudo Configuration Expands Attack Surface in Eltex ESP-200 Firmware v1.2.0 Cross-Site Scripting (XSS) Vulnerability in IBM Rational Rhapsody Design Manager and IBM Rational Software Architect Design Manager Default Credentials Vulnerability in Eltex ESP-200 Firmware Version 1.2.0 Buffer Underflow Vulnerability in UltraVNC Revision 1198: Potential Code Execution Critical XXE Vulnerability in GE Proficy Cimplicity GDS Versions 9.0 R2, 9.5, 10.0 Privilege Escalation Vulnerability in Trend Micro Security 2018 Products Trend Micro OfficeScan XG (12.0) Local Information Disclosure Vulnerability Authenticated Reflected Cross-Site Scripting (XSS) Vulnerability in Trend Micro Deep Discovery Inspector Trend Micro Antivirus for Mac Privilege Escalation Vulnerability Privilege Escalation Vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 and Above Vulnerability: Privilege Escalation via Cisco IOS XE CLI Parser TACACS+ Client Subsystem Denial of Service Vulnerability Vulnerability in Cisco Catalyst 6800 Series Switches Allows Bypass of Secure Boot Validation Vulnerability: Unauthorized Root Shell Access in Cisco IOS XE Software MACsec Key Agreement Vulnerability in Cisco IOS XE Software Cisco Discovery Protocol Memory Exhaustion Vulnerability Cisco IOS XE Software Image Verification Bypass Vulnerability Arbitrary Memory Write Vulnerability in Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers Arbitrary Memory Write Vulnerability in Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers Memory Leak Vulnerability in Cisco Network Plug and Play Agent Denial of Service Vulnerability in ClamAV Prior to 0.100.2 via MEW Unpacker Unrestricted Directory Permissions Vulnerability in Cisco Prime Infrastructure Web Server Root Command Execution Vulnerability in Cisco HyperFlex Software Java Deserialization Vulnerability in Cisco Unity Express (CUE) Allows Remote Command Execution Static Signing Key Vulnerability in Cisco HyperFlex Software Allows Unauthorized Access Denial of Service Vulnerability in Cisco ASA and FTD Software Unauthenticated Remote Access Vulnerability in Cisco DNA Center Cisco SD-WAN Solution: Bypassing Certificate Validation Vulnerability Denial of Service Vulnerability in Cisco ASA and FTD Software WebVPN Login Process Default Hard-Coded Username and Password Vulnerability in Cisco Prime Collaboration Provisioning (PCP) Authentication Bypass Vulnerability in IBM Rational Engineering Lifecycle Manager Cisco Firepower Threat Defense (FTD) Software FTP Inspection Engine Denial of Service Vulnerability Cisco Remote PHY Software IPv4 Fragment-Processing Denial of Service Vulnerability Cisco Industrial Network Director DHCP Service Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerability in Cisco Content Security Management Appliance (SMA) Software Authentication Bypass Vulnerability in Cisco Stealthwatch Enterprise SMC Title: Cisco Wireless LAN Controller Software Vulnerability Enables Unauthorized Network Access in TrustSec Domain Cisco Unity Connection Bulk Administration Tool (BAT) Disk Utilization DoS Vulnerability Denial of Service (DoS) Vulnerability in Cisco ASA and FTD Software Per-User-Override Bypass Vulnerability in Cisco ASA and FTD Software Cisco ASA and FTD Software TCP Syslog Module Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerability in Cisco Cloud Services Platform 2100 Web Management Interface Cross-Site Request Forgery (CSRF) Vulnerability in Cisco Hosted Collaboration Mediation Fulfillment Cisco Enterprise NFV Infrastructure Software (NFVIS) Cross-Site Request Forgery (CSRF) Vulnerability Open Redirect Vulnerability in Cisco Unified Communications Software Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director Web Interface Denial of Service Vulnerability Authorization Bypass Vulnerability in Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director Stored XSS Vulnerability in Cisco UCS Director Web Interface Insufficient Cleanup of Installation Files in Cisco HyperFlex Software Allows for Sensitive Information Disclosure Arbitrary Code Execution Vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Windows Arbitrary Code Execution Vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Windows Cross-Site Scripting (XSS) Vulnerability in IBM WebSphere Commerce Enterprise V7, V8, and V9 Arbitrary Code Execution Vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Windows Arbitrary Code Execution Vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Windows Arbitrary Code Execution Vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Windows Arbitrary Code Execution Vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Windows Arbitrary Code Execution Vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Windows Arbitrary Code Execution Vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Windows Arbitrary Code Execution Vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Windows Arbitrary Code Execution Vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Windows Arbitrary Code Execution Vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Windows Arbitrary Code Execution Vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Windows XML External Entity Injection (XXE) Vulnerability in IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation Administration Console for Content Platform Engine (ACCE) 5.2.1 and 5.5.0 Arbitrary Code Execution Vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Windows Arbitrary Code Execution Vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Windows Arbitrary Code Execution Vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Windows Clickjacking Vulnerability in Cisco HyperFlex Software Web UI Arbitrary Command Execution Vulnerability in Cisco Identity Services Engine (ISE) Web Interface Arbitrary Command Execution Vulnerability in Cisco Identity Services Engine (ISE) Web Interface Stored Cross-Site Scripting (XSS) Vulnerability in Cisco Unity Connection Web Interface Undocumented Default Root Account Vulnerability in Cisco Video Surveillance Manager (VSM) Software Cisco IOS XR Software BGP Malformed Attribute Denial of Service Vulnerability Unauthenticated Remote Access Vulnerability in Cisco HyperFlex HX Data Platform Software SSL Certificate Validation Vulnerability in IBM WebSphere MQ 8.0 and 9.0 Remote Code Execution Vulnerability in Cisco Expressway Series and Cisco TelePresence VCS Arbitrary Code Execution Vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Windows Information Disclosure Vulnerability in Cisco Prime Infrastructure Server Backup Function Information Disclosure Vulnerability in Cisco Prime Infrastructure Server Backup Function Cross-Site Scripting (XSS) Vulnerability in Cisco Unified IP Phone 7900 Series Web Management Interface Stored XSS Vulnerability in Cisco SocialMiner Web-Based Management Interface Cross-Site Scripting (XSS) Vulnerability in Cisco Webex Centers Local Privilege Escalation Vulnerability in Cisco Immunet and Cisco AMP for Endpoints on Windows Cross-Site Request Forgery (CSRF) Vulnerability in Cisco Prime Collaboration Assurance Cisco Small Business Switches Software Authentication Bypass Vulnerability Buffer Overflow Vulnerability in IBM DB2 for Linux, UNIX and Windows Cisco Identity Services Engine (ISE) Web Interface Stored XSS Vulnerability SQL Injection Vulnerability in Cisco Prime License Manager (PLM) Arbitrary Command Execution Vulnerability in Cisco Webex Meetings Desktop App for Windows Cisco Firepower System Software: TCP Retransmission Bypass Vulnerability XML External Entity (XXE) Vulnerability in Cisco Energy Management Suite Software Allows Unauthorized Access and Manipulation of Data Cross-Site Request Forgery (CSRF) Vulnerability in Cisco Energy Management Suite Software Unauthenticated Remote Access Vulnerability in Cisco Meeting Server SQL Injection Vulnerability in Cisco IMC Supervisor Insecure Configuration in Cisco Registered Envelope Service Allows Discovery of Sensitive User Information Cisco Video Surveillance Media Server Web Interface Denial of Service Vulnerability Weak Cryptographic Algorithms in IBM Tivoli Storage Manager: A Potential Decryption Vulnerability File System Overwrite Vulnerability in Cisco Prime Collaboration Assurance Web UI Cross-Site Scripting (XSS) Vulnerability in Cisco Prime Service Catalog Web Interface Vulnerability in Cisco AMP for Endpoints Allows Local Attackers to Disable System Scanning Services Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) S/MIME Decryption and Verification Denial of Service Vulnerability SIP Inspection Engine Denial of Service Vulnerability Cross-Site Scripting Vulnerability in Cisco Identity Services Engine Logging Component Cisco Identity Services Engine (ISE) Admin Portal Password Disclosure Vulnerability Cross-Site Scripting (XSS) Vulnerability in Cisco Prime Infrastructure Web Interface Cisco Firepower Management Center (FMC) Shell Access Filter Remote Authentication Denial of Service Vulnerability Privilege Escalation Vulnerability in Cisco Identity Services Engine (ISE) Administrative Web Interface HTTP Strict Transport Security Bypass in IBM API Connect 5.0.0.0 through 5.0.8.3 Denial of Service Vulnerability in Cisco Email Security Appliances Cross-Site Scripting (XSS) Vulnerability in Cisco Webex Business Suite's MyWebex Component Insufficient Ingress TCP Rate Limiting Vulnerability in Cisco Firepower Threat Defense Software Cisco Identity Services Engine (ISE) Web-Based Management Interface Reflected XSS Vulnerability Cisco 900 Series ASR Software Partial Denial of Service Vulnerability Cisco ASA Software Authorization Subsystem Privilege Escalation Vulnerability Unauthenticated Remote Access to Graphite Web Interface in Cisco Policy Suite Cross-Site Scripting (XSS) Vulnerability in Cisco TelePresence Management Suite (TMS) Web Interface Denial of Service Vulnerability in Xen through 4.11.x Denial-of-Service Vulnerability in Xen ARM Grant Table v2 Implementation Arbitrary Code Execution Vulnerability in IBM Robotic Process Automation with Automation Anywhere 10.0 Unbounded Memory Usage Vulnerability in Xen's oxenstored Out-of-Bounds Memory Access Vulnerability in Linux Kernel's xenvif_set_hash_mapping Long-running Sidekiq jobs in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1 can cause a timeout issue in the diff formatter using rouge. OpenSSH User Enumeration Vulnerability CSV Injection in DokuWiki 2018-04-22a and earlier Unverified SSL/TLS Server Certificate Allows Man-in-the-Middle Attack on myStrom Devices Command Injection Vulnerability in myStrom WiFi Switch V1 Devices Unregistered Device Takeover Vulnerability Lack of Device Authentication in myStrom IoT Devices Information Disclosure Vulnerability in IBM API Connect 2018.1.0.0 and 2018.2.x Hidden Parameter Vulnerability in myStrom IoT Devices Allows Unauthorized Server URL Reconfiguration Privilege Escalation via Improper Input Sanitization in UCOPIA Wireless Appliance Devices LG Devices Vulnerability: Incorrect Access Control for MLT Application Intents (LVE-SMP-180006) KONE Group Controller (KGC) Devices Denial of Service Vulnerability (KONE-04) KONE Group Controller (KGC) Devices Unauthenticated Remote Code Execution Vulnerability Unauthenticated FTP Access Vulnerability in KONE Group Controller (KGC) Devices KONE Group Controller (KGC) Devices Unauthenticated Local File Inclusion and File Modification Vulnerability HTTP Response Splitting Vulnerability in IBM Rational Quality Manager Path Traversal Vulnerability in ExpressVPN on Windows Whitelisting Bypass Vulnerability in Zemana Anti-Logger UDP Amplification Vulnerability in Sentinel License Manager 8.5.3.35 Critical Open Redirect Vulnerability in vBulletin 5.4.3 Unescaped String Injection in dojox/Grid/DataGrid Directory Traversal and SSRF Vulnerability in Responsive FileManager before 9.13.3 Memory Corruption Vulnerability in Mitel MiVoice 5330e VoIP Device's SIP/SDP Packet Handling Functionality YSoft SafeQ Server 6 Vulnerability: Replay Attack Exploit Denial of Service Vulnerability in GEAR Software Products (GEARAspiWDM.sys) Local User Denial of Service Vulnerability in IBM Spectrum Protect 7.1 and 8.1 Out-of-Bounds Read DoS Vulnerability in libgit2 Insecure Permissions in Lone Wolf Technologies loadingDOCS 2018-08-13: Remote Download of Confidential Files Unbounded Deserialization Vulnerability in Swoole 4.0.4 NULL Pointer Dereference in HTTP Request Time Fields Handling NULL Pointer Dereference Denial of Service Vulnerability in GoAhead and Appweb BubbleUPnP 0.9 Update 30 XML External Entity Processing (XXE) Vulnerability Incorrect Access Control in Five9 Agent Desktop Plus 10.0.70 Allows Remote Denial of Service (Issue 1 of 2) Incorrect Access Control in Five9 Agent Desktop Plus 10.0.70 Privilege Escalation Vulnerability in IBM WebSphere MQ Arbitrary Web Script Injection Vulnerability in totemomail 6.0.0 Build 570 Certificate Feature Arbitrary Code Injection through Cross-Site Scripting (XSS) in totemomail 6.0.0 build 570 Notification Template Arbitrary Web Script Injection Vulnerability in totemomail 6.0.0 Build 570's 'Authorisation Service' SessionID Exposure in Log Viewer of Totemomail 6.0.0 Build 570 Privilege Escalation via Deserialization in Docker for Windows CaptivePortal Service Trojan Horse Vulnerability in D-Link Central WiFiManager CWM-100 1.03 r0098 Devices SSRF Vulnerability in D-Link Central WiFiManager CWM-100 1.03 r0098 Devices Vulnerability: SSRF in D-Link Central WiFiManager CWM-100 1.03 r0098 MailConnect Feature Double-Free or Corruption Vulnerability in QXmlStream Lexmark Devices Vulnerable to Buffer Overflow (Issue 1 of 2) Arbitrary Code Execution Vulnerability in IBM Robotic Process Automation with Automation Anywhere 10.0 and 11.0 Lexmark Devices Vulnerable to Buffer Overflow (Issue 2 of 2) Reflected Cross-Site Scripting in Java System Solutions SSO Plugin 4.0.13.1 for BMC MyIT Command Injection Vulnerability in Mutiny Monitoring Appliance Allows Arbitrary Command Execution Information Disclosure Vulnerability in IBM WebSphere Application Server Liberty Persistent Cross-Site Scripting (XSS) Vulnerability in Xerox ColorQube 8580 Web Interface XML External Entity (XXE) Vulnerability in JavaMelody before 1.74.0 Information Disclosure Vulnerability in Synaptics Touchpad Drivers Reflected Cross-Site Scripting Vulnerability in Geutebrueck re_porter 16 Unauthenticated Access to Sensitive Information in Geutebrueck re_porter 16 Directory Traversal Vulnerability in tecrail Responsive FileManager before 9.13.4 Directory Traversal Vulnerability in tecrail Responsive FileManager before 9.13.4 Unrestricted File Upload Vulnerability in OCS Inventory NG ocsreports Multiple Cross-Site Scripting Vulnerabilities in Agentejo Cockpit Lack of Anti-CSRF Protection in Agentejo Cockpit Allows Unauthorized Modification of API Tokens and Passwords Cross-Site Scripting (XSS) Vulnerability in IBM Maximo Asset Management 7.6 /media/api Directory Traversal Vulnerability in Agentejo Cockpit Passcode Authentication Bypass Vulnerability in org.telegram.messenger Android App Authentication Bypass Vulnerability in org.telegram.messenger Android App Stored Cross-Site Scripting Vulnerability in Accusoft PrizmDoc 13.3 and Earlier Cross-Site Scripting (XSS) Vulnerability in IBM FileNet Content Manager 5.2.1 and 5.5.0 Predictable Random Number Generation in PayWinner Function of Ethereum Lottery Smart Contract OS Command Injection Vulnerability in Telus Actiontec T2200H T2200H-31.128L.03 Devices via fileshare.cmd Vulnerability: Unauthorized Root Access via UART Headers on Telus Actiontec WEB6000Q v1.1.02.22 Devices Vulnerability: Root Level Access via Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 Telus Actiontec WEB6000Q v1.1.02.22 - Unauthorized Root Access via Telnet Stored XSS Vulnerability in Xiuno BBS 4.0.4 Editor Cross-Site Scripting (XSS) Vulnerability in IBM FileNet Content Manager 5.2.1 and 5.5.0 Integer Overflow in AESNI.c Leading to Mishandling of Short Messages XSS Vulnerability in CMS ISWEB 3.5.3 via ordineRis, sezioneRicerca, or oggettiRicerca Parameter XSS Vulnerability in Subrion CMS 4.2.1: titles[en] Parameter in _core/admin/pages/add/ Endpoint CSRF Vulnerability Allows Unauthorized Deletion of Pages in daveismyname simple-cms Unauthenticated Page Addition Vulnerability in daveismyname simple-cms XSS Vulnerability in tp5cms admin.php/article/index.html q parameter XSS Vulnerability in CMSUno Title Field (CVE-XXXX-XXXX) CSRF Vulnerability in tp5cms through 2017-05-25: admin.php/category/delete.html CSRF Vulnerability in My Little Forum 2.4.12 Allows User Deletion Cross-Site Scripting (XSS) Vulnerability in IBM Rational Quality Manager (RQM) 5.0 - 6.0.6 Stored XSS Vulnerability in waimai Super Cms 20150505 via /admin.php/Foodcat/editsave fcname parameter CSV Injection Vulnerability in Export Users to CSV Plugin for WordPress Incomplete RSB Filling in Linux Kernel Allows Userspace-Userspace SpectreRSB Attacks Unauthenticated File Manipulation in Reprise License Manager (RLM) Cross-Site Scripting Vulnerability in Reprise License Manager's License Editor Remote Code Execution Vulnerability in EasyLogin Pro Cross-Site Scripting (XSS) Vulnerability in IBM Rational Collaborative Lifecycle Management Arbitrary Web Script Injection Vulnerability in gnuboard5 before 5.3.1.6 Arbitrary Web Script Injection Vulnerability in GNUBoard5 (before 5.3.1.6) Arbitrary Web Script Injection in gnuboard5 before 5.3.1.6 Arbitrary Web Script Injection via popup title parameter in GNUBOARD5 before 5.3.1.6 Arbitrary Web Script Injection in gnuboard5 before 5.3.1.6 Arbitrary Web Script Injection via popup title parameter in GNUBOARD5 before 5.3.1.6 Enigmail before 2.0.6 Vulnerability: OpenPGP Signature Spoofing via Specially Crafted Multipart HTML Email OpenPGP Signature Spoofing Vulnerability in GNOME Evolution MailMate HTML/MIME Structure Vulnerability Bypassing File and Folder Security Restriction in Ivanti Workspace Control and RES One Workspace Bypassing Application Whitelisting Restrictions in Ivanti Workspace Control and RES One Workspace Privilege Escalation Vulnerability in Ivanti Workspace Control and RES One Workspace Unspecified Attack Vector Allows Decryption of Encrypted Datastore or Relay Server Password Spectre-v2 vulnerability in Linux kernel's paravirt.c Cross-Site Scripting (XSS) Vulnerability in MyBB 1.8.17 RSS Syndication Exposure of Configuration and Secrets in Containous Traefik 1.6.x User Enumeration Vulnerability in Dropbear SSH Server Cross-Site Scripting (XSS) Vulnerability in IBM Rational Engineering Lifecycle Manager Improper URL Decoding in Elefant CMS 2.0.3 File Upload Vulnerability Persistent XSS Vulnerability in Zyxel VMG3312 B10B Devices via connectionStatus-hostEntry.cmd Hostname Parameter XSS Vulnerability in Victor CMS Leave a Comment Screen Cross-Site Scripting Vulnerability in phpMyAdmin Import Feature XSS Vulnerability in SalesAgility SuiteCRM: Phishing via Error Message Denial of Service Vulnerability in ImageMagick 7.0.8-11 Q16 HTML Injection Vulnerability in Zoho ManageEngine ADManager Plus 6.5.7 Arbitrary File Read and Delete Vulnerability in Avaya IP Office's one-X Portal Root Privilege Escalation Vulnerability in Avaya Aura Communication Manager CSRF Vulnerability in Avaya Aura Orchestration Designer Allows Unauthorized Administrative Setting Manipulation Avaya Aura Orchestration Designer XSS Vulnerability in Runtime Config Component Stored Cross-Site Scripting Vulnerability in IP Office's one-x Portal Local Administrative User Exploitation in Avaya Call Management System Supervisor: Extracting Sensitive Information from Remote CMS Host Remote Code Execution Vulnerability in Avaya Aura System Platform Web UI Remote Denial of Service Vulnerability in Avaya Aura Communication Manager's capro Process Cross-Site Scripting (XSS) Vulnerability in IBM Sterling B2B Integrator Standard Edition Arbitrary File Emailing Vulnerability in Odoo Discuss App Remote Initialization of Empty Database in Odoo Community and Enterprise 11.0 and Earlier Arbitrary Web Script Injection via Crafted Attachment Filenames in Odoo Community and Enterprise 11.0 and Earlier Arbitrary Web Script Injection via Crafted Link in Odoo Community and Enterprise 14.0 and Earlier Cross-site scripting vulnerability in Odoo Discuss App allows remote code injection through crafted document names Cross-Site Scripting (XSS) Vulnerability in Odoo Community and Enterprise 13.0 and Earlier Local Privilege Escalation Vulnerability in IBM Sterling B2B Integrator Standard Edition 5.2 through 5.2.6 Elevated Privileges Vulnerability in Odoo Enterprise Helpdesk App Arbitrary Web Script Injection via Crafted Calendar Event Attributes in Odoo Community and Enterprise Arbitrary Record Creation and Privilege Escalation in Odoo Community and Enterprise 12.0 and Earlier Buffer Overflow Vulnerability in IBM DB2 for Linux, UNIX and Windows Cross-Origin Resource Sharing (CORS) Vulnerability in 42Gears SureMDM User Account Existence Disclosure in 42Gears SureMDM Registration API Endpoint SSRF Vulnerability in 42Gears SureMDM Unprotected API Endpoints Expose Call Logs, SMS Logs, and User-Account Data in 42Gears SureMDM Cross-Origin Access Vulnerability in 42Gears SureMDM Format String Error Vulnerability in IBM DB2 for Linux, UNIX and Windows Vulnerability: Unauthorized Access to Sensitive Ola Money Data Bypassing Authentication via Forgot Password Screen in Ola Money Android App Arbitrary Read-Write Access Vulnerability in Docker's 'docker cp' Command Unauthenticated User Account Enumeration in Cloudera Data Science Workbench (CDSW) Unauthenticated Arbitrary Email Sending Vulnerability in Bloop Airmail 3 3.5.9 for macOS Arbitrary Email Transmission Vulnerability in Bloop Airmail 3 3.5.9 for macOS Bypassing Frame Navigation Filter in Bloop Airmail 3 3.5.9 for macOS Arbitrary Java Code Execution through SOAP Connector in IBM WebSphere Application Server OpenURL Default URL Handler Vulnerability in Bloop Airmail 3 3.5.9 for macOS Excessive Stack Consumption Denial of Service Vulnerability in HDF HDF5 1.10.2 Library Bypassing Anti-XSS Mechanism in BTITeam XBTIT Stored XSS and CSRF Vulnerability in BTITeam XBTIT 2.5.4 Newsfeed Reflected Cross-Site Scripting Vulnerability in BTITeam XBTIT 2.5.4 Signup Page Reflected Cross-Site Scripting Vulnerability in BTITeam XBTIT 2.5.4 Search Function Local File Disclosure Vulnerability in IBM QRadar SIEM 7.2 and 7.3 Unsalted MD5 Hash Vulnerability in BTITeam XBTIT 2.5.4 Predictable Salt and Weak Cookie Security in BTITeam XBTIT 2.5.4 Cross-Site Request Forgery Vulnerability in BTITeam XBTIT Allows Automated Private Message Sending Open Redirect Vulnerability in BTITeam XBTIT Login Page Path Disclosure and Sensitive Data Leakage in BTITeam XBTIT Remote Code Execution Vulnerability in GitHub Electron Arbitrary State Injection Vulnerability in systemd's unit_deserialize Arbitrary File Permission Vulnerability in systemd (CVE-2018-16865) Buffer Overflow Vulnerability in systemd DHCP6 Client Arbitrary Code Execution through Insecure Deserialization in CA Release Automation 6.5 and Earlier Authentication Bypass and Data Manipulation Vulnerability in Inova Partner 5.0.5-RELEASE, Build 0510-0906 and Earlier Insecure Direct Object Reference Vulnerability in Inova Partner 5.0.5-RELEASE, Build 0510-0906 and Earlier Path Traversal Vulnerability in ASUSTOR Data Master 3.1.5 and Below Allows Arbitrary File Upload Path Traversal Vulnerability in ASUSTOR Data Master 3.1.5 and Below Allows Remote File Deletion User Account Enumeration Vulnerability in ASUSTOR Data Master 3.1.5 and Below Authenticated Remote File Read Vulnerability in ASUSTOR Data Master 3.1.5 and Below Authenticated Remote File Read Vulnerability in ASUSTOR Data Master 3.1.5 and Below XSS Vulnerability in ASUSTOR Data Master 3.1.5 and Below via Configuration File Manipulation Denial of Service Vulnerability in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 Web Interface Denial of Service Vulnerability in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 Web Interface CSRF Vulnerability in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 Web Interface Multiple Reflected Cross-Site Scripting Vulnerabilities in Advantech WebAccess 8.3.2 and Below Stack Buffer Overflow Vulnerability in Advantech WebAccess 8.3.2 and Below Directory Traversal Vulnerability in WADashboard API Allows Remote Code Execution Directory Traversal Vulnerability in WADashboard API of Advantech WebAccess 8.3.1 and 8.3.2 Cross-Site Scripting Vulnerability in Advantech WebAccess 8.3.1 and 8.3.2 Remote Code Execution in Snoopy 1.0 in Nagios XI 5.5.6 Arbitrary Command Execution in Nagios XI 5.5.6 Arbitrary Command Execution Vulnerability in IBM QRadar 7.2 and 7.3 Privilege Escalation in Nagios XI 5.5.6 via Autodiscover_new.php Nagios XI 5.5.6 API Key Reset and Privilege Escalation Vulnerability Reflected Cross-Site Scripting Vulnerability in Nagios XI 5.5.6 via api_tool.php Host Parameter Persistent Cross-Site Scripting Vulnerability in Nagios XI 5.5.6 via Stored Email Address in admin/users.php Reflected Cross-Site Scripting Vulnerability in Nagios XI 5.5.6 Zoom Vulnerability: Unauthorized Message Processing and Remote Spoofing Authenticated Remote Command Injection in NUUO NVRMini2 version 3.9.1 Insecure Password Storage: Base64 Encoded MD5 Hashes in Open Dental Unauthenticated Remote Access Vulnerability in Open Dental: Complete User Database Transmission Default MySQL Credentials in Open Dental Installation Hard-coded Account Vulnerability in Logitech Harmony Hub Authentication Bypass Vulnerability in Logitech Harmony Hub XMPP Server OS Command Injection in Logitech Harmony Hub Logitech Harmony Hub Command Injection Vulnerability Pulse Secure Desktop (macOS) Privilege Escalation Vulnerability Authentication Bypass Vulnerability in Grafana Arbitrary Code Execution Vulnerability in Couchbase Server Denial of Service Vulnerability in STOPzilla AntiMalware 6.5.2.59 Denial of Service Vulnerability in STOPzilla AntiMalware 6.5.2.59 Denial of Service Vulnerability in STOPzilla AntiMalware 6.5.2.59 Arbitrary Write Vulnerability in STOPzilla AntiMalware 6.5.2.59 NULL Pointer Dereference Vulnerability in STOPzilla AntiMalware 6.5.2.59 Arbitrary Write Vulnerability in STOPzilla AntiMalware 6.5.2.59 Arbitrary Write Vulnerability in STOPzilla AntiMalware 6.5.2.59 Denial of Service Vulnerability in STOPzilla AntiMalware 6.5.2.59 Denial of Service Vulnerability in STOPzilla AntiMalware 6.5.2.59 Arbitrary Write Vulnerability in STOPzilla AntiMalware 6.5.2.59 XSS Vulnerability in Zoho ManageEngine ADManager Plus 6.5.7 on Workflow Delegation Requester Roles Screen Unauthenticated Directory Traversal Vulnerability in Argus Surveillance DVR 4.0.0.0 Devices Denial of Service Vulnerability in QEMU's seccomp Policy Handling Arbitrary Code Execution Vulnerability in glot-www Dell 2335dn Printer Admin Interface Password Disclosure Vulnerability Pulse Secure Desktop (macOS) Format String Vulnerability Directory Traversal Vulnerability in SaltStack Salt API Authentication Bypass and Arbitrary Command Execution in SaltStack Salt Cleartext Transmission of Sensitive Information in MensaMax Android App Hard-coded DES Cryptographic Key Vulnerability in MensaMax Android App Authorization Logic Error in Cloud Foundry UAA Allows Token Hijacking Across Identity Providers SQL Injection Vulnerability in Cloud Foundry CF Networking Release Denial of Service Vulnerability in Spring Framework Privilege Escalation in Spring Security OAuth Approval Endpoint Insecure Credential Verification in Pivotal Cloud Foundry On Demand Services SDK Privilege Escalation via Consent Page Manipulation in Cloud Foundry UAA Privilege Escalation Vulnerability in Pivotal Operations Manager Information Disclosure Vulnerability in Pivotal Container Service (versions prior to 1.2.0) Exposes IaaS Credentials in Application Logs Remote Code Execution Vulnerability in Dell EMC ESRS Policy Manager Dell EMC Secure Remote Services Information Exposure Vulnerability Dell Encryption and Endpoint Security Suite Enterprise Vulnerability: Password Length Bypass Improper Authorization Vulnerability in Dell OpenManage Network Manager Virtual Appliance Insecure Default Configuration Allows Unauthorized File System Access in Dell OpenManage Network Manager Denial of Service Vulnerability in RSA BSAFE Micro Edition Suite Information Disclosure Vulnerability in Dell EMC RecoverPoint and RecoverPoint for VMs Uncontrolled Resource Consumption Vulnerability in Dell EMC RecoverPoint and RecoverPoint for VMs Information Disclosure Vulnerability in Dell Encryption Redfish Interface Privilege Escalation Vulnerability in Dell EMC iDRAC Improper Error Handling Vulnerability in Dell EMC iDRAC7/iDRAC8 Title: Dell OS10 CLI Input Validation Vulnerability Improper Access Control Vulnerability in RSA Archer Versions Prior to 6.5.0.1 Dell Wyse Password Encoder Hard-coded Cryptographic Key Vulnerability Relative Path Traversal Vulnerability in RSA Authentication Manager Quick Setup Deployment Vulnerability: TLS Certificate Validation Bypass in Dell Networking OS10 Phone Home Feature Guessable Random Number Generation in Pivotal CredHub Service Broker UAA Client Secret Insecure Hashing Algorithm in Cloud Foundry Bits Service Allows Unauthorized Access Cloud Foundry NFS Volume Release Information Disclosure Vulnerability Untrusted Website Redirect Vulnerability in Pivotal Concourse Release 4.x prior to 4.2.2 Timing Attack Vulnerability in Cloud Foundry Bits Service Authorization Bypass Vulnerability in Spring Security 5.1.x MapR File System Privilege Escalation Vulnerability XML External Entity (XXE) Vulnerability in Accusoft PrizmDoc HTML5 Document Viewer before 13.5 Vulnerability: Bypassing POSIM EVO Login Prompt via Emergency Override Account Hardcoded Database Credentials in POSIM EVO 15.13 for Windows Pose Critical Security Risk Insecure File Permissions in AccuPOS 2017.8 Installation Path Directory Traversal Vulnerability in Visiology Flipbox Software Suite before 2.7.0 Weak Encryption Algorithm Used in DNN (DotNetNuke) 9.2 through 9.2.1 Inadequate Entropy Generation in DNN (DotNetNuke) 9.2 through 9.2.1 User Mode Write AV Vulnerability in FastStone Image Viewer 6.5 User Mode Write AV Vulnerability in FastStone Image Viewer 6.5 FastStone Image Viewer 6.5 Exception Handler Chain Corrupted Vulnerability Read Access Violation Vulnerability in FastStone Image Viewer 6.5 Read Access Violation on Block Data Move in FastStone Image Viewer 6.5 via Crafted Image File Arbitrary File Deletion Vulnerability in Repute ARForms Incorrect Access Control in EasyIO EasyIO-30P Devices: Exploiting the webuser.js Vulnerability XSS Vulnerability in EasyIO EasyIO-30P Devices (CVE-2021-XXXX) FFmpeg Flvenc.c Empty Audio Packet Assertion Failure Vulnerability IBM StoredIQ 7.6 Authenticated Bypass Vulnerability Arbitrary Code Execution via URI Handlers in Ubisoft Uplay Desktop Client Insecure Direct Object Reference (IDOR) vulnerability in Vanilla before 2.6.1 allows multiple voting in polls Heap Overflow Vulnerability in radare2's read_module_referenced_functions Function Title: Android Versions 1.0 through 9.0 Vulnerable to Insecure Permissions (Bug ID: 77286983) RSA Padding String Verification Bypass in Openswan Buffer Overflow Vulnerability in D-Link DIR-615 Devices via Long Authorization HTTP Header Cross-Site Scripting (XSS) Vulnerability in IBM Maximo Asset Management 7.6 Denial of Service Vulnerability in TP-Link TL-WR840N Devices via Fragmented Packets XSS Vulnerability in WolfCMS 0.8.3.1 via /?/admin/page/add Slug Parameter XSS Vulnerability in GetSimple CMS 3.3.14 via Add New Page Field in admin/edit.php CSRF Vulnerability in DamiCMS 6.0.0 Allows Password Modification for Administrator Account CSRF Vulnerability in Gleez CMS 1.2.0 Allows Unauthorized Administrator Account Addition CSRF Vulnerability in fledrCMS Allows Unauthorized Password Change XSS Vulnerability in puppyCMS 5.1 via menu.php Add Page/URL URL Link Field CSRF Vulnerability in portfolioCMS 1.0.5 Allows Unauthorized Creation of Pages CSRF Vulnerability in portfolioCMS 1.0.5 Allows Unauthorized Website Settings Update Cross-Site Scripting (XSS) Vulnerability in IBM Rational Rhapsody Design Manager and IBM Rational Software Architect Design Manager CSRF Vulnerability in REDAXO CMS 4.7.2 Allows Unauthorized Administrator Account Creation CSRF Vulnerability in Flexo CMS v0.1.6 Allows Unauthorized Administrator Addition Denial of Service Vulnerability in Technicolor TC7200.20 Devices via MAC Flooding Endless Recursion Vulnerability in xkbcommon and libxkbcommon NULL Pointer Dereference Vulnerability in xkbcommon Parser NULL Pointer Dereference Vulnerability in xkbcommon Parser Denial of Service Vulnerability in xkbcommon Keymap Parser Invalid Free Vulnerability in xkbcommon Keymap Parsers NULL Pointer Dereference Vulnerability in CopyKeyAliasesToKeymap in xkbcommon NULL Pointer Dereference in ExprResolveLhs in xkbcommon before 0.8.2 NULL Pointer Dereference in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 NULL Pointer Dereference in LookupModMask in xkbcommon NULL Pointer Dereference Vulnerability in xkbcommon's ResolveStateAndPredicate Function NULL Pointer Dereference in resolve_keysym in xkbcommon parser.y Critical Privilege Escalation Vulnerability in Pulse Secure Desktop (macOS) ChronoScan Version 1.5.4.3 and Earlier SQL Injection Vulnerability Unvalidated Image Loading Vulnerability in AWS CLI Information Disclosure Vulnerability in IBM Rational Rhapsody and Rational Software Architect Design Manager Invalid Memory Address Dereference in libming 0.4.8: Denial of Service Vulnerability Invalid Memory Address Dereference Vulnerability in libming 0.4.8 SQL Injection Vulnerability in Sentrifugo 3.2 via deptid Parameter XSS Vulnerability in D-Link DIR-615 Routers 20.07: Injecting JavaScript via DHCP Hostname Field JavaScript Injection Vulnerability in D-Link DIR-615 Routers 20.07 Vulnerability: CAPTCHA Bypass in ajax-bootmodal-login Plugin OS Command Injection Vulnerability in Plainview Activity Monitor Plugin for WordPress XML External Entity Injection (XXE) Vulnerability in IBM Jazz Foundation Stored XSS Vulnerability in Joomla! User Profile Page ACL Violation Due to Inadequate Checks in Joomla! before 3.8.12 Inadequate InputFilter Checks Allow Upload of Malicious Phar Files in Joomla! HTML Injection Vulnerability in RICOH MP C4504ex Devices Covert Operation Detection Vulnerability in Ovation FindMe 1.4-1083-1 Arbitrary PHP Code Execution in Monstra CMS 3.0.4 via Modified Snippet Content Authenticated Remote Command Execution in ASUS DSL-N12E_C1 1.1.2.3_345 User Registration Vulnerability in ASPCMS 2.5.6 Arbitrary OS Command Execution Vulnerability in EthereumJ 1.8.2 Stored JavaScript Command Injection in FreePBX Core SQL Injection Vulnerability in FreePBX 13 and 14 DISA Module SQL Injection Vulnerability in WUZHI CMS 4.1.0 via copyfrom.php SQL Injection Vulnerability in WUZHI CMS 4.1.0 via keyValue Parameter in /coreframe/app/admin/pay/admin/index.php Incomplete Fix for SSRF Vulnerability in idreamsoft iCMS 7.0.11 XSS Vulnerability in PHP Scripts Mall Website Seller Script 2.0.5 via Personal Address or Company Name Denial of Service Vulnerability in PHP Scripts Mall Website Seller Script 2.0.5 Improper Certificate Validation in Subsonic Music Streamer 4.4 for Android Allows Man-in-the-Middle Attacks XSS Vulnerability in MiniCMS 1.10's post.php?date= Endpoint CSRF Vulnerability in e107 2.1.8 Allows Unauthorized Password Changes Stored Cross Site Scripting (XSS) Vulnerability in Claromentis 8.2.2's Discuss Module A10 ACOS Web Application Firewall (WAF) SQL Injection Attack Blocking Rules Misconfiguration Vulnerability Arbitrary Code Execution via SolarWinds Serv-U FTP Server 15.1.6 Import Feature Denial of Service Vulnerability in Technicolor TC8305C Devices via MAC Flooding Arbitrary File Write Vulnerability in Artifex Ghostscript 9.23 Type Confusion Vulnerability in Artifex Ghostscript 9.23 Type Confusion Vulnerability in Artifex Ghostscript Uninitialized Memory Access Vulnerability in Artifex Ghostscript 9.23 Arbitrary Package Installation and Removal Vulnerability in Manjaro Linux Unvalidated Redirect and Cross-Site Scripting (XSS) Vulnerability in Cloudera Manager Persistent Cross-Site Scripting (XSS) Vulnerability in Jorani 0.6.5 SQL Injection Vulnerability in Jorani 0.6.5 Allows Unauthorized Access to Sensitive Data Username Enumeration Vulnerability in OpenSSH 7.8 Use After Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Missing File Checksums in IBM Multi-Cloud Data Encryption (MDE) 2.1 Allows Unauthorized Data Manipulation Untrusted Pointer Dereference Vulnerability in Adobe Acrobat and Reader Untrusted Pointer Dereference Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Untrusted Pointer Dereference Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Arbitrary Command Execution Vulnerability in IBM Spectrum Symphony and Platform Symphony Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Buffer Errors Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Deserialization of Untrusted Data Vulnerability in Adobe ColdFusion Deserialization of Untrusted Data Vulnerability in Adobe ColdFusion Deserialization of Untrusted Data Vulnerability in Adobe ColdFusion Arbitrary File Overwrite Vulnerability in Adobe ColdFusion Versions July 12 Release Unrestricted File Upload Vulnerability in Adobe ColdFusion Adobe ColdFusion Directory Listing Vulnerability Arbitrary Folder Creation Vulnerability in Adobe ColdFusion Use of Component with Known Vulnerability in Adobe ColdFusion Versions: Information Disclosure Vulnerability Deserialization of Untrusted Data Vulnerability in Adobe ColdFusion Adobe Acrobat and Reader Privilege Escalation Vulnerability Privilege Escalation Vulnerability in Adobe Flash Player Versions 30.0.0.154 and Earlier Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Stored Cross-Site Scripting Vulnerability in Adobe Experience Manager Versions 6.0-6.4 Reflected Cross-Site Scripting Vulnerability in Adobe Experience Manager Versions 6.0-6.4 Reflected Cross-Site Scripting Vulnerability in Adobe Experience Manager Versions 6.0-6.4 Stored Cross-Site Scripting Vulnerability in Adobe Experience Manager Versions 6.0-6.4 Stored Cross-Site Scripting Vulnerability in Adobe Experience Manager Versions 6.0-6.4 Insecure Library Loading (DLL Hijacking) Vulnerability in Adobe Framemaker Insecure Library Loading (DLL Hijacking) Vulnerability in Adobe Technical Communications Suite Out-of-Bounds Read Vulnerability in Flash Player Versions 31.0.0.122 and Earlier Adobe Acrobat and Reader NTLM SSO Hash Theft Vulnerability Out-of-Bounds Read Vulnerability in Adobe Photoshop CC Versions 19.1.6 and Earlier Type Confusion Vulnerability in Flash Player: Arbitrary Code Execution Use After Free Vulnerability in Flash Player Versions 31.0.0.153 and Earlier Insecure Library Loading (DLL Hijacking) Vulnerability in Flash Player Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Integer Overflow Vulnerability in Adobe Acrobat and Reader Buffer Errors Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Remote Clickjacking Vulnerability in IBM API Connect 5.0.0.0 through 5.0.8.3 Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Integer Overflow Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Buffer Errors Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Clear Text Transmission of Sensitive Data in IBM BigFix Platform 9.2 and 9.5 Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Untrusted Pointer Dereference Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Integer Overflow Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Integer Overflow Vulnerability in Adobe Acrobat and Reader Cross-Site Scripting (XSS) Vulnerability in IBM Rational Quality Manager (RQM) 5.0 - 6.0.6 Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Adobe Acrobat and Reader Privilege Escalation Vulnerability Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Cross-Site Scripting (XSS) Vulnerability in IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Heap Overflow Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Cross-Site Scripting (XSS) Vulnerability in IBM Rational Quality Manager (RQM) 5.0 - 6.0.6 Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Cross-Site Scripting (XSS) Vulnerability in IBM Rational Quality Manager (RQM) 5.0 - 6.0.6 Use After Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Adobe Acrobat and Reader Multiple Versions Security Bypass Vulnerability Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Adobe Acrobat and Reader Privilege Escalation Vulnerability Adobe Acrobat and Reader Privilege Escalation Vulnerability Use After Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Missing Authorization Control for API Repository Storage Sensitive Data Disclosure in Sidekiq Logs through Error Message Cross-Site Scripting (XSS) Vulnerability in IBM Rational Quality Manager (RQM) 5.0 - 6.0.6 Persistent XSS in Merge Request Changes View Orphaned Upload Files Exposure Vulnerability in GitLab Authenticated Command Injection Vulnerability in pfSense before 2.4.4 Bluetooth Attribute Protocol Dissector Crash Vulnerability Radiotap Dissector Crash Vulnerability in Wireshark Bluetooth AVDTP Dissector Crash Vulnerability in Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16 Directory Traversal Vulnerability in Endress+Hauser WirelessHART Fieldgate SWG70 3.x Devices Sensitive Information Disclosure Vulnerability in IBM Jazz Based Applications Mitsubishi Electric SmartRTU Devices: Remote Information Disclosure Vulnerability Cross-Site Scripting (XSS) Vulnerability in Mitsubishi Electric SmartRTU Devices Heap-based Buffer Over-read in dwarf_getaranges.c in libdw in elfutils Bypassing Navigation Restrictions via Crafted Chrome Extension in Google Chrome (CVE-2018-6177) Use-after-free vulnerability in V8 allows remote code execution in Google Chrome Use After Free Vulnerability in Google Chrome (CVE-2018-6177) Use After Free Vulnerability in WebAudio in Google Chrome Sandbox Escape Vulnerability in Google Chrome Prior to 69.0.3497.81 Cross-Origin Data Leakage Vulnerability in SwiftShader in Google Chrome XML External Entity Injection (XXE) Vulnerability in IBM Rational Engineering Lifecycle Manager Skia Integer Overflow Vulnerability in Google Chrome Use After Free Vulnerability in WebRTC in Google Chrome Bypassing Same Origin Policy via HLS Manifests in Google Chrome Bypassing Site Isolation in Google Chrome: Insufficient Policy Enforcement Vulnerability Bypassing Site Isolation in Google Chrome: Insufficient Policy Enforcement Vulnerability Local File Data Disclosure Vulnerability in Google Chrome Out of Bounds Memory Read Vulnerability in PDFium Bypassing Content Security Policy via Object Lifecycle Issue in Google Chrome Credit Card Data Leakage Vulnerability in Google Chrome Autofill Omnibox Spoofing Vulnerability in Google Chrome prior to 69.0.3497.81 Weak Cryptographic Algorithms in IBM Rational Engineering Lifecycle Manager 6.0 through 6.0.6 Omnibox Spoofing Vulnerability in Google Chrome on macOS Local File Access Vulnerability in Google Chrome DevTools Out of Bounds Read Vulnerability in Swiftshader in Google Chrome Out of Bounds Read Vulnerability in WebRTC in Google Chrome Default Selected Dialog Button Remote Code Execution Vulnerability in Google Chrome Use After Free Vulnerability in ResourceCoordinator in Google Chrome Bypassing Navigation Restrictions via Crafted Chrome Extension in Google Chrome (CVE-2018-6177) Bypassing Navigation Restrictions in Google Chrome Prior to 69.0.3497.81 Arbitrary File Download Vulnerability in Google Chrome (CVE-2018-6177) Command Injection Vulnerability in System Management Module (SMM) Firmware Update Images SMM Versions Prior to 1.06: Post-Authentication Command Injection Vulnerability Buffer Overflow Vulnerabilities in SMM Certificate Creation and Parsing Logic Sensitive Information Exposure in System Management Module (SMM) Versions Prior to 1.06 File Write Vulnerability in LXCI for VMware Buffer Overflow Vulnerability in System Management Module (SMM) Versions Prior to 1.06 Password Hash Leakage in System Management Module (SMM) Versions Prior to 1.06 Cross-Site Scripting (XSS) Vulnerability in SMM Web Interface for Enclosure VPD Insufficient Sanitization in LXCI Allows Authenticated User to Write to System Files Unquoted Search Path Vulnerability in Lenovo ThinkPads: Unauthorized Code Execution Risk Cross-Site Scripting (XSS) Vulnerability in IBM Rational DOORS Next Generation Message Disclosure and Modification Vulnerability in Lightbend Akka 2.5.x SQL Injection Vulnerability in AccountStatus.jsp in Sophos XG Firewall 17.0.8 MR-8 Admin Portal Sophos XG Firewall 17.0.8 MR-8 - Remote Command Execution Vulnerability in Admin Portal Sophos XG Firewall 17.0.8 MR-8 API Configuration Component Remote Command Execution Vulnerability Remote Code Execution Vulnerability in TP-Link WR1043nd (Firmware Version 3) HTTP Server Authentication Bypass Vulnerability in IBM QRadar Incident Forensics Arbitrary System Command Execution in Xiaomi Mi Router 3 (v2.22.15) via request_mitv Vulnerability Denial of Service Vulnerability in Lightbend Akka HTTP via ZIP Bomb Memory Exhaustion Vulnerability in Open Whisper Signal iOS App Directory Traversal Vulnerability in Cybrotech CyBroHttpServer 1.0.3 XSS Vulnerability in Cybrotech CyBroHttpServer 1.0.3 via URI Location Permission Dialog Spoofing Vulnerability in Opera Mini for Android CSRF Vulnerability in IPBRICK OS 6.3 Administrator Interface Multiple SQL Injections in IPBRICK OS 6.3 Web Management Console Multiple XSS Vulnerabilities in IPBRICK OS 6.3 Administration Page Arbitrary Web Script Injection Vulnerability in BIBLIOsoft BIBLIOpac 2008 Remote Information Disclosure Vulnerability in IBM WebSphere Application Server Buffer Underwrite Vulnerability in get_line() in fig2dev 3.2.7a Arbitrary File Deletion Vulnerability in ThinkCMF X2.2.3 Reflected XSS Vulnerability in PHPOK 4.8.278 via _back Parameter Command Injection Vulnerability in Opsview Monitor's NetAudit Test Connection Functionality Privilege Escalation Vulnerability in Opsview Monitor Arbitrary Command Injection in Opsview Monitor 5.4.x Web Management Console Cross-Site Scripting (XSS) Vulnerability in Opsview Monitor's /settings/api/router Endpoint Cross-Site Scripting (XSS) Vulnerability in Opsview Monitor's /rest Endpoint Blind Trust in ASN.1 Lengths in sig_verify() in axTLS Version 2.1.3 and Earlier PKCS#1 v1.5 Signature Verification Vulnerability in axTLS RSA Signature Verification Vulnerability in GMP Plugin in strongSwan 4.x and 5.x before 5.7.0 RSA Signature Verification Vulnerability in GMP Plugin in strongSwan 4.x and 5.x before 5.7.0 Opencast Authentication Vulnerability: Disclosure of System Digest Credentials Unauthenticated DLL Hijacking Vulnerability in PaperStream IP (TWAIN) 1.42.0.5685 Vulnerability: Logic Flaw in Waimai Super Cms 20150505 Allows Price Modification and Free Cart Checkout Insecure SSH Key Management in Eaton Power Xpert Meter Devices SQL Injection Vulnerability in Gift Vouchers Plugin for WordPress Authentication Bypass Vulnerability in SecureCore Standard Edition Version 2.x Privilege Escalation Vulnerability in OpenDolphin 2.7.0 and Earlier User Credential Exposure in OpenDolphin 2.7.0 and Earlier Authentication Bypass Vulnerability in OpenDolphin 2.7.0 and Earlier Arbitrary Code Injection Vulnerability in Event Calendar WD Plugin Arbitrary Web Script Injection Vulnerability in LogonTracer 1.2.0 and Earlier XML External Entity (XXE) Vulnerability in LogonTracer 1.2.0 and Earlier Arbitrary OS Command Execution Vulnerability in LogonTracer 1.2.0 and Earlier Python Code Injection Vulnerability in LogonTracer 1.2.0 and Earlier Remote Code Execution in Cybozu Remote Service 3.0.0 to 3.1.0 Cybozu Remote Service Directory Traversal Vulnerability Cybozu Remote Service 3.0.0 to 3.1.8 Directory Traversal Remote Code Execution Vulnerability Clickjacking Vulnerability in Cybozu Remote Service Allows Remote Deletion of Client Certificates Cross-Site Scripting Vulnerability in LearnPress Prior to Version 3.1.0 Open Redirect Vulnerability in LearnPress Prior to Version 3.1.0: Remote Phishing Attack Vector SQL Injection Vulnerability in LearnPress Prior to Version 3.1.0 Allows Arbitrary SQL Command Execution Untrusted Search Path Vulnerability in Mapping Tool Installer Allows Privilege Escalation Untrusted Search Path Vulnerability in Windows 10 Fall Creators Update Installer Bypassing Access Restriction in Cybozu Garoon Single Sign-On Function Unverified Server Certificate Vulnerability in Mizuho Direct App for Android Directory Traversal Vulnerability in IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 Cross-Site Scripting Vulnerability in i-FILTER Ver.9.50R05 and Earlier HTTP Header Injection Vulnerability in i-FILTER Ver.9.50R05 and Earlier Untrusted Search Path Vulnerability in MARKET SPEED Ver.16.4 and Earlier Installer Unquoted Search Path Vulnerability in Pre-installed Applications on Panasonic PC Remote Code Execution Vulnerability in RICOH Interactive Whiteboard D2200, D5500, D5510, D5520, D6500, D6510, D7500, and D8400 Remote Code Execution Vulnerability in RICOH Interactive Whiteboard and Controller Hard-coded Credentials Vulnerability in RICOH Interactive Whiteboard and Controller Unverified Server Certificates Vulnerability in RICOH Interactive Whiteboards RICOH Interactive Whiteboard SQL Injection Vulnerability Untrusted Search Path Vulnerability in UNLHA32.DLL Self-Extracting Archives Untrusted Search Path Vulnerability in UNARJ32.DLL, LHMelting, and LMLzh32.DLL Open Redirect Vulnerability in EC-CUBE (Versions 3.0.0 - 3.0.16) Information Disclosure Vulnerability in Aterm WF1200CR and Aterm WG1200CR Cross-site scripting vulnerability in Aterm WF1200CR and Aterm WG1200CR firmware versions 1.1.1 and earlier allows authenticated attackers to inject arbitrary web script or HTML. Arbitrary OS Command Execution Vulnerability in Aterm WF1200CR and Aterm WG1200CR Arbitrary OS Command Execution via SOAP Interface in Aterm WF1200CR and Aterm WG1200CR Denial of Service Vulnerability in Yokogawa Vnet/IP Open Communication Driver Toshiba Home Gateway Access Restriction Bypass Vulnerability Undocumented Developer Screen Access Vulnerability in Toshiba Home Gateway HEM-GW16A and HEM-GW26A Arbitrary Web Script Injection Vulnerability in Toshiba Home Gateway HEM-GW16A and HEM-GW26A Arbitrary OS Command Execution in Toshiba Home Gateway HEM-GW16A and HEM-GW26A Hard-coded Credentials Vulnerability in Toshiba Home Gateway HEM-GW16A and HEM-GW26A Cordova-Plugin-Ionic-Webview Directory Traversal Vulnerability Authentication Bypass Vulnerability in PgpoolAdmin 4.0 and Earlier Cross-Site Scripting Vulnerability in Google XML Sitemaps Plugin Arbitrary Code Injection Vulnerability in GROWI v3.2.3 and Earlier Arbitrary Code Injection Vulnerability in WordPress Plugin Spam-ByeBye 2.2.1 and Earlier Unauthorized File Alteration Vulnerability in PowerAct Pro Master Agent for Windows Version 5.13 and Earlier Clear Text Password Exposure in IBM WebSphere Application Server XSS Vulnerability in WAGO 750-88X and WAGO 750-89X Ethernet Controller Devices Command Injection Vulnerability in AudioCodes 405HD VoIP Phone (Firmware 2.2.12) Command Injection Vulnerability in Yeahlink Ultra-elegant IP Phone SIP-T41P (Firmware 66.83.0.35) CSRF Vulnerability in Yeahlink Ultra-elegant IP Phone SIP-T41P Firmware 66.83.0.35 Missing Password Verification in AudioCodes 405HD VoIP Phone Firmware 2.2.12 Allows Unauthorized Password Change Cross-Site Request Forgery Vulnerability in IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 Cross Site Scripting (XSS) Vulnerability in AudioCodes 405HD VoIP Phone Firmware 2.2.12 Path Traversal Vulnerability in Yeahlink Ultra-elegant IP Phone SIP-T41P (Firmware 66.83.0.35) Cleartext Storage of Credentials in iSmartAlarmData.xml Configuration File Insecure Cryptographic Storage of Credentials in QBee Cam Android App iSmartAlarm Cube One through 2.2.4.10 Diagnostic Files Access Control Vulnerability Unencrypted Network Traffic Vulnerability in QBee MultiSensor Camera Reflected Cross-Site Scripting (XSS) Vulnerability in Mitel MiVoice Office 400 Buffer Over-read Vulnerability in IEEE 802.11 Parser Buffer Over-read Vulnerability in HNCP Parser of tcpdump Buffer Over-read Vulnerability in tcpdump's DCCP Parser Local File Disclosure Vulnerability in IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 Buffer Over-read Vulnerability in BGP Parser of tcpdump Denial of Service Vulnerability in Michael Roth Software Personal FTP Server (PFTP) through 8.4f Authenticated Command Injection Vulnerability in IPFire Firewall XSS Vulnerability in MiniCMS V1.10 via mc-admin/post-edit.php tags Parameter XSS Vulnerability in MorningStar WhatWeb 0.4.9 via JSON Report Files Cross-Site Scripting (XSS) Vulnerability in Telligent Community Feed RSS Widget XSS Vulnerability in cPanel 74 via Crafted Filename in Logs Subdirectory Directory Traversal Vulnerability in damiCMS V6.0.1 via '|' Characters in s Parameter Remote Code Execution via Multipart/Form-Data POST in damiCMS V6.0.1 Vulnerability: Session Cookie Guessing in damiCMS V6.0.1 oBike Vulnerability: Bypassing Locking Mechanism via Bluetooth Low Energy Replay Attack Multiple Persistent XSS Vulnerabilities in SolarWinds Database Performance Analyzer (DPA) XSS Vulnerability in YzmCMS 5.1 via admin/system_manage/user_config_add.html Title Parameter XSS Vulnerability in b3log Solo 2.9.3: Remote Code Injection via articleTags Field Cross-Site Scripting (XSS) Vulnerability in Symphony 3.3.0 and earlier Sensitive Information Disclosure in IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 XSS Vulnerability in Utilisateur Menu of Creatiwity wityCMS 0.6.2 Search for User Discovery Injection Vulnerability in Creatiwity wityCMS 0.6.2 XML External Entity Injection in FsPro Labs Event Log Explorer 4.6.1.2115 PKCS#1 v1.5 Signature Verification Vulnerability in axTLS XSS Vulnerability in WP All Import Plugin 3.4.9 for WordPress via action=options XSS Vulnerability in WP All Import Plugin 3.4.9 for WordPress via action=evaluate XSS Vulnerability in WP All Import Plugin 3.4.9 via Add Filtering Options (Add Rule) XSS Vulnerabilities in WP All Import Plugin 3.4.9 via action=template (Admin-Only Exploit) XSS Vulnerability in WP All Import Plugin 3.4.9 for WordPress via pmxi-admin-import custom_type XSS Vulnerability in WP All Import Plugin 3.4.9 for WordPress via pmxi-admin-settings large_feed_limit Session Fixation/Hijacking Vulnerability in IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 Privilege Escalation Vulnerability in Pulse Secure Pulse Desktop Client: Dynamic Certificate Trust Improper D-Bus Security Policy Configurations in Tizen's pkgmgr System Service Allow Unprivileged Process to Perform Package Management Actions Unprivileged Process Control Vulnerability in Tizen's PulseAudio System Service Improper D-Bus Security Policy Configurations in BlueZ System Service in Tizen Improper D-Bus Security Policy Configurations in Tizen's bt/bt_core Service Allow Unauthorized Bluetooth Pairing Improper D-Bus Security Policy Configurations in Tizen Allow Unprivileged Process to Control or Capture Windows Improper D-Bus Security Policy Configurations in Tizen's system-popup System Service Unprivileged Process Exploitation in Tizen SoundServer/FocusServer System Services Improper D-Bus Security Policy Configurations in Samsung Galaxy Gear Series Allows Unauthorized Access to Notification Message Data Unrestricted Bluetooth HCI Packet Dumping Vulnerability in Samsung Galaxy Gear Series Improper D-Bus Security Policy Configurations in Samsung Galaxy Gear Series Allows Unauthorized Mailbox Manipulation and Email Spoofing Unprivileged Process Exploitation: Full Wi-Fi Interface Control in Samsung Galaxy Gear Series CSV Injection Vulnerability in OPSWAT MetaDefender (before v4.11.2) Vulnerability in yurex USB Driver Allows Kernel Crash and Privilege Escalation XSS Vulnerability in XWiki Image Import Function Arbitrary SQL Command Execution Vulnerability in PhpOpenSourceCMS (POSCMS) V3.2.0 Incorrect Access Control in DEISER Profields - Project Custom Fields App for Jira (Version 6.0.2 and below) Command Injection Vulnerability in Moxa EDR-810 V4.2 Build 18041013 Directory Traversal Vulnerability in Wechat Broadcast Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in UserPro WordPress Plugin Authentication Bypass Vulnerability in LG SuperSign CMS File Upload Vulnerability in LG SuperSign CMS via signEzUI/playlist/edit/upload/..%2f URIs Arbitrary File Reading Vulnerability in LG SuperSign CMS Use-after-free vulnerability in Foxit Reader and PhantomPDF JavaScript Engine Use-after-free vulnerability in Foxit Reader and PhantomPDF JavaScript Engine Use-after-free vulnerability in Foxit Reader and PhantomPDF JavaScript Engine Use-after-free vulnerability in Foxit Reader and PhantomPDF JavaScript Engine Use-after-free vulnerability in Foxit Reader and PhantomPDF JavaScript Engine Use-after-free vulnerability in Foxit Reader and PhantomPDF JavaScript Engine Use-after-free vulnerability in Foxit Reader and PhantomPDF JavaScript Engine XSS Vulnerability in MiniCMS 1.10: mc-admin/post.php?tag= Directory Traversal Vulnerability in Localize My Post Plugin 1.0 for WordPress Local Privilege Escalation Vulnerability in IBM Informix Dynamic Server Enterprise Edition 12.1 Unlimited Recursion Vulnerability in BGP Parser of tcpdump Buffer Overflow Vulnerability in tcpdump's Command-Line Argument Parser Buffer Overflow Vulnerability in MediaComm Zip-n-Go before 4.95 Denial of Service Vulnerability in PDF-XChange Editor Out-of-band Resource Load Vulnerability in Xiaomi MIWiFi Xiaomi_55DD Version 2.8.50 Devices CSV Injection Vulnerability in Ninja Forms Plugin for WordPress Local Privilege Escalation Vulnerability in IBM Informix Dynamic Server Enterprise Edition 12.1 Denial of Service Vulnerability in Technicolor TG588V V2 Devices via MAC Address Flood XSS Vulnerability in Bludit 2.3.4 via User Name CSRF Token Bypass in idreamsoft iCMS 7.0.11 CSRF Vulnerability in waimai Super Cms 20150505 Allows Unauthorized Configuration Changes Stored XSS Vulnerability in Portainer through 1.19.1 via Team Name Field Local Privilege Escalation Vulnerability in IBM Informix Dynamic Server Enterprise Edition 12.1 Arbitrary PHP Code Execution Vulnerability in iCMS 7.0.11 Uninitialized Data Leak in ReadXBMImage Function of ImageMagick Cross-Site Scripting (XSS) Vulnerability in IceWarp Server 12.0.3.1 and Earlier XSS Vulnerability in GetSimple CMS 3.4.0.9: Admin/Edit.php Title Field XSS Vulnerability in PHP Scripts Mall Olx Clone 3.4.2 Stored XSS Vulnerability in Subrion 4.2.1 Admin Panel URL Configuration NULL Pointer Dereference in CheckEventLogging Function in ImageMagick NULL Pointer Dereference in GetMagickProperty function in ImageMagick Symbolic Link Vulnerability in IBM Informix Dynamic Server Enterprise Edition 12.1 XSS Vulnerability in Pandao Editor.md 1.5.0 via Crafted IMG Element Attributes CSRF Vulnerability in DamiCMS v6.0.0 Allows Password Change for Administrator Account CSRF Vulnerability in iCMS 7.0.9 AdminCP.php Buffer Overflow Vulnerability in Tenda AC Series Routers OS Command Injection in Tenda AC9 and AC10 Devices via POST Request Heap-based Buffer Overflow in LibTIFF 4.0.9's ChopUpSingleUncompressedStrip Function Exiv2 v0.26 Denial of Service Vulnerability in PngChunk::parseTXTChunk CSRF Vulnerability in Cscms V4.1.8 Allows Unauthorized Modification of Website Configuration CSRF Vulnerability in AuraCMS 2.3 Allows Unauthorized Password Change and Content Manipulation CSRF Vulnerability in EmpireCMS 7.0 Allows Unauthorized Administrator Addition Symbolic Link Vulnerability in IBM Informix Dynamic Server Enterprise Edition 12.1 Allows Local User to Gain Root Privileges XSS Vulnerability in ShowDoc v1.8.0 via New Page Arbitrary Code Execution Vulnerability in SeaCMS 6.61 Remote File Deletion Vulnerability in zzcms 8.3 CSRF Vulnerability in EasyCMS 1.5 Allows Unauthorized Password Update XSS Vulnerability in ChemCMS 1.0.6 via Setting -> Website Information Field Cross-Site Scripting (XSS) Vulnerability in Gleez CMS v1.2.0 via media/imagecache/resize XSS Vulnerability in SeaCMS V6.61 via admin_video.php v_content Parameter XSS Vulnerability in WUZHI CMS 4.1.0 via index.php?m=link&f=index&v=add Form[remark] Parameter Stack-based Buffer Overflow in IBM Informix Dynamic Server Enterprise Edition 12.1 Allows Privilege Escalation XSS Vulnerability in WUZHI CMS 4.1.0 via index.php?m=core&f=set&v=basic form[statcode] parameter PHP Code Upload Vulnerability in WeaselCMS 0.3.6 via index.php SQL Injection Vulnerability in FHCRM SQL Injection Vulnerability in FHCRM SQL Injection Vulnerability in PbootCMS via api.php/List/index Order Parameter SQL Injection Vulnerability in PbootCMS via api.php/Cms/search Order Parameter Cross-Site Scripting (XSS) Vulnerability in Dotclear Media Manager Vulnerability: Unauthorized File Renaming in Google gVisor Seccomp Sandbox Stack-based Buffer Overflow in IBM Informix Dynamic Server Enterprise Edition 12.1 Allows Privilege Escalation XSS Vulnerability in BTITeam XBTIT 2.5.4 via news.php Cross-Site Scripting (XSS) Vulnerability in Source Integration Plugin for MantisBT XSS Vulnerability in mndpsingh287 File Manager Plugin V2.9 for WordPress Remote Code Execution Vulnerability in Zoho ManageEngine Applications Manager via SMB Share CSRF Vulnerability in idreamsoft iCMS V7.0.10 CSRF Vulnerability in idreamsoft iCMS V7.0.10 Sandbox Access Control Vulnerability in OnlineJudge 2.0 Allows Unauthorized File Writing and Data Leakage Heap-based Buffer Over-read in Xpdf 4.00 via SplashXPath::strokeAdjust Denial of Service Vulnerability in Xpdf 4.00 via Crafted PDF File (CVE-2018-7453) Arbitrary PHP Code Execution Vulnerability in PESCMS Team 2.2.1 Multiple Reflected XSS Vulnerabilities in PESCMS Team 2.2.1 via keyword parameter Reflected XSS Vulnerability in IdeaCMS (Discontinued) Frog CMS 0.9.5 Upload Vulnerability Stored XSS Vulnerability in Frog CMS 0.9.5 via /admin/?/plugin/comment/settings Heap-based Buffer Overflow in OpenJPEG 2.3.0's pnmtoimage Function Heap-based Buffer Overflow in OpenJPEG 2.3.0's t2_encode_packet Function XSS Vulnerability in Ogma CMS 0.4 Beta via Footer Text footer Field Lack of Two Factor Authentication (TFA) during password reset in IBM API Connect 5.0.0.0-5.0.8.3 Developer Portal CSRF Vulnerability in Ogma CMS 0.4 Beta Allows Unauthorized Admin Account Creation XSS Vulnerability in e107 2.1.8 via user_loginname parameter in e107_admin/users.php Buffer Over-read Vulnerability in NASM 2.14rc15's x86/regflags.c OWASP ModSecurity Core Rule Set SQL Injection Bypass Vulnerability SQL Injection in ThinkPHP before 5.1.23 via public/index/index/test/index query string Log Injection Vulnerability in SWIFT Alliance Web Platform 7.1.23 CSRF Vulnerability in Elefant CMS Allows Unauthorized Account Addition Arbitrary PHP Code Execution via Image Upload in e107 2.1.8 SQL Injection Vulnerability in e107 2.1.8 via old_ip Parameter in e107_admin/banlist.php Unauthorized Access to Sensitive Information in Jazz Reporting Service Buffer Overflow Vulnerabilities in OpenSC's muscle_list_files Function Buffer Overflow Vulnerabilities in libopensc/card-tcos.c in OpenSC Buffer Overflow Vulnerabilities in OpenSC's Gemsafe V1 Smartcard Handling OpenSSL Library Vulnerability: Illegitimate Certificate Acceptance Unpacking Tainted Strings Vulnerability Arbitrary File Read Vulnerability in LimeSurvey before 3.14.7 Regular Expression Mishandling in Twistlock AuthZ Broker 0.1 Allows Bypass of Container Policy Arbitrary Command Execution Vulnerability in IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 Double Free Vulnerability in libelf/elf_end.c in elfutils 0.173 Heap-based Buffer Over-read in libdw in elfutils 0.173 XSS Vulnerability in Mayan EDMS Appearance App XSS Vulnerability in Mayan EDMS Cabinets App XSS Vulnerability in Mayan EDMS Tags App Remote Code Execution Vulnerability in D-Link DIR-846 Firmware 100.26 SSRF Vulnerability in Gogs 0.11.53 Allows Arbitrary HTTP GET Requests via Migrate Endpoint SQL Injection Vulnerability in Vanilla 2.6.1 Heap-Based Buffer Over-Read Vulnerability in ImageMagick 7.0.8-11 Q16 Heap-Based Buffer Over-Read Vulnerability in ImageMagick 7.0.8-11 Q16 CSRF Vulnerability in FUEL CMS 1.4 Allows Password Change by Remote Attackers Aruba Instant Command Injection Vulnerability Buffer Overflow Vulnerability in OpenSC's util_acl_to_str Function Buffer Overflow Vulnerabilities in OpenSC's Cryptoflex Card Handling Buffer Overflow Vulnerabilities in ePass 2003 Card Handling in OpenSC Buffer Overflow Vulnerability in OpenSC's CAC Card Handling Buffer Overflow Vulnerability in OpenSC's sc_pkcs15emu_esteid_init Function Double Free Vulnerability in OpenSC's sc_file_set_sec_attr Function Double Free Vulnerability in OpenSC's eGK Card Tool Double Free Vulnerability in OpenSC's HSM Card Response Handling Endless Recursion Vulnerability in iasecc_select_file in OpenSC Out of Bounds Read Vulnerability in OpenSC Library NULL Pointer Dereference in g_markup_parse_context_end_parse() in GNOME GLib 2.56.1 Out-of-Bounds Read Vulnerability in GNOME GLib 2.56.1's g_markup_parse_context_parse() Cross-Site Scripting Vulnerability in IBM WebSphere Application Server Installation Verification Tool Out-of-Bounds Read Vulnerability in GNU Libextractor's EXTRACTOR_zip_extract_method() CSRF Vulnerability in YFCMF v3.0 Allows Unauthorized Administrator Account Addition SQL Injection Vulnerability in BlueCMS 1.6 via user_name Parameter Heap-based Buffer Overflow in Little CMS 2.9 Critical SQL Injection Vulnerability in Gxlcms 2.0 (Pre-Bug Fix 20180915) Directory Traversal Vulnerability in Gxlcms 2.0 (Pre-Bug Fix 20180915) Allows Administrator Exploitation Out of Bounds Read Vulnerability in HDF HDF5 1.8.20 Library User Information Disclosure Vulnerability in IBM WebSphere Commerce SSRF Vulnerability in SeaCMS 6.61 via url Parameter in adm1n/admin_reslib.php SQL Injection Vulnerability in SeaCMS 6.61 via tid Parameter in adm1n/admin_topic_vod.php Arbitrary File Deletion Vulnerability in SeaCMS CSRF Vulnerability in Frog CMS 0.9.5 User Edit Functionality CSRF Vulnerabilities in CSCMS 4: Unauthorized Member Creation, VIP Authentication, and Super Admin Creation CSRF Vulnerabilities in OneThink 1.1.141212 Reflected XSS Vulnerability in CraftedWeb (through 2013-09-24) via the p Parameter Buffer Over-read Vulnerability in tcpdump's SMB Parser Stack Exhaustion Vulnerability in SMB Parser of tcpdump Cross-Site Scripting (XSS) Vulnerability in PHP Scripts Mall Domain Lookup Script 3.0.5 Denial of Service Vulnerability in PHP Scripts Mall Currency Converter Script 2.0.5 Cross-Site Scripting (XSS) Vulnerability in PHP Scripts Mall Market Place Script 1.0.1 via Keyword Parameter XSS Vulnerability in PHP Scripts Mall Website Seller Script 2.0.5 via Keyword Directory Listing Vulnerability in PHP Scripts Mall Open Source Real-estate Script 3.6.2 CSRF Vulnerability in baigo CMS v2.1.1 Allows Unauthorized Article Publication Unescaped Payload in exceljs <v1.6: Possible XSS via Cell Value in Browser Display Arbitrary Command Execution Vulnerability in ps Package for Node.js (Versions <1.0.0) Arbitrary Command Execution Vulnerability in libnmapp Package Command Injection Vulnerability in apex-publish-static-files npm Module (Version <2.0.1) Session Fixation Vulnerability in Nextcloud Server Prior to 14.0.0, 13.0.3, and 12.0.8 Password Bypass Vulnerability in Nextcloud Server Lack of Second Factor Enforcement in Nextcloud Server prior to 14.0.0 Access Control Bypass in Nextcloud Server versions prior to 14.0.0, 13.0.6, and 12.0.11 Unauthorized Access to Previews of Password Protected Shares in Nextcloud Server Unsanitized JavaScript Vulnerability in Loofah Gem for Ruby Prototype Pollution Vulnerability in merge.recursive function of merge package <1.2.1 Denial of Service Vulnerability in IBM QRadar Incident Forensics 7.2 and 7.3 Rack Multipart Parser Denial of Service Vulnerability XSS Vulnerability in Rack's `scheme` Method Prototype Pollution Vulnerability in Cached-Path-Relative Versions <=1.0.1 Path Traversal Vulnerability in takeapeek Module (<=0.2.2) Allows Directory and File Listing Stored XSS Vulnerability in Tianma-Static Module (<=1.0.4) Allows Arbitrary JavaScript Execution Path Traversal Vulnerability in Knightjs <= 0.0.1: Arbitrary File Read Active Job Broken Access Control Vulnerability Active Storage Bypass Vulnerability in Google Cloud Storage and Disk Services Path Traversal Vulnerability in simplehttpserver <=0.2.1 Allows Listing Files Outside Web Root Path Traversal Vulnerability in http-live-simulator <1.0.7 Allows Unauthorized Access to Arbitrary Files Weak Cryptographic Algorithms in IBM QRadar SIEM 7.2 and 7.3: Vulnerability to Information Decryption XSS Vulnerability in Module Public <0.1.4 Allows Execution of Malicious JavaScript Code Critical XSS Vulnerability in html-page <=2.1.1 Allows Execution of Malicious JavaScript Code Server Directory Traversal Vulnerability in mcstatic <=0.0.20: Exploiting Sensitive Information Disclosure Privilege Escalation Vulnerability in express-cart <=1.1.5 Allows Unauthorized User Access Critical XSS Vulnerability in m-server <1.4.2: Execution of Malicious Code via Unescaped Folder Names Path Traversal Vulnerability in m-server <1.4.1: Unauthorized Access to File Content Prototype Pollution Vulnerability in defaults-deep <=0.2.4 Allows Property Injection onto Object.prototype Prototype Pollution Vulnerability in lodash <4.17.11: Exploiting merge and defaultsDeep Functions Prototype Pollution Vulnerability in just-extend <4.0.0 Allows Property Injection onto Object.prototype Directory Traversal Vulnerability in IBM QRadar Incident Forensics 7.2 and 7.3 Prototype Pollution Vulnerability in mpath <0.5.1 Allows Arbitrary Property Injection Prototype Pollution Vulnerability in node.extend <1.1.7, ~<2.0.1 Prototype Pollution Vulnerability in extend <2.0.2, ~<3.0.2 Path Traversal Vulnerability in static-resource-server 1.7.2 Allows Unauthorized File Access Vulnerability: Insecure Umask Setting in Versa Servers Allows Unauthorized Access Session Hijacking Vulnerability in VOS: Failure to Issue New Session ID After Successful Login Unauthenticated Access Vulnerability in Versa Director Privilege Escalation Vulnerability in Versa Analytics Cron Jobs Vulnerability: Unencrypted Backup Files in Versa Director Expose Credentials VOS Compromised: Man-in-the-Middle Attack Vulnerability and Violation of Data Protection TSR Hard-coded Credentials Vulnerability in IBM QRadar SIEM 7.2 and 7.3 Privilege Escalation Vulnerability in Artifex Ghostscript Remote Code Execution Vulnerability in Artifex Ghostscript Type Confusion Vulnerability in Artifex Ghostscript Type Confusion Vulnerability in Artifex Ghostscript Cross-Site Scripting (XSS) Vulnerability in MantisBT 2.1.0 through 2.17.0 via Crafted PATH_INFO Improper Transaction and Event Signature Validation in Matrix Synapse before 0.33.3.1 Reflected XSS Vulnerability in Flask-Admin 1.5.2 via Crafted URL NULL Pointer Dereference Vulnerability in asm/labels.c in Netwide Assembler (NASM) Directory Traversal Vulnerability with Remote Code Execution in Prim'X Zed! FREE and Zed! Limited Edition Cross-Site Scripting (XSS) Vulnerability in COYO 9.0.8, 10.0.11, and 12.0.4 via iFrame Widget URLs Denial of Service Vulnerability in IBM DataPower Gateway and IBM MQ Appliance XML External Entity (XXE) Vulnerability in OpenMRS Reference Application 2.8.0 Uninitialized Pointer Free Vulnerability in AWS FreeRTOS SOCKETS_SetSockOpt Division by Zero Vulnerability in AWS FreeRTOS and WITTENSTEIN WHIS Connect TCP/IP Component Information Disclosure Vulnerability in AWS FreeRTOS and WITTENSTEIN WHIS Connect TCP/IP Component Buffer Overflow Vulnerability in AWS FreeRTOS, FreeRTOS+TCP, and WITTENSTEIN WHIS Connect TCP/IP Component Buffer Overflow Vulnerability in Amazon Web Services (AWS) FreeRTOS and WITTENSTEIN WHIS Connect Middleware Information Disclosure Vulnerability in AWS FreeRTOS and WITTENSTEIN WHIS Connect TCP/IP Component Arbitrary Code Execution Vulnerability in AWS FreeRTOS through 1.3.1 Forcepoint Email Security 8.5.x Password Reset Exploitation Vulnerability Cross-Site Scripting (XSS) Vulnerability in IBM Security Access Manager Appliance 9.0.x Stack-based Buffer Overflow in Forcepoint Email Security v8.5: Potential Denial-of-Service and RCE Vulnerability Improper Access Checking in Artifex Ghostscript Allows Disclosure of System Files Open Redirect Vulnerability in IBM Curam Social Program Management Use-after-free vulnerability in Artifex Ghostscript PDF14 Converter Incorrect Free Logic in Pagedevice Replacement Vulnerability in Artifex Ghostscript Insufficient Interpreter Stack-Size Checking Vulnerability in Artifex Ghostscript Unspecified Impact Vulnerability in Artifex Ghostscript before 9.24 Arbitrary Code Execution Vulnerability via File Impersonation in Kaizen Asset Manager and Training Manager (Enterprise Edition) Hardcoded SSL Private Key Vulnerability in Amcrest Networked Devices Memory Leak in ZZIPlib: Denial of Service Vulnerability Directory Traversal Vulnerability in HScripts PHP File Browser Script v1.0 Exposure of Kernel Memory via rmsock Command in IBM AIX Bypassing Brute-Force Authentication Protection in TeamViewer 10.x-13.x XSS Vulnerability in LavaLite 5.5 via /edit URI CSRF Vulnerability in MicroPyramid Django-CRM 0.2 Remote Code Execution Vulnerability in Jspxcms 9.0.0 Inconsistent sprintf Format String in ProcessGpsInfo Function of jhead 3.00 Allows for Denial-of-Service Attack Title: Cross-Site Scripting (XSS) Vulnerability in SCALANCE S602, S612, S623, and S627-2M Web Server Vulnerability: Denial of Service in SIMATIC S7-400 CPUs Denial of Service Vulnerability in SIMATIC S7-400 CPUs Denial-of-Service Vulnerability in SIMATIC S7-1500 CPU Denial-of-Service Vulnerability in SIMATIC S7-1500 CPU Path Traversal Vulnerability in IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) Title: Denial-of-Service Vulnerability in SIMATIC S7-300 CPUs (All versions < V3.X.16) Denial-of-Service Vulnerability in Multiple Firmware Variants and SIPROTEC 5 Relays Cross-Site Scripting (XSS) Vulnerability in IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 HTTP Header Injection Vulnerability in IBM Jazz Foundation Memory Corruption Vulnerability in Artifex Ghostscript Remote Code Execution via Malicious Email in OTRS Arbitrary File Deletion Vulnerability in OTRS Privilege Escalation via World-Writable Intermediate Directories in SUSE useradd.c Cross-Site Scripting (XSS) Vulnerability in IBM Rational Engineering Lifecycle Manager Client-side JavaScript authentication in FURUNO FELCOM 250 and 500 devices poses a significant vulnerability. Unauthenticated Password Change Vulnerability in FURUNO FELCOM 250 and 500 Devices Shell Metacharacter Injection Vulnerability in Sony Bravia TV's Photo Sharing Plus Component Directory Traversal Vulnerability in Sony Bravia TV's Photo Sharing Plus Component Buffer Overflow Vulnerability in Sony Bravia TV's Photo Sharing Plus Component LAN UPnP Service Stack-Based Buffer Overflow Vulnerability Vulnerability in OverlayFS Mounts Allows Unauthorized File Modification or Truncation Unauthenticated DNS Response Acceptance Vulnerability Out of Bounds Memory Access Vulnerability in AWS FreeRTOS and WITTENSTEIN WHIS Connect Cross-Site Scripting (XSS) Vulnerability in IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 Out of Bounds Memory Access Vulnerability in AWS FreeRTOS and WITTENSTEIN WHIS Connect Memory Space Copy Vulnerability in Amazon Web Services (AWS) FreeRTOS and WITTENSTEIN WHIS Connect Middleware Out of Bounds Memory Access Vulnerability in AWS FreeRTOS and WITTENSTEIN WHIS Connect Out of Bounds Access Vulnerability in AWS FreeRTOS and WITTENSTEIN WHIS Connect Arbitrary PHP Code Execution Vulnerability in Nibbleblog v4.0.5 Cross-Site Scripting (XSS) Vulnerability in D-Link DIR-600M Dynamic DNS Configuration Insecure Direct Object Reference (IDOR) vulnerability in ProConf before 6.1 allows unauthorized access to submitted papers and personal information. Arbitrary Web Script Injection Vulnerability in Open-AudIT Professional Edition 2.2.7 Insecure Direct Object Reference (IDOR) allows unauthorized password changes in Monstra CMS 3.0.4 Cross-Site Request Forgery Vulnerability in IBM DataPower Gateways 7.5-7.6 Privilege Escalation Vulnerability in wpForo Forum Plugin Remote Command Execution Vulnerability in VTech Storio Max (before 56.D3JM6) Cross-Site Scripting (XSS) Vulnerability in Sonatype Nexus Repository Manager before 3.14 Incorrect Access Control in Sonatype Nexus Repository Manager before 3.14 Java Expression Language Injection in Sonatype Nexus Repository Manager before 3.14 Multiple Cross-Site Scripting (XSS) Vulnerabilities in DoraCMS v2.0.3 Persistent XSS Vulnerability in Kirby V2.5.12 via Site Options Title in Admin Panel Dashboard Dropdown Cross-Site Scripting (XSS) Vulnerability in Kirby v2.5.12 via New Page Title XSS Vulnerability in Typesetter 5.1 via SVG File Upload XSS Vulnerability in Typesetter 5.1: Description of New Class Name in index.php/Admin/Classes Host Header Injection in Kirby v2.5.12 Login Panel via Forget Password Feature Cross-Site Scripting (XSS) Vulnerability in Kirby v2.5.12 Panel/Login XSS Vulnerability in Subrion CMS v4.2.1 via SVG File with JavaScript in SCRIPT Element Improper HTTP Strict Transport Security Configuration in IBM DataPower Gateways XSS Vulnerability in Kirby v2.5.12 via Site Files SVG Upload Cross-Site Scripting (XSS) Vulnerability in Subrion CMS v4.2.1 via SITE TITLE Parameter XSS Vulnerability in Mezzanine CMS v4.3.1 via /admin/blog/blogcategory/add/?_to_field=id&_popup=1 title parameter Cross-Site Scripting (XSS) Vulnerability in Pluck v4.7.7 via admin.php?action=editpage&page= Page Title CSRF Vulnerability in Pluck v4.7.7 via admin.php?action=settings XSS Vulnerability in Blackcat CMS 1.3.2 via willkommen.php?lang=DE Page Title HTML Injection Vulnerability in Nucleus CMS 3.70 via index.php Body Parameter Cross-Site Scripting (XSS) Vulnerability in Evolution CMS 1.4.x via page weblink title parameter Cross-Site Scripting (XSS) Vulnerability in Evolution CMS 1.4.x via manager/search Parameter Cross-Site Scripting (XSS) Vulnerability in Typesetter 5.1 via index.php/Admin LABEL Parameter IBM DataPower Gateway AMP Management Interface Authorization Header Echoing Vulnerability Memory Leak Vulnerability in ImageMagick 7.0.8-5: ReadOneJNGImage in coders/png.c Memory Leak Vulnerability in ImageMagick 7.0.8-6's TIFFWritePhotoshopLayers Function Out-of-Bounds Write Vulnerability in ImageMagick 7.0.7-37's InsertRow Function Denial of Service Vulnerability in ImageMagick 7.0.8-4 Denial of Service Vulnerability in ImageMagick 7.0.8-11 Excessive Memory Allocation Vulnerability in ImageMagick 7.0.8-11 Infinite Recursion DoS Vulnerability in Poppler 0.68.0 Denial of Service Vulnerability in Artifex MuPDF 1.13.0 Denial of Service Vulnerability in Artifex MuPDF 1.13.0 Weak Cryptographic Algorithms in IBM DataPower Gateway CSRF Vulnerability in phpMyFAQ before 2.9.11 CSV Injection Vulnerability in phpMyFAQ Admin Backend XSS Vulnerability in rejucms 2.1 via ucenter/cms_user_add.php u_name parameter Cross-Site Scripting (XSS) Vulnerability in Zurmo 3.2.4 Stable XSS Vulnerability in Gxlcms 1.0 via PATH_INFO to ThinkException.tpl.php Arbitrary Document Reading Vulnerability on Kyocera TASKalfa 4002i and 6002i Devices Denial of Service and Arbitrary Code Execution Vulnerability in Kamailio Information Leak in cdrom_ioctl_drive_status in Linux Kernel SQL Injection Vulnerability in Rausoft ID.prove 2.95 Login Page Arbitrary Message Injection Vulnerability in IBM DataPower Gateway Command Injection Vulnerability in Imperva SecureSphere Gateway Stack-based Buffer Overflow in parse_relations in Contiki-NG AQL Parser Buffer Overflow in lvm_set_type while Parsing AQL in Contiki-NG Buffer Overflow in AQL Parsing in Contiki-NG through 4.1 Stack-based Buffer Overflow in AQL Lexer while Parsing Next String Buffer Over-read Vulnerability in Contiki-NG's AQL Parsing Internal Installation Path Disclosure in CIRCONTROL CirCarLife Unprivileged User Access to Admin Credentials in CIRCONTROL Open Charge Point Protocol (OCPP) Cross-Site Scripting (XSS) Vulnerability in IBM DataPower Gateway Unauthenticated PLC Status Disclosure in CIRCONTROL CirCarLife Authentication Bypass Vulnerability in CIRCONTROL CirCarLife Sensitive Information Exfiltration in CIRCONTROL CirCarLife Null Login Vulnerability in IBM DataPower Gateway Appliances XML External Entity Injection (XXE) Vulnerability in IBM DataPower Gateway Information Disclosure Vulnerability in IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 User Enumeration and Brute-Force Password Attack Vulnerability in Gleez CMS 1.2.0 Insecure Direct Object Reference vulnerability in Gleez CMS v1.2.0 allows unauthorized access to user profiles Unauthenticated Access to Sensitive Credentials in FURUNO FELCOM 250 and 500 Devices Unauthenticated Remote Reboot Vulnerability in LG SuperSign CMS Remote File Read/Write Vulnerability in Fuji Xerox DocuCentre and ApeosPort Devices HTML Injection Vulnerability in IBM Curam Social Program Management 7.0.3 OctoPrint Remote Information Disclosure and Denial of Service Vulnerability Arbitrary Code Execution Vulnerability in IObit Advanced SystemCare Vulnerability in IObit Advanced SystemCare Allows Unauthorized Access to Physical Memory Arbitrary Code Execution Vulnerability in IObit Advanced SystemCare Insecure Permissions Allow Unauthorized Modification of CTES Windows Agent Files Path Traversal Vulnerability in NCBI ToolBox Allows Arbitrary File Access and Deletion Heap-Based Buffer Overflow in nph-viewgif.cgi in NCBI ToolBox Legacy Versions XSS Vulnerability in NCBI ToolBox Legacy Versions via Crafted -z1 Argument in wwwblast.c Denial of Service and Potential Impact Vulnerability in Jingyun Antivirus v2.4.2.39 User Impersonation Vulnerability in IBM WebSphere Portal Local Denial of Service Vulnerability in Jingyun Antivirus v2.4.2.39 Local Denial of Service Vulnerability in Jingyun Antivirus v2.4.2.39 Local Denial of Service Vulnerability in Jingyun Antivirus v2.4.2.39 Denial of Service Vulnerability in Jingyun Antivirus v2.4.2.39 Driver (ZySandbox.sys) Blind SQL Injection Vulnerability in baijiacms V4 via order parameter XSS Vulnerability in baijiacms V4 via Non-standard Use of Flash Component HTML Injection Vulnerability in razorCMS 3.4.7 via Homepage Description in Settings Component Stored XSS vulnerability in razorCMS 3.4.7 via homepage keywords in settings component XSS Vulnerability in feindura 2.0.7 via tags field in new page creation XSS Vulnerability in Pluck 4.7.7 via SVG File Upload Cross-Site Scripting (XSS) Vulnerability in IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 XSS Vulnerability in CScms 4.1 via site name in Install.php Arbitrary File Upload Vulnerability in CScms 4.1 CSRF Vulnerability in CScms 4.1 Setting.php Plugin Unverified Block Range Vulnerability in Go Ethereum (geth) TraceChain Function Cross-Site Scripting (XSS) Vulnerability in rcfilters Plugin 2.1.6 for Roundcube Critical Authentication Protocol Vulnerability in tinc (before 1.0.30) Broken Authentication Protocol in Tinc 1.0.30 through 1.0.34 with Partial Mitigation Path Traversal Vulnerability in ABUS TVIP Devices Allows Arbitrary Code Execution with Root Privileges SQL Injection Vulnerability in IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1 Command Injection Vulnerability in mgetty Stack-based Buffer Overflow in mgetty Stack-based Buffer Overflow in mgetty's login.c Command Injection Vulnerability in mgetty Buffer Overflow Vulnerability in mgetty's fax_notify_mail() Function Denial of Service Vulnerability in ImageMagick 7.0.7-29 and Earlier Exposure of Password Hashes in IBM Tivoli Application Dependency Discovery Manager Memory Leak in ImageMagick's formatIPTCfromBuffer Function Remote Code Execution Vulnerability in LINK-NET LW-N605R Devices Man-in-the-Middle Attack Exploiting Missing Message Authentication in Tinc VPN XSS Vulnerability in EasyCMS v1.4 via onhashchange Event Cross-Site Scripting (XSS) Vulnerability in IBM Planning Analytics 2.0.0 through 2.0.4 Open Redirect Vulnerability in Eventum before 3.4.0 SQL Injection Vulnerability in FUEL CMS 1.4.1 via layout, published, or search_term parameters Pre-Auth Remote Code Execution in FUEL CMS 1.4.1 via pages/select/ and preview/ parameters Heap-based Buffer Over-read in WAVM Virtual Machine Heap Buffer Overflow Vulnerability in WAVM Denial of Service Vulnerability in WAVM Virtual Machine Heap Buffer Overflow Vulnerability in WAVM Virtual Machine Heap Buffer Overflow Vulnerability in WAVM Denial of Service Vulnerability in WAVM Virtual Machine Denial of Service Vulnerability in IBM DataPower Gateways and IBM MQ Appliance Denial of Service Vulnerability in WAVM Virtual Machine Hoosk v1.7.0 SiteUrl PHP Code Execution Vulnerability XSS Vulnerability in Hoosk v1.7.0 via Navigation Title in admin/pages/new XSS Vulnerability in EasyCMS 1.5 via index.php?s=/admin/fields/update/navTabId/listfields/callbackType/closeCurrent Content Field Arbitrary File Deletion Vulnerability in HongCMS 3.0.0 XSS Vulnerability in Victor CMS Categories Menu XSS Vulnerability in wityCMS 0.6.2 via Site Name Field in Contact Configuration Page Jenzabar v8.2.1 through 9.2.0 Cross-Site Scripting (XSS) Vulnerability in Search Field XSS Vulnerability in BlogCMS through 2016-10-25 via Comment XSS Vulnerability in Complete Responsive CMS Blog (CVE-2018-05-20) Denial of Service Vulnerability in ffjpeg.dll Buffer Overflow in libimageworsener.a in ImageWorsener 1.3.2 DedeCMS 5.7 SP2 XML Injection Vulnerability XML Injection Vulnerability in DedeCMS V5.7 SP2: Exploiting Webshell Creation via Script Injection Cross-Site Scripting (XSS) Vulnerability in DedeCMS 5.7 SP2 via onhashchange Attribute in msg Parameter Infinite Loop Denial of Service Vulnerability in shellinabox Unauthenticated User Information Disclosure Vulnerability in IBM Sterling B2B Integrator Standard Edition 5.2 through 5.2.6 Heap-Based Buffer Over-Read Vulnerability in libbson 1.12.0 SolarWinds SFTP/SCP Server Configuration File Vulnerability SolarWinds SFTP/SCP Server XXE Vulnerability SSRF Vulnerability in Microsoft Exchange Server 2010 SP3 and Previous Versions via OWA Login Page SSRF Vulnerability in Microsoft ADFS 4.0 Windows Server 2016 and Previous Cross-Site Request Forgery (CSRF) vulnerability in OpenEMR 5.0.1.3 allows unauthorized file uploads Unrestricted File Upload Vulnerability in HiScout GRC Suite before 3.1.5 Heap-based Buffer Overflow in PotPlayerMini.exe in PotPlayer 1.7.8556 via Malicious .wav File Weak Password Requirement in IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 Privilege Escalation via Incomplete Fix for CVE-2018-16509 in Artifex Ghostscript SQL Injection Vulnerability in CIMTechniques CIMScan 6.x through 6.2 SOAP WSDL Parser Cross-Site Scripting (XSS) Vulnerability in UCMS 1.4.6 Title Bar Cross-Site Scripting (XSS) Vulnerability in b3log Solo 2.9.3 - Input Page under Publish Articles Menu Vulnerability in Pektron Passive Keyless Entry and Start (PKES) System Allows Key Fob Cloning Memory Leak Vulnerability in Bro's Kerberos Protocol Parser Stored XSS in Dolibarr Expense Reports Plugin SQL Injection in Dolibarr Expense Reports Module Arbitrary File Deletion Vulnerability in Monstra CMS 3.0.4 IBM Watson Studio Local 1.2.3 Information Disclosure Vulnerability Arbitrary Directory Listing Vulnerability in Monstra CMS 3.0.4 Arbitrary Directory Listing Vulnerability in SeaCMS 6.64 SQL Injection Vulnerability in SeaCMS 6.64 via upload/admin/admin_video.php order parameter Unencrypted ORB Communication Vulnerability in IBM WebSphere Application Server Liberty Bypassing trusted_dir Protection Mechanism in Smarty CSRF Vulnerability in xunfeng 0.2.0 Allows Configuration Modification via Flash File XSS Vulnerability in Zoho ManageEngine Desktop Central 10.0.271 via Features & Articles Search Field Directory Traversal Vulnerability in Rubedo CMS Theme Component Sensitive Data Leakage in Ansible User Module SSSD Group Policy Objects Implementation Allows Unauthorized Access Buffer Overrun Vulnerability in Curl SASL Authentication Code IBM WebSphere MQ 8.0 through 9.1 MQTT Topic String Denial of Service Vulnerability Heap Use-After-Free Vulnerability in Curl Versions 7.59.0 - 7.61.1 Double-free vulnerability in Samba's KDC leading to denial of service Heap-based Buffer Over-read Vulnerability in Curl Versions 7.14.1 - 7.61.1 Excessive Memory Consumption Vulnerability in nginx HTTP/2 Implementation Excessive CPU Usage Vulnerability in nginx HTTP/2 Implementation Vulnerability in ngx_http_mp4_module in nginx Authenticated Ceph RGW Users Denial of Service Vulnerability OOB Heap Buffer Read/Write Vulnerability in QEMU's NVM Express Controller Emulation Denial of Service (DoS) Vulnerability in OpenStack Mistral 7.0.3 OpenStack-Mistral SSH Private Key Filename Disclosure Vulnerability Local File Read Vulnerability in IBM DB2 for Linux, UNIX and Windows SQL Injection Vulnerability in PostgreSQL's pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING Samba LDAP Denial of Service Vulnerability Samba DNS Management Server NULL Pointer Dereference Vulnerability Vulnerability: Samba AD DC Crash via MIT Kerberos Configuration Cross-Site Request Forgery Vulnerability in Moodle Login Form Out-of-Bounds Memory Read Vulnerability in PowerDNS Recursor Sensitive Information Exposure in Openstack-Octavia Log Files Vulnerability: Inadequate Password Monitoring in Samba AD DC Configurations LibreOffice Directory Traversal Vulnerability Vulnerability: Plaintext Password Exposure in Ansible Playbooks on Windows Platforms Cross-Site Scripting (XSS) Vulnerability in IBM Maximo Asset Management 7.6 through 7.6.3 Samba Heimdal KDC Implementation Man-in-the-Middle Vulnerability Cross-Site Scripting (XSS) Vulnerability in Foreman Component of Satellite Linux Kernel Cleancache Subsystem Inode Truncation Vulnerability Vulnerability: Incomplete Fix for CVE-2018-16509 in Ghostscript 9.07 Stack Clash Vulnerability in systemd-journald Allows Privilege Escalation Memory Allocation Vulnerability in systemd-journald Vulnerability: Out of Bounds Read in systemd-journald Path Traversal Vulnerability in qemu MTP (CVE-XXXX-XXXX) Bleichenbacher Side-Channel Padding Oracle Attack in gnutls Bleichenbacher Side-Channel Padding Oracle Attack in Nettle's RSA Decryption Vulnerability: Bleichenbacher Attack Variant in wolfSSL NFS Null Pointer Dereference Vulnerability QEMU Media Transfer Protocol (MTP) TOCTTOU Vulnerability Remote Code Execution Vulnerability in go get Command with -u Flag and Malicious Go Package Import Path Directory Traversal Vulnerability in go get Command with Curly Brace Characters in Import Path CPU Denial of Service Vulnerability in Go TLS Servers and Clients Information Disclosure Vulnerability in Ansible's vvv+ Mode with no_log Local Privilege Escalation Vulnerability in Pacemaker's Client-Server Authentication Insufficient Verification in Pacemaker 2.0.1 Allows DoS Attacks Insecure Channel Configuration in Ansible Tower Allows Data Leak and Denial of Service Attacks Cross-Site Scripting Vulnerability in IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 through 6.0.6) Out-of-Bounds Write Vulnerability in Linux Kernel's handle_rx() Function in vhost_net Driver Denial of Service Vulnerability in rsyslog's imptcp Module Use-After-Free Vulnerability in Linux Kernel's KVM Hypervisor with Nested Virtualization Inadequate Access Restriction in SSSD Infopipe Use-after-free vulnerability in Linux kernel's NFS41+ subsystem allows for host kernel memory corruption and system panic Vulnerability in Linux Kernel 3.10.x Allows Memory Access Fault and System Halt Improper Authentication in etcd with RBAC and Client-Cert-Auth Cross-Site Scripting (XSS) Vulnerability in Katello Component of Satellite Privilege Escalation Vulnerability in systemd Ceph v4 Auth Encryption Key Leakage via Debug Logging Heap Buffer Out-of-Bounds Read Vulnerability in libcurl Cross-Site Scripting (XSS) Vulnerability in IBM Rhapsody Model Manager 6.0.6 Cross-Site Scripting (XSS) Vulnerability in IBM Rational Quality Manager (RQM) 5.0 - 6.0.6 Cross-Site Scripting (XSS) Vulnerability in IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 Vulnerability: Failure to Enable HTTP Strict Transport Security in IBM Jazz Applications Unauthenticated Access to Backup Files and User Credentials in LG Smart Network Cameras Unauthenticated Remote Code Execution in OpenAFS Backup Tape Controller (butc) Process Memory Leakage in OpenAFS RPC Server Routines Unbounded Array Type Vulnerability in OpenAFS Spoofing Vulnerability in IBM WebSphere Application Server 7.0, 8.0, and 8.5.5 Denial of Service Vulnerability in Inteno DG400 WU7U_ELION3.11.6-170614_1328 Devices Xunfeng 0.2.0 CSRF Command Execution Vulnerability Cross-Site Request Forgery Vulnerability in Oracle WebCenter Interaction Portal 10.3.3 Reflected Cross-Site Scripting (XSS) in Oracle WebCenter Interaction Portal 10.3.3 Insecure Redirection Vulnerability in Oracle WebCenter Interaction Portal 10.3.3 Reflected Cross-Site Scripting (XSS) in Oracle WebCenter Interaction Portal 10.3.3 Unvalidated Page Rename Request Vulnerability in Oracle WebCenter Interaction Portal 10.3.3 Hardcoded Password Vulnerability in Oracle WebCenter Interaction 10.3.3 Search Service Session Hijacking Vulnerability in Oracle WebCenter Interaction Portal 10.3.3 Insecure Default User Profile Configuration in Oracle WebCenter Interaction Portal 10.3.3 Reflected XSS Vulnerability in Open XDMoD 7.5.0 via xd_user_formal_name Parameter Path Traversal Vulnerability in Open XDMoD Allows Remote PDF File Reading Privilege Escalation Vulnerability in Webroot SecureAnywhere for macOS HTML Injection and Stored XSS in Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109 via /ServiceContractDef.do contractName parameter CSRF Vulnerability in mndpsingh287 File Manager Plugin 3.0 for WordPress XSS Vulnerability in mndpsingh287 File Manager Plugin 3.0 for WordPress Directory Traversal Vulnerability in Citrix ShareFile StorageZones Controller before 5.4.2 Information Exposure Through Error Message in Citrix ShareFile StorageZones Controller before 5.4.2 User Enumeration Vulnerability in IBM Maximo Asset Management 7.6 Insecure Direct Object Reference (IDOR) Vulnerability in Wisetail Learning Ecosystem (LE) v4.11.6 Insecure Direct Object Reference (IDOR) Vulnerability in Wisetail Learning Ecosystem (LE) v4.11.6 Elefant CMS 2.0.7 PHP Code Execution Vulnerability in File Manager Elefant CMS 2.0.7 - PHP Code Execution Vulnerability in /designer/add/stylesheet.php Unintended Access Vulnerability in Gitolite before 3.6.9 Information Leakage Risk in Monstra CMS V3.0.4: PATH, DOCUMENT_ROOT, and SERVER_ADMIN Vulnerability XSS Vulnerability in Monstra CMS V3.0.4 Registration with Crafted Password Parameter HTTP Header Injection in Monstra CMS V3.0.4 via plugins/captcha/crypt/cryptographp.php cfg parameter Information Disclosure Vulnerability in IBM Maximo Asset Management 7.6 through 7.6.3 XSS Vulnerability in dotCMS V5.0.1: /html/portlet/ext/contentlet/image_tools/index.jsp fieldName and inode Parameters Heap-Based Buffer Overflow in stb_image.h 2.19: Vulnerability in stbi__out_gif_code Function Denial of Service Vulnerability in Open Chinese Convert (OpenCC) 1.0.5 Bypassing Script Blocking in NoScript Classic before 5.1.8.7 Unprivileged Users Can Read Password Hashes in Django Admin Invalid Memory Address Vulnerability in Lizard (formerly LZ5) 2.0 Buffer Overflow Vulnerability in Texas Instruments BLE-STACK v2.2.1 for SimpleLink CC2640 and CC2650 Devices Cleartext Password Exposure in Squash TM Administration Panel Weak Password Reset Mechanism Allows for Account Takeover in Open XDMoD SQL Injection Vulnerability in IBM Maximo Asset Management 7.6 through 7.6.3 Unauthenticated Remote Lock-Up Vulnerability in PHOENIX CONTACT and Bosch Rexroth Fieldbus Couplers Invalid Memory Write Vulnerability in NASM 2.14rc15's expand_smacro in preproc.c NULL Pointer Dereference Vulnerability in LibTIFF 4.0.9 HTML Injection and Stored XSS Vulnerabilities in RICOH SP 4510SF Printer's Address Entry System HTML Injection and Stored XSS Vulnerabilities in RICOH MP 2001 Printer's Address Entry System LimeSurvey 3.14.7: HTML Injection and Stored XSS Vulnerability in Appendix via surveyls_title Parameter Denial of Service Vulnerability in TP-Link TL-WR886N Routers Vulnerability: Denial of Service via Long JSON Data on TP-Link TL-WR886N Routers Vulnerability: Denial of Service via Long JSON Data on TP-Link TL-WR886N Routers Denial of Service Vulnerability in TP-Link TL-WR886N Routers Vulnerability: Denial of Service (DoS) via Long JSON Data on TP-Link TL-WR886N Routers Vulnerability: Denial of Service (DoS) via Long JSON Data on TP-Link TL-WR886N Routers Command Injection Vulnerability in IBM InfoSphere Information Server 11.7 Vulnerability: Denial of Service (DoS) via Long JSON Data on TP-Link TL-WR886N Routers Denial of Service Vulnerability in TP-Link TL-WR886N Routers Vulnerability: Denial of Service (DoS) via Long JSON Data on TP-Link TL-WR886N Routers Denial of Service Vulnerability in TP-Link TL-WR886N Routers Denial of Service Vulnerability in TP-Link TL-WR886N Routers Denial of Service Vulnerability in TP-Link TL-WR886N Routers Vulnerability: Denial of Service via Long JSON Data on TP-Link TL-WR886N Routers Denial of Service Vulnerability in TP-Link TL-WR886N Routers Denial of Service Vulnerability in TP-Link TL-WR886N Routers IRC Protocol Names Command Parsing DoS Vulnerability in Bro through 2.5.5 XML External Entity Injection (XXE) Vulnerability in IBM Platform Symphony and IBM Spectrum Symphony Denial of Service Vulnerability in ASUS GT-AC5300 Firmware through 3.0.0.4.384_32738 Arbitrary Web Script Injection Vulnerability in ASUS GT-AC5300 Firmware through 3.0.0.4.384_32738 ASUS GT-AC5300 Router Stack-based Buffer Overflow Vulnerability CSRF Vulnerability in ASUS GT-AC5300 Routers Allows Password Hijacking XSS Vulnerability in Monstra CMS 3.0.4 via page_meta_title Parameter XSS Vulnerability in Monstra CMS 3.0.4 via admin/index.php XSS Vulnerability in Monstra CMS 3.0.4 via admin/index.php Arbitrary Code Execution in BigTree CMS 4.2.23 via process.php MIME Type Sniffing XSS Vulnerability in Gogs 0.11.53 XSS Vulnerability in UCMS 1.4.6 via install/index.php mysql_dbname Parameter SQL Injection Vulnerability in UCMS 1.4.6 Installation via mysql_dbname Parameter PHP Code Injection Vulnerability in UCMS 1.4.6 and 1.6 during Installation User Level Escalation Vulnerability in UCMS 1.4.6 Cross-Site Scripting (XSS) Vulnerability in MiniCMS 1.10 via Crafted URI in Internet Explorer Open Redirect Vulnerability in IBM Platform Symphony and IBM Spectrum Symphony Infinite Loop Vulnerability in dbf2txt through 2012-07-19 Heap-based Buffer Overflow in doc2txt's Storage::init function Stored XSS Vulnerability in YzmCMS 5.1 via admin/system_manage/user_config_add.html Title Parameter CSRF Vulnerability in CMS MaeloStore V.1.5.0 Allows Unauthorized Password Change XSS Vulnerability in containers/outputBox/outputBox.vue and store/index.js before 2018-08-21 SQL Injection Vulnerability in FDCMS 4.2 XSS Vulnerability in CQU-LANKERS (2017-11-02) via public/api.php callback parameter in uploadpic action Information Disclosure Vulnerability in IBM Platform Symphony and IBM Spectrum Symphony Integer Overflow Vulnerability in PolyAi (AI) Smart Contract Allows Arbitrary Balance Manipulation XSS Vulnerability in K-Net Cisco Configuration Manager Cross-site scripting (XSS) vulnerability in Progress Sitefinity CMS Identity Server versions 10.0 through 11.0 Cross-site scripting (XSS) vulnerability in Progress Sitefinity CMS Identity Server versions 10.0 through 11.0 Arbitrary File Upload Vulnerability in Progress Sitefinity CMS: Image Uploads Arbitrary Web Script Injection Vulnerability in ServiceStack in Progress Sitefinity CMS versions 10.2 through 11.0 Arbitrary Data Deserialization Vulnerability in TCPDF Arbitrary File Upload Vulnerability in JABA XPress Online Shop Cross-Site Scripting Vulnerability in IBM Spectrum Symphony 7.2.0.2 Telerik Extensions for ASP.NET MVC: Unrestricted File Access Vulnerability Cross-Site Scripting (XSS) Vulnerability in BullGuard Safe Browsing Cross-Site Scripting (XSS) Vulnerability in SeaCMS 6.64 via Multiple Parameters Command Injection Vulnerability in D-Link DIR-816 A2 1.10 B05 Devices Command Injection Vulnerability in D-Link DIR-816 A2 1.10 B05 Devices Stack-based Buffer Overflow in D-Link DIR-816 A2 1.10 B05 DDNS Handler Function Command Injection Vulnerability in D-Link DIR-816 A2 1.10 B05 Devices Stack-based Buffer Overflow in D-Link DIR-816 A2 1.10 B05 Devices Command Injection Vulnerability in D-Link DIR-816 A2 1.10 B05 Devices CSRF Vulnerability in UNL-CMS 7.59 Allows Unauthorized Content Creation CSRF Vulnerability in UNL-CMS 7.59 Allows Unauthorized Website Settings Update Lucky9io Lottery Smart Contract Vulnerability: Exploitable Random Number Generation and Currency Unit Misconfiguration Buffer Over-read Vulnerability in JSON++ (CVE-2016-06-15) NULL Pointer Dereference Vulnerability in Wernsey/Bitmap Prior to 2018-08-18 with 4-bit Image Open Redirect Vulnerability in Feed Statistics Plugin for WordPress HTML Parsing Vulnerability in Go's html package Stack Overflow Vulnerability in GPP through 2.25 Stored XSS Vulnerability in yiqicms (through 2016-11-20) Allows Bypassing Length Limit in comment.php Stored XSS Vulnerability in ZRLOG 2.0.1 Comment Nickname Field Information Disclosure Vulnerability in IBM Spectrum Symphony WebUI CSRF Vulnerability in e107 2.1.9: Arbitrary Page Title Modification XSS Vulnerability in Apache2 Component of PHP Cross-Site Scripting (XSS) Vulnerability in OTCMS 3.61 via admin/users.php Parameters Cross-Site Scripting (XSS) Vulnerability in OTCMS 3.61 via admin/share_switch.php Parameters Integer Overflow Vulnerability in ProcessGpsInfo Function of jhead 3.00 Stored XSS Vulnerability in DonLinkage 6.6.8 Information Disclosure Vulnerability in DonLinkage 6.6.8 SQL Injection Vulnerability in DonLinkage 6.6.8 Allows Unauthorized Database Access Heap-based Buffer Overflow in Expand3To4Module::run in audiofile 0.3.x Denial of Service Vulnerability in BPMDetect Class of Olli Parviainen SoundTouch 2.0 Double Free Vulnerability in WavFileBase Class of SoundTouch 2.0 Heap Corruption Vulnerability in WavFileBase Class of SoundTouch 2.0 Buffer Overflow Vulnerability in IBM DB2 db2licm Tool Integer Overflow in multiply_ms in LibTIFF 4.0.9 Out-of-Bounds Write Vulnerabilities in LibTIFF 4.0.9 CSRF Vulnerability Allows Unauthorized Password Change in QuickAppsCMS CSRF Vulnerability in GetSimple CMS v3.3.13 Allows Unauthorized Password Change CSRF Vulnerability in Microweber 1.0.7 Allows Unauthorized Account Creation Buffer Overflow Vulnerability in Tinyftp Tinyftpd 1.1 Authentication Bypass Vulnerability in Tgstation tgstation-server 3.2.4.0 through 3.2.1.0 Account Takeover Vulnerability in SBIbuddy Android Application (Versions 1.41 and 1.42) Privilege Escalation Vulnerability in IBM DB2 for Linux, UNIX and Windows SQL Injection Vulnerability in Simple POS 4.0.24 via products/get_products/1 Access Control Vulnerability in Coinlancer (CL) Smart Contract Implementation XSS Vulnerability in EasyCMS 1.5 via uploadify.swf Server Side Request Forgery Vulnerability in IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 Arbitrary Directory Deletion Vulnerability in CScms 4.1 Remote Code Execution Vulnerability in CScms 4.1 Denial of Service Vulnerability in ASUS GT-AC5300 Devices through 3.0.0.4.384_32738 Persistent XSS Vulnerability in MyBB Visual Editor via Video MyCode SQL Injection in MetInfo 6.1.0 via doexport() in feedback_admin.class.php XSS Vulnerability in PHPMyWind 5.5 via HTTP Referer Header in member.php Arbitrary Code Execution Vulnerability in PHPMyWind 5.5 via varvalue Field Arbitrary Code Execution Vulnerability in PHPMyWind 5.5 via admin/goods_update.php Arbitrary Code Execution Vulnerability in PHPMyWind 5.5 via rewrite URL Setting Arbitrary Code Execution Vulnerability in PHPMyWind 5.5 via cfg_author and cfg_webpath Fields SQL Injection Vulnerability in zzcms 8.3 via Client-Ip HTTP Header Prezi Next 1.3.101.11 Windows Vulnerability: Potential Bypass of Access Restrictions via SE_DEBUG_PRIVILEGE Stored XSS Vulnerability in Jibu Pro WordPress Plugin's Quiz Name Field Arbitrary File Upload Vulnerability in UltimatePOS 2.5 Allows Remote Command Execution Stored XSS Vulnerability in Quizlord Plugin for WordPress Arbitrary Code Execution via JPEG Bit in HylaFAX HTML Package Vulnerability: Panic Error in parseCurrentToken during html.Parse HTML Package Vulnerability: Panic Error in inBodyIM during html.Parse Remote Denial of Service Vulnerability in Bitcoin Core and Bitcoin Knots INVDoS Vulnerability in Bitcoin Core and Bitcoin Knots Cross-Site Scripting Vulnerability in Nagios XI Account Information Page XSS Vulnerability in Nagios XI Auto Login Admin Management Page Insufficient Access Control Vulnerability in Nagios XI Configuration Snapshot Page Allows Credential Disclosure Cross-Site Scripting (XSS) Vulnerability in IBM Maximo Asset Management 7.6 through 7.6.3 Cross-Site Scripting (XSS) Vulnerability in Intersystems Cache 2017.2.2.865.0 Intersystems Cache 2017.2.2.865.0 Incorrect Access Control Vulnerability Intersystems Cache 2017.2.2.865.0 XXE Vulnerability Authentication Bypass Vulnerability in Western Digital My Cloud Devices NULL Pointer Dereference Vulnerability in FreeBSD getfsstat System Call Memory Disclosure Vulnerability in FreeBSD getcontext and swapcontext System Calls Buffer Underwrite Vulnerability in FreeBSD ICMP Reply Packet Construction Integer Overflow Vulnerability in FreeBSD NFSv4 Request Handling Integer Overflow Vulnerability in NFSv4 Request Handling NFS Server Resource Exhaustion Vulnerability Cross-Site Scripting (XSS) Vulnerability in IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 Insufficient Bounds Checking in bhyve Device Model: Arbitrary Code Execution Vulnerability Stack Buffer Overflow in FreeBSD bootpd Multiple Authenticated Stored XSS Vulnerabilities in PrinterOn Enterprise 4.1.4 Multiple Cross Site Request Forgery (CSRF) Vulnerabilities in PrinterOn Enterprise 4.1.4 Administration Page XML External Entity (XXE) Vulnerability in PrinterOn Version 4.1.4 and Lower: Arbitrary File Read and SSRF via Crafted DTD Code Injection Vulnerability in Grouptime Teamwire Desktop Client 1.5.1 to 1.9.0 on Windows Unauthenticated Command Injection Vulnerability in Xerox AltaLink B80xx and C80xx Series Arbitrary Code Execution Vulnerability in LG SuperSign CMS Stack-based Buffer Overflow in xtimor NMEA Library (nmealib) 0.5.3 Improper Handling of Empty only Option in Marshmallow Library Replay Attack Vulnerability on Neato Botvac Connected 2.2.0 Devices Static Encryption Vulnerability in Neato Botvac Connected 2.2.0 and Botvac 85 1.2.1 Unauthenticated Manual Drive Command Execution on Neato Botvac Connected 2.2.0 Devices SQL Injection in make_task function in OpenEMR Cross-Site Scripting (XSS) Vulnerability in IBM Sterling B2B Integrator Standard Edition 5.2.0.1 - 5.2.6.3 Directory Traversal Vulnerability in OpenEMR before 5.0.1 Patch 7 SQL Injection in SaveAudit and portalAudit Functions Use-after-free vulnerability in vmacache_flush_all function in Linux kernel through 4.18.8 User-Writable Error Exception Table Vulnerability in Artifex Ghostscript JavaScript Injection Vulnerability in Admin Console DTD Vulnerability: Exploiting Administrator Workflow Definition Entitlements for Malicious Operations Apache Qpid Proton-J Transport TLS Wrapper Vulnerability CouchDB Runtime-Configuration Vulnerability Apache HTTP Server Slow Loris Vulnerability in HTTP/2 (mod_http2) Connections TLS Protocol Downgrade Vulnerability in IBM WebSphere Application Server 8.5 and 9.0 Apache Spark Standalone Resource Manager Code Execution Vulnerability Apache NetBeans (incubating) 9.0 Proxy Auto-Configuration (PAC) Remote Command Execution Vulnerability Inconsistent X-Frame-Options Headers Vulnerability Reflected XSS Vulnerability in Apache NiFi 1.x Releases Cluster Node Replication Vulnerability: Content-Length Header Timeout Vulnerability: Cross-Site Request Forgery (CSRF) via Template Upload API Endpoint Bypassing Transaction/Idempotent ACL Validation in Apache Kafka Infinite Loop Vulnerability in Apache Tika's SQLite3Parser Server-side Request Forgery (SSRF) and File Enumeration Vulnerability in Apache Roller 5.2.1 and Earlier Versions Vulnerability: Session Expiry Time Bypass in Apache HTTP Server 2.4.37 and Prior Weak Cryptographic Algorithms in IBM Sterling B2B Integrator Standard Edition Apache OFBiz HTTP Service Deserialization Vulnerability Denial of Service (DoS) Vulnerability in Apache Sanselan 0.97-incubator Apache Sanselan 0.97-incubator Denial of Service Vulnerability Invalid Group Type and Command Validation Vulnerability in Open vSwitch (OvS) 2.7.x through 2.7.6 Open vSwitch (OvS) 2.7.x through 2.7.6 Vulnerability: Assertion Failure in ofproto_rule_insert__ Buffer Over-read Vulnerability in Open vSwitch (OvS) 2.7.x through 2.7.6 Arbitrary Code Execution via Leftover Installer Files in Snap Creek Duplicator Unauthenticated Command Injection Vulnerability in Linksys Velop 1.1.2.187020 Devices XML External Entity Injection (XXE) Vulnerability in IBM Cognos Analytics 11.0 and 11.1 Session Cookie Verification Bypass in PrinterOn Central Print Services PrinterOn Central Print Services (CPS) Information Disclosure Vulnerability Authentication Bypass Vulnerability in PrinterOn Central Print Services (CPS) Postman Information Disclosure Vulnerability Password Hash Exposure in PTC ThingWorx Platform 6.5 through 8.2 Hardcoded Encryption Key Vulnerability in PTC ThingWorx Platform 6.5 through 8.2 Reflected XSS Vulnerability in PTC ThingWorx Platform's SQUEAL Search Function Remote Code Execution Vulnerability in IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 Arbitrary Command Execution Vulnerability in nmap4j 1.1.0 via includeHosts Call Heap-based Buffer Overflow in Exiv2 v0.26 via Crafted Image File Arbitrary File Read Vulnerability in IBM Spectrum Scale Heap-based Buffer Overflow in Exiv2 v0.26 via Crafted Image File Denial of Service Vulnerability in Telegram Desktop 1.3.14 SQL Injection Vulnerability in ArchiveBot.py in Docmarionum1 Slack ArchiveBot Remote Denial of Service Vulnerability in HDF HDF5 Library HDF5 Library Memory Leak Vulnerability Heap-based Buffer Over-read Vulnerability in mp4v2::impl::MP4Track::FinishSdtp() Function Invalid Pointer Dereference in MP4Free() Function in libmp4v2 2.1.0 Division by Zero Vulnerability in H5D__chunk_set_info_real() Function of HDF HDF5 1.10.3 Library Improper File Permission Settings in IBM Spectrum LSF 9.1.1-10.1 Allows Local User to Change Job User Netwave IP Camera Memory Dump Vulnerability: Exfiltration of Network Configuration Data SQL Injection Vulnerability in Zoho ManageEngine OpManager before 12.3 123205 Header Injection Vulnerability in Elasticsearch Security Versions 6.4.0 to 6.4.2 Insecure Credential Handling in Kibana PDF Report Generation Arbitrary File Inclusion Vulnerability in Kibana Console Plugin XXE Vulnerability in Elasticsearch Machine Learning's find_file_structure API Information Disclosure Vulnerability in IBM QRadar SIEM 7.3 and 7.4 Multi-Tenant Configuration SQL Injection Vulnerability in JCK Editor Component 6.4.4 for Joomla! Persistent Cross-Site Scripting (XSS) Vulnerability in Umbraco CMS 7.12.3 via Header Name Injection XML External Entity Injection (XXE) Vulnerability in IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 Cross-Site Scripting (XSS) Vulnerability in IBM QRadar SIEM 7.2 and 7.3 Stack Consumption Vulnerability in Asterisk's res_http_websocket.so Module NULL Pointer Dereference in Exiv2::DataValue::copy() Function Unauthenticated Access and SQL Injection Vulnerabilities in Zoho ManageEngine OpManager Exfiltration of Obfuscated Passwords in Kofax Front Office Server Administration Console 4.1.1.11.0.5212 Multiple Authenticated Stored XSS Vulnerabilities in Kofax Front Office Server 4.1.1.11.0.5212 XML External Entity (XXE) Vulnerability in Kofax Front Office Server Administration Console 4.1.1.11.0.5212 IBM QRadar SIEM 7.3 Unauthorized Information Disclosure Vulnerability Denial of Service Vulnerability in WAVM's loadModule Function Null Pointer Dereference Vulnerability in WAVM Out-of-Bounds Read Vulnerability in Liblouis's matchCurrentInput Function Arbitrary File Overwrite Vulnerability in Hutool's unzip function Reset Password Links Not Invalidated After User Password Change XML External Entity Injection (XXE) Vulnerability in IBM QRadar SIEM 7.2 and 7.3 Stored XSS Vulnerability in CuppaCMS via Administrator Section Reflected XSS Vulnerability in EspoCRM 5.3.6 via Global Search Name Field Stored XSS vulnerability in EspoCRM 5.3.6 via saved draft message in Email view Arbitrary User Information Modification and Privilege Escalation in UiPath Orchestrator through 2018.2.4 HTML Injection and Stored XSS Vulnerabilities in RICOH MP C406Z Printer's Address Entry Cross-Site Scripting (XSS) Vulnerability in IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.3 and 6.0 through 6.0.6 Vulnerability: HTML Injection and Stored XSS in RICOH MP C1803 JPN Printer's Address Entry Vulnerability: HTML Injection and Stored XSS in RICOH MP C6503 Plus Printer's Address Entry Vulnerability: HTML Injection and Stored XSS in RICOH Aficio MP 301 Printer's Address Entry RICOH MP C307 Printer: HTML Injection and Stored XSS Vulnerabilities in Address Entry HTML Injection and Stored XSS Vulnerabilities in RICOH Aficio MP 305+ Printer's Address Entry HTML Injection and Stored XSS Vulnerabilities in RICOH MP C2003 Printer's Address Entry System Vulnerability: HTML Injection and Stored XSS in RICOH MP C6003 Printer's Address Entry Arbitrary Command Execution in FruityWifi 2.1 IBM QRadar Advisor with Watson 1.14.0 Information Disclosure Vulnerability Stored XSS Vulnerability in UCMS 1.4.6 via aaddpost.php XSS Vulnerability in SeaCMS 6.64 via admin_datarelate.php YUNUCMS 1.1.4 - Cross-Site Scripting (XSS) Vulnerability in index.php/index/category/index Unfiltered User Input in IBM QRadar SIEM 7.2 and 7.3 Allows Content Modification Memory Leak Vulnerability in libsvg2 Stack-based Buffer Overflow in libsvg2's svgStringToLength Function Stack-based Buffer Overflow in libsvg2's svgGetNextPathField Function Format String Vulnerability in UDisks 2.8.0 XSS Vulnerability in Intelbras NPLUG 1.0.0.14 Devices via Crafted SSID Heap-Based Buffer Overflow in TextPage::dump Function in pdfalto Sensitive Information Disclosure in IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 Authentication Bypass Vulnerability in BigTree 4.2.23 on Windows Memory Access Vulnerability in GNU Binutils 2.31 Memory Access Vulnerability in GNU Binutils 2.31 Allows Denial of Service via Crafted ELF File Open Redirect Vulnerability in IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 Heap-based Buffer Over-read in BFD Library Allows Denial of Service via Crafted PE File Multiple XSS Vulnerabilities in WeaselCMS v0.3.6: Remote Code Injection via PATH_INFO Arbitrary PHP Code Execution in OTCMS 3.61 via accBackupDir Parameter Arbitrary File Deletion Vulnerability in SeaCMS 6.64 and 7.2 CSRF Vulnerability in MCMS 4.6.5 Allows Unauthorized Administrator Account Creation Inconsistent Response Length in PublicCMS V4.0.180825 Allows for Brute-Force Attacks Stored XSS Vulnerability in springboot_authority SQL Injection Vulnerability in Auction Factory 4.5.5 Component for Joomla! SQL Injection Vulnerability in Music Collection 3.0.3 Component for Joomla! via id Parameter SQL Injection in Reverse Auction Factory 4.3.8 Component for Joomla! SQL Injection Vulnerability in Joomla! Questions 1.4.3 Component via userid, users, or groups parameter SQL Injection in Penny Auction Factory 2.0.4 Component for Joomla! via filter_order_Dir or filter_order Parameter SQL Injection Vulnerability in Raffle Factory 3.5.2 Component for Joomla! Improper Authentication Mechanisms in IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0 SQL Injection Vulnerability in Article Factory Manager 4.3.9 Component for Joomla! SQL Injection Vulnerability in Dutch Auction Factory 2.0.2 Component for Joomla! SQL Injection Vulnerability in Jobs Factory 2.0.4 Component for Joomla! SQL Injection Vulnerability in Collection Factory 4.1.9 Component for Joomla! SQL Injection Vulnerability in Swap Factory 2.2.1 Component for Joomla! SQL Injection Vulnerability in Social Factory 3.8.3 Component for Joomla! SQL Injection Vulnerability in Micro Deal Factory 2.4.0 Component for Joomla! CSRF Vulnerability in Nimble Messaging Bulk SMS Marketing Application 1.0 for Admin Account Addition SQL Injection Vulnerability in Twilio WEB To Fax Machine System 1.0 CSRF Vulnerability in Live Call Support Application 1.5: Unauthorized Addition of Admin Account SQL Injection in authors_post.php in Super Cms Blog Pro 1.0 via the author parameter SQL Injection Vulnerability in HealthNode Hospital Management System 1.0 SQL Injection Vulnerability in Timetable Schedule 3.6.8 Component for Joomla! via eid Parameter SQL Injection Vulnerability in AlphaIndex Dictionaries 1.0 Component for Joomla! SQL Injection Vulnerability in AMGallery 1.2.3 Component for Joomla! SQL Injection Vulnerability in Jimtawl 2.2.7 Component for Joomla! via id Parameter Cross-Site Scripting (XSS) Vulnerability in IBM Security Access Manager Appliance 9.0.x Account Takeover Vulnerability in PhonePe Wallet Application for Android Vulnerability: Account Takeover via PhonePe Wallet's Forgot Password Feature Vulnerability: Potential Disclosure of Credit/Debit Card Information in PhonePe Wallet App Potential User Impersonation and Unauthorized Account Setup Vulnerability in PhonePe Wallet Application for Android Sensitive Information Exposure in SBIbuddy Android Application (Versions 1.41 and 1.42) Buffer Overflow Vulnerability in Type 1 Font Handling in TeX Live Remote Code Execution Vulnerability in Zahir Accounting Enterprise Plus 6 through build 10b via Crafted CSV File Denial of Service and Logic Compromise Vulnerability in IBM Tivoli Key Lifecycle Manager Horus CMS SQL Injection Vulnerability XML External Entity (XXE) Vulnerability in iWay Data Quality Suite Web Console 10.6.1.ga-2016-11-20 SQL Injection Vulnerability in zzcms v8.3 via X-Forwarded-For HTTP Header Cross-Site Scripting (XSS) Vulnerability in zzcms v8.3 via /uploadimg_form.php noshuiyin Parameter SQL Injection Vulnerability in zzcms v8.3 via bigclass parameter in /user/jobmanage.php SQL Injection Vulnerability in zzcms V8.3 via id Parameter in /user/zs_elite.php SQL Injection Vulnerability in zzcms v8.3 via /admin/adclass.php bigclassid Parameter Arbitrary PHP Code Execution in Monstra CMS 3.0.4 via Mixed-Case File Extension Segmentation Violation Denial of Service Vulnerability in Miek Gieben DNS Library Hard-coded Credentials in IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 SQL Injection Vulnerability in ZrLog 2.0.3 Article Management Search Box Stored XSS in ZrLog 2.0.3 via Crafted File Upload Pathname Open Redirect Vulnerability in dotCMS before 5.0.2 XSS Vulnerability in e107 v2.1.9: e107_admin/comment.php Stored XSS Vulnerability in WUZHI CMS 4.1.0 via Membership Center I want to ask detailed description field Stored XSS Vulnerability in WUZHI CMS 4.1.0 via SMS in station Field Heap-based Buffer Over-read Vulnerability in SIMDComp SQL Injection Vulnerability in OPAC EasyWeb Five 5.7 via w2001/index.php?scelta=campi biblio Parameter CSRF Vulnerability in JTBC v3.0(C) Allows Unauthorized Addition of Administrator Account IBM Tivoli Key Lifecycle Manager Information Disclosure Vulnerability Arbitrary Code Execution in Comodo UTM Firewall Web Console NULL Pointer Dereference Vulnerability in H5O_sdspace_encode() in HDF HDF5 Library Heap-based Buffer Overflow in HDF HDF5 Library Allows Denial of Service via Crafted HDF5 File Remote Denial of Service Vulnerability in HDF HDF5 Library Heap-based Buffer Over-read Vulnerability in H5O_attr_decode() in HDF HDF5 Library Denial of Service Vulnerability in HDF HDF5 Library via Crafted HDF5 File HDF5 Library Memory Leak Vulnerability Remote Denial of Service Vulnerability in HDF HDF5 Library Stack-based Buffer Overflow in HDF HDF5 Library Directory Traversal Vulnerability in IBM Security Key Lifecycle Manager Hardcoded Credentials and Arbitrary PHP Code Execution in D-Link Central WiFi Manager Stored XSS Vulnerability in D-Link Central WiFi Manager Unrestricted File Upload Vulnerability in D-Link Central WiFi Manager Stored XSS Vulnerability in D-Link Central WiFi Manager Directory Traversal Vulnerability in Citrix SD-WAN and NetScaler SD-WAN Command Injection Vulnerability in Citrix SD-WAN and NetScaler SD-WAN SQL Injection Vulnerability in Citrix SD-WAN and NetScaler SD-WAN Information Exposure Through Log Files in Citrix SD-WAN and NetScaler SD-WAN Incorrect Access Control Vulnerability in Citrix SD-WAN and NetScaler SD-WAN Insecure Direct Object Reference in GitLab Allows Unauthorized Access to Sensitive Information Unauthenticated Server Restart Vulnerability in IBM Security Key Lifecycle Manager 2.7 and 3.0 Server-Side Request Forgery (SSRF) vulnerability in GitLab's Kubernetes integration leading to GCP service token disclosure Cross Site Request Forgery (CSRF) vulnerability in GitLab Slack Integration for Slash Commands Server-Side Request Forgery (SSRF) Vulnerability in GitLab Community and Enterprise Edition Sensitive Access-Token Data Leakage via GRPC::Unknown Exception in GitLab Stored XSS Vulnerability in GitLab Community and Enterprise Edition Insecure Direct Object Reference in GitLab's Merge Request Approvals Feature Remote Code Execution Vulnerability in Git's Recursive git clone Use After Free Vulnerability in WebAudio in Google Chrome WebAssembly Dispatch Table Update Vulnerability in Google Chrome Omnibox Click Spoofing Vulnerability in Google Chrome Spoofing of Omnibox Contents via Crafted Domain Name in Google Chrome Out of Bounds Memory Read Vulnerability in PDFium Sandbox Escape Vulnerability in Google Chrome AppCache (CVE-2018-17463) Arbitrary Code Execution Vulnerability in V8 Engine in Google Chrome Spoofing Omnibox Contents in Google Chrome on iOS Object Corruption Vulnerability in V8 Engine of Google Chrome (CVE-2018-17463) Out of Bounds Memory Read Vulnerability in Google Chrome's Angle Texture Handling Remote URL Spoofing Vulnerability in Google Chrome Cross-Origin URL Disclosure Vulnerability in Google Chrome Out of Bounds Memory Read Vulnerability in PDFium in Google Chrome XML External Entity Injection (XXE) Vulnerability in IBM Security Key Lifecycle Manager Heap Buffer Overflow in GPU Allows Remote Sandbox Escape in Google Chrome Dialog Placement Vulnerability in Google Chrome Remote Code Execution via googlechrome:// URL Scheme on iOS in Google Chrome Omnibox Spoofing Vulnerability in Google Chrome HTMLImportsController Use After Free Vulnerability in Google Chrome Spoofing of Omnibox Contents in Google Chrome on iOS Dialog Placement Vulnerability in Google Chrome Cast UI Extension Popup Spoofing Vulnerability Array Position Calculation Vulnerability in V8 in Google Chrome (CVE-2018-17463) Heap Corruption Vulnerability in Google Chrome Prior to 70.0.3538.110 Arbitrary Code Execution via Array Deserialization in V8 Heap Corruption Vulnerability in PDFium in Google Chrome Information Disclosure Vulnerability in Lobby Track Desktop Reports in Kiosk Mode Information Disclosure Vulnerability in Lobby Track Desktop's Kiosk Mode Reports Local Attacker Exploits Vulnerability in Lobby Track Desktop to Access Sensitive Information Default Administrative Credentials in Lobby Track Desktop Local Attacker Exploits Security Bypass in Lobby Track Desktop's Find Visitor Function in Kiosk Mode Local Privilege Escalation Vulnerability in Lobby Track Desktop Local Privilege Escalation Vulnerability in Lobby Track Desktop Plaintext Storage of Social Security Numbers in EasyLobby Solo Incomplete Blacklisting Vulnerability in IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 EasyLobby Solo Vulnerability: Denial of Service via Kiosk Task Manager Exploit EasyLobby Solo Local Privilege Escalation Vulnerability Default Administrative Credentials in EasyLobby Solo: A Gateway to Full Access Local Privilege Escalation Vulnerability in eVisitorPass via Fullscreen Button eVisitorPass Local Privilege Escalation via Virtual Keyboard Start Menu Vulnerability eVisitorPass Local Privilege Escalation via Virtual Keyboard Help Dialog eVisitorPass Local Privilege Escalation Vulnerability Default Administrative Credentials in eVisitorPass Unencrypted Data Storage in Envoy Passport for Android and iPhone Logs Vulnerability Unintended Access Control Vulnerability in IBM Security Key Lifecycle Manager 3.0 Hardcoded OAuth Credentials Stored in Plaintext in Envoy Passport for Android and iPhone Contact Information Disclosure Vulnerability in Receptionist for iPad Weak Cryptographic Algorithms in IBM Security Key Lifecycle Manager 3.0 through 3.0.0.2: A Critical Vulnerability Sensitive Information Disclosure in IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 Unauthenticated OS Command Injection Vulnerabilities in Teltonika RUT9XX Routers Cross-Site Scripting Vulnerability in Teltonika RUT9XX Routers Unauthenticated Root Terminal Access Vulnerability in Teltonika RUT9XX Routers Stored XSS Vulnerability in GitLab Community and Enterprise Edition Stored XSS Vulnerability in GitLab's blog-viewer during Repository Browsing Process Injection Vulnerability in Axon (formerly TASER International) Evidence Sync 3.15.89 Denial of Service Vulnerability in IP Infusion ZebOS and OcNOS BGP Daemon Buffer Overflow Vulnerability in gmp Plugin of strongSwan SQL Injection Vulnerability in MailSherlock Allows Unauthorized Access to Email Subjects Vulnerability: Information Disclosure in IBM WebSphere Application Server Liberty SQL Injection in login.php in Naviwebs Navigate CMS 2.8: Bypassing Authentication via navigate-user Cookie Remote Code Execution Vulnerability in Naviwebs Navigate CMS 2.8 Sensitive Information Disclosure Vulnerability in ARRIS TG2492LG-NA 061213 Web Component Stored XSS Vulnerability in MODX Revolution v2.6.5-pl via Create New Media Source Action Remote Code Execution via Hardcoded Credentials and OS Command Injection in ABUS TVIP Cameras Unauthenticated Remote Access to ABUS TVIP Camera Video Stream SQL Injection Vulnerability in IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 Stored XSS Vulnerability in Grouptime Teamwire Client 1.5.1 to 1.9.0 on-premises Messenger Server SQL Injection in Multi-Tech FaxFinder before 5.1.6: Extracting Database Schema and Disclosing Fax Server Information Cleartext Configuration Dump Vulnerability in Grandstream GXP16xx VoIP 1.0.4.128 Phones Remote Code Execution Vulnerability in Grandstream GXP16xx VoIP 1.0.4.128 Phones via /cgi-bin/delete_CA Grandstream GXP16xx VoIP 1.0.4.128 Phones: Shell Metacharacter Injection Vulnerability SQL Injection Vulnerability in ThinkPHP 5.1.24's delete Function Arbitrary File Access via Symlink in Jekyll's _config.yml File Integer Overflow Vulnerability in ViaBTC Exchange Server Integer Overflow Vulnerability in ViaBTC Exchange Server Missing Authentication in IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 Survey Application Integer Overflow Vulnerability in ViaBTC Exchange Server Cross-Site Scripting (XSS) Vulnerability in Vanilla 2.6.1 and Earlier Versions via Profile Email Field Critical Reflected XSS Vulnerability in InfluxDB 0.9.5 Write Data Module Arbitrary PHP Code Upload Vulnerability in Wp-Insert Plugin for WordPress Stored XSS in Name Field of YMFE YApi 1.3.23 Project SQL Injection Vulnerability in SWA SWA.JACAD 3.1.37 Build 024 via studentId Parameter Cross-Site Scripting (XSS) Vulnerability in IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 Heap-based Buffer Over-read Vulnerability in Tcpreplay v4.3.0 beta1 Excessive Stack Consumption in CiffDirectory::readDirectory() Function in Exiv2 0.26 Leads to Denial of Service Vulnerability Heap-based Buffer Over-read in Tcpreplay v4.3.0 beta1 XSS Vulnerability in WP Fastest Cache Plugin 0.8.8.5 for WordPress CSRF Vulnerability in WP Fastest Cache Plugin 0.8.8.5 for WordPress XSS Vulnerability in WP Fastest Cache Plugin 0.8.8.5 for WordPress XSS Vulnerability in WP Fastest Cache Plugin 0.8.8.5 for WordPress XSS Vulnerability in AirTies Air 5750 Devices with Software 1.0.0.18 XSS Vulnerability in AirTies Air 5021 Devices with Software 1.0.0.18 XSS Vulnerability in AirTies Air 5650 Devices with Software 1.0.0.18 Cross-Site Scripting (XSS) Vulnerability in IBM Rational Quality Manager 5.0 through 6.0.6 XSS Vulnerability in AirTies Air 5442 Devices with Software 1.0.0.18 XSS Vulnerability in AirTies Air 5343v2 Devices with Software 1.0.0.18 XSS Vulnerability in AirTies Air 5453 Devices with Software 1.0.0.18 XSS Vulnerability in AirTies Air 5443v2 Devices with Software 1.0.0.18 HTML Injection and Stored XSS Vulnerabilities in Fork CMS 5.4.0 via /backend/ajax URI Stored XSS Vulnerability in Zoho ManageEngine AssetExplorer 6.2.0 via /AssetDef.do ciName or assetName Parameter Cross-Site Scripting (XSS) Vulnerability in IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 Directory Traversal Vulnerability in Asset Pipeline Plugin for Grails Use-after-free vulnerability in Foxit PhantomPDF and Reader before 9.3 allows remote code execution or denial of service Use-after-free vulnerability in Foxit PhantomPDF and Reader before 9.3 allows remote code execution or denial of service Use-after-free vulnerability in Foxit PhantomPDF and Reader before 9.3 allows remote code execution or denial of service Cross-Site Scripting (XSS) Vulnerability in IBM Rational Team Concert 5.0 through 6.0.6 Use-after-free vulnerability in Foxit PhantomPDF and Reader before 9.3 allows remote code execution or denial of service Use-after-free vulnerability in Foxit PhantomPDF and Reader before 9.3 allows remote code execution or denial of service Insecure Certificate Handling in Sennheiser HeadSetup 7.3.4903 Cleartext Transmission of Credentials and Application Data in Telegram Desktop Arbitrary Code Execution Vulnerability in Losant Arduino MQTT Client (ZDI-CAN-6436) Remote Code Execution Vulnerability in Foxit Reader 9.0.1.5096 via Mouse Exit Events Remote Code Execution Vulnerability in Foxit Reader 9.0.1.5096 Arbitrary Code Execution via onFocus Event Handling in Foxit Reader 9.0.1.5096 Arbitrary Code Execution via Selection Change Events in Foxit Reader 9.0.1.5096 Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.5096 (ZDI-CAN-6352) Cross-Site Scripting (XSS) Vulnerability in IBM Rational Collaborative Lifecycle Management Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.5096 (ZDI-CAN-6353) Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.5096 (ZDI-CAN-6355) Remote Code Execution Vulnerability in Foxit Reader 9.1.0.5096 (ZDI-CAN-6354) Remote Code Execution Vulnerability in Foxit Reader 9.0.1.5096 Remote Code Execution Vulnerability in Foxit Reader 9.1.0.5096 via OCG Objects Arbitrary Code Execution Vulnerability in Foxit Reader 9.1.0.5096 Arbitrary Code Execution Vulnerability in Foxit Reader 9.2.0.9297 Remote Code Execution Vulnerability in Foxit Reader 9.2.0.9297 via XFA MouseUp Event Handling Arbitrary Code Execution Vulnerability in Foxit Reader 9.2.0.9297 (ZDI-CAN-6458) Arbitrary Code Execution Vulnerability in Foxit Reader 9.1.0.5096 (ZDI-CAN-6614) Cross-Site Scripting (XSS) Vulnerability in IBM Rational Quality Manager 5.0 through 6.0.6 Arbitrary Code Execution Vulnerability in Foxit Reader 9.1.0.5096 (ZDI-CAN-6616) Arbitrary Code Execution Vulnerability in Foxit Reader 9.2.0.9297 Arbitrary Code Execution Vulnerability in Foxit Reader 9.2.0.9297 (ZDI-CAN-6700) Arbitrary Code Execution via Subject Property Handling in Foxit Reader 9.2.0.9297 Arbitrary Code Execution via attachIcon Property in Foxit Reader 9.2.0.9297 Remote Code Execution Vulnerability in Foxit Reader 9.2.0.9297 (ZDI-CAN-6471) Arbitrary Code Execution Vulnerability in Foxit Reader 9.2.0.9297 (ZDI-CAN-6472) Arbitrary Code Execution Vulnerability in Foxit Reader 9.2.0.9297 (ZDI-CAN-6473) Arbitrary Code Execution Vulnerability in Foxit Reader 9.2.0.9297 (ZDI-CAN-6474) Remote Code Execution Vulnerability in Foxit Reader 9.2.0.9297 (ZDI-CAN-6475) Cross-Site Scripting (XSS) Vulnerability in IBM Rational Quality Manager 5.0 through 6.0.6 Remote Code Execution Vulnerability in Foxit Reader 9.2.0.9297 (ZDI-CAN-6477) Arbitrary Code Execution Vulnerability in Foxit Reader 9.2.0.9297 Arbitrary Code Execution via TimeField colSpan Property in Foxit Reader 9.2.0.9297 Arbitrary Code Execution Vulnerability in Foxit Reader 9.2.0.9297 Remote Code Execution Vulnerability in Foxit Reader 9.2.0.9297 via TimeField addItem Method (ZDI-CAN-6481) Arbitrary Code Execution Vulnerability in Foxit Reader 9.2.0.9297 Arbitrary Code Execution Vulnerability in Foxit Reader 9.2.0.9297 Remote Code Execution Vulnerability in Foxit Reader 9.2.0.9297 via TimeField BoundItem Method Arbitrary Code Execution Vulnerability in Foxit Reader 9.2.0.9297 Arbitrary Code Execution Vulnerability in Foxit Reader 9.2.0.9297 Arbitrary Code Execution Vulnerability in Foxit Reader 9.2.0.9297 (ZDI-CAN-6487) Arbitrary Code Execution Vulnerability in Foxit Reader 9.2.0.9297 Arbitrary Code Execution Vulnerability in Foxit Reader 9.2.0.9297 Arbitrary Code Execution Vulnerability in Foxit Reader 9.2.0.9297 (ZDI-CAN-6503) Arbitrary Code Execution Vulnerability in Foxit Reader 9.2.0.9297 (ZDI-CAN-6504) Arbitrary Code Execution Vulnerability in Foxit Reader 9.2.0.9297 (ZDI-CAN-6505) Arbitrary Code Execution Vulnerability in Foxit Reader 9.2.0.9297 (ZDI-CAN-6506) Remote Code Execution Vulnerability in Foxit Reader 9.2.0.9297 via gotoURL Method Arbitrary Code Execution Vulnerability in Foxit Reader 9.2.0.9297 Arbitrary Code Execution via Title Property in Foxit Reader 9.2.0.9297 Cross-Site Scripting (XSS) Vulnerability in IBM Team Concert (RTC) 5.0 through 5.0.2 and 6.0 through 6.0.5 Arbitrary Code Execution Vulnerability in Foxit Reader 9.2.0.9297 (ZDI-CAN-6512) Arbitrary Code Execution Vulnerability in Foxit Reader 9.2.0.9297 (ZDI-CAN-6513) Remote Code Execution Vulnerability in Foxit Reader 9.2.0.9297 via Beep Method (ZDI-CAN-6514) Arbitrary Code Execution Vulnerability in Foxit Reader 9.2.0.9297 (ZDI-CAN-6517) Remote Code Execution Vulnerability in Foxit Reader 9.2.0.9297 (ZDI-CAN-6518) Arbitrary Code Execution Vulnerability in Foxit Reader 9.2.0.9297 (ZDI-CAN-6519) Arbitrary Code Execution Vulnerability in Foxit Reader 9.2.0.9297 (ZDI-CAN-6520) Remote Code Execution Vulnerability in Foxit Reader 9.2.0.9297 (ZDI-CAN-6521) Arbitrary Code Execution Vulnerability in Foxit Reader 9.2.0.9297 (ZDI-CAN-6522) Remote Code Execution Vulnerability in Foxit Reader 9.2.0.9297 (ZDI-CAN-6523) Cross-Site Scripting (XSS) Vulnerability in IBM WebSphere Application Server Cachemonitor Arbitrary Code Execution Vulnerability in Foxit Reader 9.2.0.9297 (ZDI-CAN-6524) Remote Code Execution Vulnerability in Foxit Reader 9.2.0.9297 (ZDI-CAN-6617) Remote Code Execution Vulnerability in Foxit Reader 9.2.0.9297 (ZDI-CAN-6817) Arbitrary Code Execution Vulnerability in Foxit Reader 9.2.0.9297 (ZDI-CAN-6820) Arbitrary Code Execution Vulnerability in Foxit Reader 9.2.0.9297 Arbitrary Code Execution Vulnerability in Foxit Reader 9.2.0.9297 (ZDI-CAN-6848) Arbitrary Code Execution Vulnerability in Foxit Reader 9.2.0.9297 (ZDI-CAN-6849) Arbitrary Code Execution Vulnerability in Foxit Reader 9.2.0.9297 (ZDI-CAN-6850) Remote Code Execution Vulnerability in Foxit Reader 9.2.0.9297 (ZDI-CAN-6851) Remote Code Execution Vulnerability in Foxit Reader 9.2.0.9297 Sensitive Information Disclosure in IBM Spectrum Protect Plus 10.1.0 and 10.1.1 Remote Code Execution Vulnerability in Foxit Reader 9.2.0.9297 Arbitrary Code Execution Vulnerability in Foxit Reader 9.2.0.9297 (ZDI-CAN-7141) Arbitrary Code Execution Vulnerability in Foxit Reader 9.2.0.9297 (ZDI-CAN-7157) Arbitrary Code Execution Vulnerability in Foxit Reader 9.2.0.9297 (ZDI-CAN-7163) Remote Code Execution Vulnerability in Foxit Reader 9.2.0.9297 (ZDI-CAN-6470) Arbitrary Code Execution Vulnerability in Foxit Reader 9.2.0.9297 Remote Code Execution Vulnerability in Foxit Reader 9.2.0.9297 via Malicious BMP Images (ZDI-CAN-6844) Arbitrary Code Execution Vulnerability in Foxit PhantomPDF 9.2.0.9297 Arbitrary Code Execution Vulnerability in Foxit PhantomPDF 9.2.0.9297 (ZDI-CAN-7069) Arbitrary Code Execution via Foxit PhantomPDF 9.2.0.9297 Radio Button fillColor Property Vulnerability Arbitrary Code Execution via Link Object Handling Vulnerability in Foxit PhantomPDF 9.2.0.9297 Arbitrary Code Execution via HTML to PDF Conversion in Foxit PhantomPDF 9.2.0.9297 Arbitrary Code Execution via HTML to PDF Conversion in Foxit PhantomPDF 9.2.0.9297 Arbitrary Code Execution via HTML to PDF Conversion in Foxit PhantomPDF 9.2.0.9297 Remote Code Execution Vulnerability in Foxit PhantomPDF 9.2.0.9297 Arbitrary Code Execution Vulnerability in Foxit PhantomPDF 9.2.0.9297 Arbitrary Code Execution Vulnerability in Foxit Reader 9.2.0.9297 (ZDI-CAN-7169) Arbitrary Code Execution Vulnerability in Foxit Reader 9.2.0.9297 Arbitrary Code Execution Vulnerability in Foxit PhantomPDF 9.2.0.9297 (ZDI-CAN-7067) Remote Code Execution Vulnerability in Foxit Reader 9.2.0.9297 Directory Traversal Vulnerability in IBM WebSphere Application Server Remote Code Execution Vulnerability in Foxit PhantomPDF 9.2.0.9297 (ZDI-CAN-7131) Arbitrary Code Execution Vulnerability in Foxit PhantomPDF 9.2.0.9297 Arbitrary Code Execution Vulnerability in Foxit Reader 9.2.0.9297 (ZDI-CAN-7252) Arbitrary Code Execution Vulnerability in Foxit Reader 9.2.0.9297 Arbitrary Code Execution Vulnerability in Foxit Reader 9.2.0.9297 Remote Code Execution Vulnerability in Foxit Reader 9.2.0.9297 via CheckBox Display Property Handling Arbitrary Code Execution Vulnerability in Foxit PhantomPDF Phantom PDF 9.1.5096 (ZDI-CAN-6230) Arbitrary Code Execution via Epic Games Launcher URI Handler Buffer Overflow Vulnerability in IBM Domino 9.0 and 9.0.1 Cross-Site Scripting (XSS) Vulnerability in IBM SPSS Analytic Server 3.1.1.1 Authentication Bypass Vulnerability in IBM Datacap Fastdoc Capture 9.1.1, 9.1.3, and 9.1.4 CSV Injection Vulnerability in IBM API Connect Arbitrary File Download Vulnerability in IBM Storage Products Undeclared TRACE Protocol Commands in Ingenico Telium 2 POS Terminals Bypass of File-Reading Restrictions in Ingenico Telium 2 POS Telium2 OS via NTPT3 Protocol Hardcoded PPP Credentials Vulnerability in Ingenico Telium 2 POS Terminals Insecure TRACE Protocol in Ingenico Telium 2 POS Terminals Buffer Overflow Vulnerability in Ingenico Telium 2 POS Terminals via NTPT3 Protocol Command 0x26 Cross-Site Scripting (XSS) Vulnerability in IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Buffer Overflow Vulnerability in Ingenico Telium 2 POS Terminals via RemotePutFile Command Hardcoded FTP Credentials Vulnerability in Ingenico Telium 2 POS Terminals Arbitrary Code Execution Vulnerability in Ingenico Telium 2 POS Terminals via TRACE Protocol Buffer Overflow Vulnerability in Ingenico Telium 2 POS Terminals via SOCKET_TASK in NTPT3 Protocol Insecure NTPT3 Protocol in Ingenico Telium 2 POS Terminals Privilege Escalation Vulnerability in Seqrite End Point Security v7.4 Privilege Escalation Vulnerability in PCProtect Anti-Virus v4.8.35 Bypassing Login Form and Gaining Administrator Access on D-Link DVA-5592 A1_WI_20180823 Devices Authentication Bypass in IBM LoopBack REST API for AccessToken Model Vulnerability: Leakage of End-User IP Addresses in Telegram Desktop and Telegram WP8.1 Uninitialized Object Information Disclosure in Foxit PhantomPDF and Reader Arbitrary Code Injection through Crafted Project Name in MantisBT Arbitrary Code Injection through Crafted Project Name in MantisBT Cross-Site Scripting (XSS) Vulnerabilities in YUI and FlashCanvas in SugarCRM Community Edition 6.5.26 Directory Traversal Vulnerability in Blynk-Server Allows Unauthorized File Access Unauthenticated Remote Code Execution on D-Link DIR-823G Devices D-Link DIR-823G Devices: HNAP1 Command Injection Vulnerability CSRF Vulnerability in Prospecta Master Data Online (MDO) Unauthenticated Denial of Service Vulnerability in IBM API Connect 2018.1 through 2018.3.7 Stored XSS Vulnerability in Prospecta Master Data Online (MDO) 2.0 Improper Server Side Validation Vulnerability in Newgen OmniFlow iBPS 7.0 CSRF Vulnerability in MDaemon Webmail (formerly WorldClient) NULL Pointer Dereference in GNU libiberty's cplus-dem.c Heap-based Buffer Overflow in LibTIFF's t2p_write_pdf Function SQL Injection Vulnerability in MRCMS (aka mushroom) through 3.1.2 Directory Traversal Vulnerability in zzcms 8.3 Allows Arbitrary File Deletion Remote File Deletion Vulnerability in zzcms 8.3 Local Privilege Escalation Vulnerability in IBM DB2 for Linux, UNIX and Windows Local Privilege Escalation Vulnerability in IBM DB2 for Linux, UNIX and Windows Local Privilege Escalation Vulnerability in IBM GPFS (IBM Spectrum Scale 5.0.1.0 and 5.0.1.1) Double-Free Vulnerabilities in AdPlug's CEmuopl Class Arbitrary PHP Code Execution via CSRF in HisiPHP 1.0.8 Arbitrary PHP Code Execution in HisiPHP 1.0.8 via Plugin Name Injection Directory Traversal Vulnerability in ZZIPlib 0.13.69 Allows Arbitrary File Overwrite IBM GPFS Command Line Utility Denial of Service Vulnerability Unfiltered $args Variable in REDAXO 5.6.2 Allows XSS Payload Injection Critical SQL Injection Vulnerability in REDAXO 5.6.3 and Earlier Versions Cross-Site Scripting (XSS) Vulnerability in WUZHI CMS 2.0 via index.php v or f parameter Stored XSS Vulnerability in GetSimple CMS 3.3.15 via Custom Permalink Structure Parameter Arbitrary PHP Code Execution in JTBC(PHP) 3.0.1.6 via File Upload Vulnerability Arbitrary File Deletion Vulnerability in JTBC(PHP) 3.0.1.6 Arbitrary File Read Vulnerability in JTBC(PHP) 3.0.1.6 NoSQL Injection Vulnerability in IBM API Connect 5.0.0.0 and 5.0.8.4 SQL Injection Vulnerability in Scriptzee Education Website 1.0: Exploiting college_list.html Parameters SQL Injection in Scriptzee Flippa Marketplace Clone 1.0 via site-search sortBy or sortDir parameter SQL Injection Vulnerability in Scriptzee Hotel Booking Engine 1.0 via h_room_type Parameter SQL Injection Vulnerability in Multiple MLM Software Versions Infinite Loop Vulnerability in Go's html package Panic: Runtime Error in Go HTML Package due to Mishandling of SVG and Template Tags HTML Package Vulnerability: Panic Error in (*insertionModeStack).pop Stored XSS Vulnerability in Navigate CMS 2.8 via navigate_upload.php Weak Cryptographic Algorithms in IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) SQL Injection Vulnerability in WUZHI CMS 4.1.0 Incomplete Fix for Heap-Based Buffer Over-read in SIMDComp (CVE-2018-17427) User Activation Bypass Vulnerability in Joomla! Arbitrary Code Execution Vulnerability in Joomla! com_joomlaupdate Access Level Violation in Joomla! Tags Search Fields Insufficient CSRF Hardening in Joomla! com_installer Actions Vulnerability: Mail Submission in Disabled Forms in Joomla! IBM Spectrum Protect 7.1 and 8.1 TCP/IP Resource Leakage Vulnerability Insecure Permissions Vulnerability in Cloudera CDH Versions 5.x - 6.0.1 Cross-Site Scripting (XSS) Vulnerability in Unsupported SAP J2EE Engine/7.01/Portal/EPP Cross-Site Scripting (XSS) Vulnerability in Unsupported SAP J2EE Engine/7.01/Fiori Cross-Site Scripting (XSS) Vulnerability in Unsupported SAP J2EE Engine 7.01 Cross-Site Scripting (XSS) Vulnerabilities in Ultimate Member Plugin for WordPress Arbitrary Code Execution Vulnerability in DASAN H660GW Port Forwarding Functionality Stored XSS Vulnerability in DASAN H660GW Port Forwarding Functionality Lack of CSRF Protection in DASAN H660GW Devices Insecure File Permissions in IBM Spectrum Protect 7.1 and 8.1: Password Exposure Vulnerability Open Redirect Vulnerability in BTITeam XBTIT 2.5.4: Account_change.php returnto Parameter Incorrect Access Control in Verba Collaboration Compliance and Quality Management Platform before 9.2.1.5545 Insecure Permissions in Verba Collaboration Compliance and Quality Management Platform before 9.2.1.5545 FTP Configuration Vulnerability in WiFiRanger Devices Allows Unauthorized Access to SSH Private Key and Root Account Reflected XSS vulnerability in ExpressionEngine before 4.3.5 Remote Code Execution Vulnerability in Poly Trio 8800 5.7.1.4145 Devices Coaster CMS v5.5.0: Stored XSS Vulnerability Predictable Random Value Vulnerability in Greedy 599 Lottery Smart Contract Buffer Overflow Vulnerability in ABUS TVIP Cameras: Exploiting sprintf() Function for Remote Code Execution Remote Code Execution Vulnerability in ABUS TVIP Cameras Information Disclosure Vulnerability in IBM Spectrum Protect Server 7.1 and 8.1 Unauthenticated Reboot Vulnerability in D-Link DIR-823G 2018-09-19 Devices Unauthenticated Admin Password Change Vulnerability in D-Link DIR-823G 2018-09-19 Devices Arbitrary Token Creation Vulnerability in CryptoBotsBattle (CBTB) Smart Contract Cross-Site Scripting (XSS) Vulnerability in OTRS 6.0.x before 6.0.12 Cross-Site Scripting (XSS) Vulnerability in Gwolle Guestbook Plugin for WordPress Incomplete Fix for XSS Filter Bypass in JEESNS 1.3 Arbitrary Remote Code Execution in NUUO CMS Versions 3.1 and Prior via Session ID Vulnerability XML External Entity Injection Vulnerability in WECON PI Studio HMI Server Side Request Forgery Vulnerability in IBM API Connect v2018.1.0 through v2018.3.4 Arbitrary Code Execution Vulnerability in NUUO CMS Versions 3.1 and Prior Information Leakage Vulnerability in Carestream Vue RIS Client Builds User Account Control Bypass and Remote Code Execution in NUUO CMS Untrusted Pointer Dereference Vulnerability in LAquis SCADA Versions 4.1.0.3870 and Prior Default Accounts with Hard-Coded Passwords in NUUO CMS Versions 3.1 and Prior Out-of-Bounds Read Vulnerabilities in LAquis SCADA Versions 4.1.0.3870 and Prior Hard-coded Credentials Vulnerability in Yokogawa STARDOM Controllers Integer Overflow to Buffer Overflow Vulnerabilities in LAquis SCADA Versions 4.1.0.3870 and Prior: Remote Code Execution Risk Memory Exhaustion Vulnerability in Yokogawa STARDOM Controllers Path Traversal Vulnerability in LAquis SCADA Versions 4.1.0.3870 and Prior: Remote Code Execution Cross-Site Request Forgery Vulnerability in IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2 Improper Credential Protection in Yokogawa STARDOM Controllers: Remote Access Vulnerability Stack-based Buffer Overflow in LAquis SCADA Versions 4.1.0.3870 and Prior Denial of Service Vulnerability in Yokogawa STARDOM Controllers Replay Attack and Command Forgery Vulnerability in SAGA1-L8B Firmware Versions Prior to A0.10 Arbitrary Code Injection Vulnerability in Reliance 4 SCADA/HMI, Version 4.7.3 Update 3 and prior Memory Corruption Vulnerability in Omron CX-Supervisor Versions 3.4.1.0 and Prior Default Credentials and No Authentication Vulnerability in Philips iSite and IntelliSpace PACS Arbitrary Value Read Vulnerability in Omron CX-Supervisor Versions 3.4.1.0 and Prior Privilege Escalation Vulnerability in WebAccess Versions 8.3.2 and Prior Memory Reference Vulnerability in Omron CX-Supervisor Versions 3.4.1.0 and Prior IBM Connections External Service Interaction Vulnerability Arbitrary Remote Code Execution via Buffer Overflow in WebAccess Versions 8.3.2 and Prior Stack-Based Buffer Overflow Vulnerabilities in LAquis SCADA Versions 4.1.0.3870 and Prior: Remote Code Execution Risk Remote File Disclosure Vulnerability in CASE Suite Versions 3.10 and Prior Type Confusion Vulnerability in Omron CX-Supervisor Versions 3.4.1.0 and Prior Remote Code Execution Vulnerability in InduSoft Web Studio and InTouch Edge HMI Unencrypted Communication Vulnerability in Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server Stack-based Buffer Overflow Vulnerability in InduSoft Web Studio and InTouch Edge HMI Vulnerability: Enumeration of Potential Cloud IDs in Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server Authentication Bypass Vulnerability in Circontrol CirCarLife (Versions Prior to 4.3.1) Undocumented Default User Account Vulnerability in Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server Local Privilege Escalation Vulnerability in IBM WebSphere MQ Force-Pairing Vulnerability in SAGA1-L8B Firmware Versions Prior to A0.10 Clear Text Storage of PAP Credentials in Circontrol CirCarLife (Versions Prior to 4.3.1) Physical Access Vulnerability in SAGA1-L8B Firmware Versions Prior to A0.10 Vulnerability: Remote IP Configuration Overwrite in Rockwell Automation Controllers Unsafe ActiveX Control Marked Safe For Scripting Vulnerability in Gigasoft Charting Package for GE iFIX Authentication Bypass Vulnerability in M2M ETHERNET (FW Versions 2.22 and prior, ETH-FW Versions 1.01 and prior) Multiple Out-of-Bounds Write Vulnerabilities in Delta Industrial Automation TPEditor Versions 1.90 and Prior Authentication Bypass Vulnerability in CMS-770 (Software Versions 1.7.1 and prior) Multiple Stack-Based Buffer Overflow Vulnerabilities in Delta Industrial Automation TPEditor Versions 1.90 and Prior Cross-Site Scripting (XSS) Vulnerability in IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using SAML ear Remote Code Execution Vulnerability in Teledyne DALSA Sherlock Version 7.2.7.4 and Prior VGo Robot Physical Access Code Execution Vulnerability JUUKO K-800 Firmware Vulnerability: Replay Attack and Command Forgery Privilege Escalation Vulnerability in VGo Robot Connected to VGo XAMPP Path Traversal Vulnerability in NUUO CMS Vulnerability: Fixed Code Reproduction in Telecrane F25 Series Radio Controls Arbitrary File Upload Vulnerability in NUUO CMS (Versions 3.3 and Prior) Stack-based Buffer Overflow in gpsd and microjson: Remote Code Execution Vulnerability Zimbra Collaboration LoginErrorCode Text Content Spoofing Vulnerability Information Exposure via Merge Request JSON Endpoint Cross-Site Scripting (XSS) Vulnerability in IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Heap-based Buffer Overflow in convert_to_decimal function in Gnulib Vulnerability: Credential Exposure via Hostname Manipulation on Lexmark Devices Cross-Site Scripting (XSS) Vulnerability in Tribulant Slideshow Gallery Plugin for WordPress XSS Vulnerability in Snazzy Maps Plugin for WordPress Open Redirect Vulnerability in Access Manager Identity Provider (Version < 4.4 SP3) Critical Cross-Site Scripting Vulnerability in iManager Prior to 3.1 SP2 Cross-Site Scripting Vulnerability in IBM Robotic Process Automation with Automation Anywhere Enterprise 10 Authorization Bypass Vulnerability in eDirectory prior to 9.1 SP2 eDirectory 9.1 SP2 and Earlier: Cross-Site Scripting Vulnerability Incorrect Variable in SUSE Patch for PAM Access Rule Matching Vulnerability Improper Privilege Management in SUSE OpenStack Cloud Crowbar Versions Static Temporary Filename Vulnerability in yast2-multipath Allows Local File Overwrite Command Line Password Exposure in yast2-samba-provision Exposure of MySQL Database Passwords in YaST2 RMT Module Buffer Overflow in rtl8139_do_receive in Qemu's rtl8139.c due to incorrect integer data type usage Local Privilege Escalation Vulnerability in IBM Informix Dynamic Server Enterprise Edition 12.1 User-Assisted XSS Vulnerability in CKEditor 4.x before 4.11.0 Incomplete Fix for CVE-2018-17183 Allows Bypass of Sandbox Protection in Artifex Ghostscript 9.25 and Earlier Buffer Overflow in Qemu's pcnet_receive function in hw/net/pcnet.c due to incorrect integer data type usage QEMU net/net.c Vulnerability: Integer Overflow in qemu_deliver_packet_iov XSS Vulnerability in Aryanic HighPortal 12.5: Add Tags Action Memory Leak Vulnerability in ImageMagick 7.0.7-28's WriteSGIImage in coders/sgi.c Memory Leak Vulnerability in ImageMagick 7.0.7-28's WritePDBImage in coders/pdb.c Memory Leak Vulnerability in ImageMagick 7.0.7-28's ReadBGRImage in coders/bgr.c Predictable Random Number Generation Vulnerability in RuletkaIo Ethereum Gambling Smart Contract Cleartext Credential Exposure in Samsung SCX-6545X V2.00.03.01 03-23-2012 Devices via SNMP Requests Zip-Slip Vulnerability in IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Kernel Stack Leakage Vulnerability Heap-based Buffer Over-read Vulnerability in Tcpreplay 4.3.0 beta1 Information Exposure via GFM Markdown API in GitLab Community Edition 11.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2 Information Exposure via Epic Change Descriptions in GitLab Community Edition Linux Kernel 4.14.67 Local Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerability in IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Privilege Escalation via Trojan Horse DLL in NoMachine XSS Vulnerability in Lifesize Express ls ex2_4.7.10 2000 (14) Devices via interface/interface.php Brand Parameter Out-of-Bounds Read Vulnerability in Mercurial's Manifest Parsing Arbitrary File Inclusion Vulnerability in ISPConfig before 3.1.13 Stack Consumption Vulnerability in GNU libiberty's cp-demangle.c CSRF Vulnerability in razorCMS 3.4.8 Allows Unauthorized Password Change for Admin User Blockhash Vulnerability in HashHeroes Tiles Smart Contract Implementation SQL Injection Vulnerability in LayerBB 1.1.1 and 1.1.3 via search.php search_query Parameter Stored XSS Vulnerability in D-Link DSL-3782 Firmware 1.01 Allows Injection of Malicious Payload in ACL Page Local Privilege Escalation Vulnerability in IBM DB2 for Linux, UNIX and Windows OS Command Injection Vulnerability in D-Link DSL-3782 Firmware 1.01 CSRF Vulnerabilities in LayerBB 1.1.3: User Addition, User Deletion, and Content Deletion Cross-Site Scripting (XSS) Vulnerability in LayerBB 1.1.1 via Conversation Titles (PMs) Local User Information Disclosure during Installation in IBM Sterling B2B Integrator Standard Edition 5.2.6.0 and 6.2.6.1 Arbitrary System Service Activation Vulnerability in VIVOTEK Network Camera Series Arbitrary JavaScript Execution via URL Query String Parameter in VIVOTEK Network Camera Series Hardcoded Credentials Expose Sensitive Data in Ricoh myPrint Application Remote Unauthenticated Discovery of Admin Credentials in D-Link DSL-2770L Devices Remote Unauthenticated Discovery of Admin Credentials in Multiple D-Link Devices (DSL, DIR, DWR) Remote Unauthenticated Credential Discovery in D-Link DIR-140L and DIR-640L Devices XML External Entity Injection (XXE) Vulnerability in IBM App Connect, IBM Integration Bus, and WebSphere Message Broker Xen Mobile 10.8.0 Unauthenticated Deserialization Remote Code Execution Vulnerability Privilege Escalation via Unauthenticated Requests in Citrix Xen Mobile Memory Leak Vulnerability in ImageMagick 7.0.7-28's WritePCXImage in coders/pcx.c Cross-Site Scripting (XSS) Vulnerability in Tribulant Slideshow Gallery Plugin 1.6.8 for WordPress SQL Injection in Tribulant Slideshow Gallery Plugin 1.6.8 for WordPress Cross-Site Scripting (XSS) Vulnerability in Tribulant Slideshow Gallery Plugin 1.6.8 for WordPress Shared Library Loading Vulnerability in IBM DB2 for Linux, UNIX, and Windows Denial of Service Vulnerability in QPDF 8.2.1 KVM ARM64 Virtual Machine Control Flow Manipulation Vulnerability Heap-based Buffer Over-read Vulnerability in ImageMagick 7.0.8-13 Q16's SVGStripString Function Denial of Service Vulnerability in ImageMagick 7.0.8-13 Q16 via Crafted BMP File Heap-based Buffer Over-read Vulnerability in ImageMagick 7.0.8-13 Q16's EncodeImage Function in coders/pict.c Stack-based Buffer Overflow in IMFCameraProtect.sys in IObit Malware Fighter 6.2 and Lower Versions Stored XSS Vulnerability in Navigate CMS via the navigate.php Title Field Click Hijacking Vulnerability in IBM Security Access Manager Appliance 9.0.x.x Cross-Site Scripting (XSS) Vulnerability in OpenEMR before 5.0.1 Patch 6 via flashcanvas.swf Insecure Token and Cookie Handling in IBM Security Access Manager Appliance Sensitive Information Disclosure in IBM Security Access Manager Appliance 9.0.x.x Vulnerability: Instruction Oracle Exploitation in TI Microcontrollers Bitdefender Engines iso.xmd Parser Division-by-Zero Denial-of-Service Vulnerability Buffer Overflow Vulnerability in Bitdefender RAR Parser Bitdefender Engines < 7.76808: Dalvik.xmd Parser Buffer Overflow Vulnerability Unauthenticated File Manager Interface Access in tecrail Responsive FileManager 9.8.1 Reflected XSS Vulnerability in tecrail Responsive FileManager 9.8.1 Out-of-Bounds Stack-Memory Write Vulnerability in Cairo through 1.15.14 Net-SNMP 5.8 _set_key NULL Pointer Exception Remote Crash Vulnerability NULL Pointer Exception in snmp_oid_compare function in Net-SNMP before 5.8 allows remote attackers to cause Denial of Service ARM-based Hardware Debugging Vulnerability Allows Unauthorized Access to EL3 Memory/Registers XSS Vulnerability in WPML Plugin: Authenticated Theme-Localization.php Request Navigation Route Freeze and Reboot Vulnerability in Daimler Mercedes-Benz COMAND 17/13.0 50.12 Vulnerability: Intercepting Encrypted Data Exchange in Mercedes-Benz Me App Sandbox Bypass Vulnerability in Artifex Ghostscript HTTP Authorization Header Leakage in Requests Package SQL Injection in WikidForum 2.20 via Multiple Parameters Server-side Code Injection Vulnerability in IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 Cross-Site Scripting (XSS) Vulnerability in Waimai Super Cms 20150505 via fname Parameter Remote PHP Code Execution in DuomiCMS 3.0 via search.php searchword Parameter SQL Injection Vulnerability in DuomiCMS 3.0 via ajax.php Arbitrary File Upload Vulnerability in EmpireCMS v7.5 XSS Vulnerability in Bixie Portfolio Plugin 1.2.0 for Pagekit NULL Pointer Dereference in OpenJPEG 2.3.0's imagetopnm Function Out of Bounds Read Vulnerability in Intel Graphics Driver for Windows Denial of Service Vulnerability in Intel Graphics Driver for Windows Kernel Mode Driver Use After Free Vulnerability in Intel(R) Graphics Driver for Windows Privilege Escalation Vulnerability in Intel VTune Amplifier 2018 Update 3 and Earlier Privilege Escalation Vulnerability in Intel(R) Media SDK Installer Firmware Vulnerability in Intel(R) SSD DC S4500 and DC S4600 Series: Potential Privilege Escalation via Physical Access Denial of Service Vulnerability in Intel QuickAssist Technology for Linux Privilege Escalation Vulnerability in Intel Solid State Drive Toolbox Escalation of Privilege Vulnerability in Intel(R) SGX SDK and Platform Software for Windows Persistent Cross-Site Scripting Vulnerability in IBM Robotic Process Automation with Automation Anywhere Enterprise 10 Incomplete Blacklisting Vulnerability in IBM Security Access Manager Appliance 9.0.x.x Weak Cryptographic Algorithms in IBM Security Access Manager Appliance 9.0.x.x Cross-Site Scripting Vulnerability in IBM Security Access Manager Appliance 9.x for Enterprise Single-Sign On Cross-Site Scripting (XSS) Vulnerability in IBM Security Guardium 10 and 10.5 Hard-coded Credentials Vulnerability in IBM Security Guardium 10 and 10.5 SQL Injection Vulnerability in IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2, 3.0.4, 3.0.6, and 3.2.0 Divide-by-Zero Error in GoPro gpmf-parser CSRF Vulnerability in FineCms 5.4 Allows Password Change for Administrator NULL Pointer Dereference in libgig 4.1.0's DLS::File::GetFirstSample() Function Operator new[] Failure in DLS::File::File in libgig 4.1.0 Heap-based Buffer Over-read in libgig 4.1.0's DLS::Region::GetSample() FPE (Divide-by-Zero Error) in libgig 4.1.0 DLS::Sample::Sample in DLS.cpp Heap-based Buffer Over-read in libgig 4.1.0: RIFF::List::GetListTypeString in RIFF.cpp Operator new[] Failure in DLS::Sampler::Sampler in libgig 4.1.0 Unfiltered Input Field in REDAXO 5.6.3 Allows XSS Injection XSS Vulnerability in REDAXO Mediamanager before 5.6.4 Cross-Site Scripting (XSS) Vulnerability in IBM WebSphere Portal 8.0, 8.5, and 9.0 Critical SQL Injection Vulnerability in REDAXO Benutzerverwaltung (before 5.6.4) CSRF Vulnerability in qibosoft V7.0: Unauthorized User Account Addition Undocumented Support and Diagnostics Accounts with Passwords in QLogic Fibre Channel Modules for IBM BladeCenter Subaru StarLink Harman Head Units Firmware Rewrite Vulnerability Information Disclosure Vulnerability in Topvision CC8800 CMTS C-E Devices Negative idx values in checkTopicRegister in Bytom client before 1.0.6 leading to a crash vulnerability Frame Injection Vulnerability in Virtualmin 6.03 via settings-editor_read.cgi XSS Vulnerability in Virtualmin 6.03 via webmin_search.cgi URI Cross-Site Scripting (XSS) Vulnerability in DiliCMS 2.4.0 via attachment_type Parameter in admin/index.php/setting/site?tab=site_attachment XML External Entity Injection (XXE) Vulnerability in IBM Operational Decision Management 8.5-8.9 Cross-Site Scripting (XSS) Vulnerability in DiliCMS 2.4.0 via attachment_url Parameter SQL Injection Vulnerability in PbootCMS 1.2.1 via api.php/cms/addform?fcode=1 URI CSRF Vulnerability in youke365 v1.1.5 Allows Unauthorized User Account Addition Authentication Bypass Vulnerability in IBM FlashSystem 900 GUI Vulnerability in Open Design Alliance Drawings SDK 2019Update1: Information Disclosure and Crash Buffer Overflow Vulnerability in Open Design Alliance Drawings SDK 2019Update1 on Non-Windows Platforms CoAP Dissector Crash Vulnerability in Wireshark 2.6.0 to 2.6.3 Memory Consumption Vulnerability in Wireshark 2.6.0 to 2.6.3 Steam IHS Discovery Dissector MS-WSP Protocol Dissector Crash Vulnerability Cross-Site Scripting (XSS) Vulnerability in IBM Rational Quality Manager 5.0 through 6.0.6 Cross-Site Scripting (XSS) Vulnerability in IBM Rational Quality Manager 5.0 through 6.0.6 Remote Code Execution via Unrestricted Unmarshalling in Pippo through 1.11.0 SQL Injection Vulnerability in youke365 v1.1.5 via admin/login.html Arbitrary JavaScript Code Execution via HTTP Referer Header in VIVOTEK Network Camera Series Cross-Site Scripting (XSS) Vulnerability in Nagios Core 4.4.2 via Alert Summary Reports CSRF Vulnerability in Icinga Web 2 Allows Unauthorized Module Manipulation Cross-Site Scripting (XSS) Vulnerability in Icinga Web 2 before 2.6.2 Cross-Site Scripting (XSS) Vulnerabilities in Icinga Web 2 PHP ini-file directive injection vulnerability in Icinga Web 2 before 2.6.2 Cross-Site Scripting (XSS) Vulnerability in IBM Rational Quality Manager 5.0 through 6.0.6 Icinga Web 2 before 2.6.2 Navigation Dashlet Parameter Vulnerability Remote Code Execution via Custom RPC over HTTP Protocol in Deltek Vision 7.x before 7.6 Privilege Escalation Vulnerability in CapMon Access Manager 5.4.1.1005 Race condition and persistent privilege escalation vulnerability in CapMon Access Manager 5.4.1.1005 Unprivileged User Privilege Escalation via CAL Database in CapMon Access Manager 5.4.1.1005 Elevated Privileges Vulnerability in CapMon Access Manager 5.4.1.1005 Privilege Escalation via Custom App Launcher in CapMon Access Manager 5.4.1.1005 Arbitrary File and Folder Deletion Vulnerability in BageCMS 3.1.3 Arbitrary PHP Code Execution and File Read Vulnerability in BageCMS 3.1.3 Stored XSS Vulnerability in LUYA CMS Software (Version 1.0.12) via /admin/api-cms-nav/create-page Cross-Site Scripting (XSS) Vulnerability in IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 Stored XSS Vulnerability in Camaleon CMS 2.4 XSS Vulnerability in waimai Super Cms 20150505 via /admin.php/Foodcat/addsave fcname parameter XSS Vulnerability in Zoho ManageEngine OpManager 12.3 before build 123214 Kubernetes Dashboard Authentication Bypass and Secret Reading Vulnerability Cross-Site Scripting (XSS) Vulnerability in IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 Cross-Site Scripting (XSS) in CMS Made Simple 2.2.7 via m1_news_url parameter in admin/moduleinterface.php Cross-Site Scripting (XSS) Vulnerability in CMS Made Simple 2.2.7 via m1_extra Parameter in admin/moduleinterface.php Heap-Based Buffer Overflow in TextPage::addAttributsNode Function in pdfalto 0.2 Cross-Site Scripting (XSS) Vulnerability in ProFiles 1.5 Component for Joomla! Cross-Site Scripting (XSS) Vulnerability in IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 Stale TLB Entry Vulnerability in Linux Kernel XSS Vulnerability in Next.js 7.0.0 and 7.0.1 via 404 or 500 /_error Page Sandbox Bypass Vulnerability in Artifex Ghostscript 9.25 and Earlier via 1Policy Operator Unauthenticated SQL Injection Vulnerability in CMG Suite 8.4 SP2 and Earlier SQL Injection Vulnerability in CMG Suite 8.4 SP2 and Earlier: Insufficient Input Validation in changepwd Interface Information Disclosure Vulnerability in ASUS RT-AC58U 3.0.0.4.380_6516: Exposing Hostnames and IP Addresses via Main_Login.asp Page URL Redirection Vulnerability in CrushFTP through 8.3.0 Allows Credentials Theft Arbitrary File Read Vulnerability in MESILAT Zabbix Plugin for Atlassian Confluence Cross-Site Scripting (XSS) Vulnerability in IBM Rational Quality Manager 5.0 through 6.0.6 XSS Vulnerability in nc-cms HTML Source Editor Cross Site Scripting (XSS) Vulnerability on ASUS RT-AC58U 3.0.0.4.380_6516 Devices XSS Vulnerability in MetInfo 6.1.2 via /admin/index.php bigclass parameter Stored XSS Vulnerability in AlchemyCMS 4.1.0 via /admin/pictures Image Field Stored XSS Vulnerability in BigTree Image Upload Area Invalid Memory Address Dereference in BFD Library: Denial of Service Vulnerability Invalid Memory Address Dereference Vulnerability in libdwfl Buffer Overflow in Perl Regular Expression Handling Buffer Overflow in Perl Regular Expression Handling Buffer Over-read Vulnerability in Perl Buffer Overflow in Perl's Regular Expression Handling Arbitrary File Upload Vulnerability in lemon 1.9.0 CSRF Vulnerability in emlog v6.0.0 via admin/user.php?action=new URI CSRF Vulnerability in DESHANG DSCMS 1.1 via public/index.php/admin/admin/add.html URI Denial of Service Vulnerability in /dev/block/mmcblk0rpmb Driver on Qiku 360 Phone N6 Pro 1801-A01 Devices Arbitrary Command Execution in Merlin.PHP Component 0.6.6 for Asuswrt-Merlin Devices Arbitrary Command Execution Vulnerability in Merlin.PHP for Asuswrt-Merlin Devices Command Injection Vulnerability in CentOS Web Panel 0.9.8.480 Local File Inclusion Vulnerability in CentOS Web Panel 0.9.8.480 Cross-Site Scripting (XSS) Vulnerability in CentOS Web Panel 0.9.8.480 Weak Encryption Algorithm in DNN 9.2 through 9.2.2 Incomplete Fix for Encryption Key Conversion Vulnerability in DNN 9.2 through 9.2.2 Trend Micro Antivirus for Mac Privilege Escalation Vulnerability Trend Micro Antivirus for Mac Privilege Escalation Vulnerability Trend Micro Antivirus for Mac Privilege Escalation Vulnerability Spoofing Vulnerability in IBM Event Streams 2018.3.0 Address Bar Spoofing Vulnerability in Trend Micro Dr. Safety for Android: Exploiting Private Browser for Malicious URL Visits OfficeScan XG Weak File Permissions Vulnerability: Exploiting Folder Access for Unauthorized File Alteration OfficeScan XG Weak File Permissions Vulnerability DLL Hijacking Vulnerability in Trend Micro Security 2019 (Consumer) Versions Below 15.0.0.1163 Same Origin Policy Bypass Vulnerability in Trend Micro Dr. Safety for Android Heap Buffer Overflow in Skia: Remote Code Execution in Google Chrome Heap Corruption Vulnerability in PDFium in Google Chrome Use After Free Vulnerability in Google Chrome Prior to 71.0.3578.80 Heap Corruption Vulnerability in SkImage Usage in Google Chrome Heap Corruption Vulnerability in WebAudio in Google Chrome Privilege Escalation via Symbolic Link Attack in IBM DB2 Heap Corruption Vulnerability in MediaRecorder in Google Chrome Integer Overflow and Heap Buffer Overflow Vulnerability in Google Chrome (CVE-2018-17480) Arbitrary Code Execution via Object Deserialization in V8 in Google Chrome Use After Free Vulnerability in Skia in Google Chrome (CVE-2018-17462) Insecure Access to Local File System via Chrome Extension in Google Chrome prior to 71.0.3578.80 Remote Code Execution via Blob URL Handling in Google Chrome Confusing Browser UI Presentation Vulnerability in Google Chrome prior to 71.0.3578.80 Arbitrary Origin Execution via Invalid URL Handling in Google Chrome Navigation (CVE-2018-18335) Omnibox Spoofing Vulnerability in Google Chrome prior to 71.0.3578.80 Remote Frame Navigations Allow Unauthorized Access to Local Files in Google Chrome XML External Entity Injection (XXE) Vulnerability in IBM Daeja ViewONE Professional, Standard & Virtual 5 CSP Bypass Vulnerability in Google Chrome prior to 71.0.3578.80 SameSite Cookie Bypass Vulnerability in Google Chrome (prior to 71.0.3578.80) Cross-Origin Audio Access Vulnerability in Google Chrome (CVE-2018-17463) Confusion of Origin in Network Authentication Dialogs on Google Chrome for Android Remote Code Execution via Shell Integration in Google Chrome on Windows URL Spoofing Vulnerability in Google Chrome Integer Overflow in Path Handling Leading to Use After Free in Skia URL Spoofing Vulnerability in Google Chrome Local Network Proxy Bypass Vulnerability in Google Chrome Out of Bounds Memory Read Vulnerability in V8 Engine Cross-Site Scripting (XSS) Vulnerability in IBM WebSphere MQ Console Cross-Site Scripting (XSS) Vulnerability in nc-cms through 2017-03-10 Cross-Site Scripting Vulnerability in Norton Password Manager for Android Norton App Lock Bypass Vulnerability DLL Hijacking Vulnerability in Symantec Ghost Solution Suite (GSS) versions prior to 3.3 RU1 Address Spoofing Vulnerability in Norton Password Manager Kernel Memory Disclosure Vulnerability in Symantec Norton Security, SEP, and SEP SBE DLL Preloading Vulnerability in Symantec Endpoint Protection Manager (SEPM) Privilege Escalation Vulnerability in Symantec Endpoint Protection Manager (SEPM) DLL Preloading Vulnerability in Norton Security and SEP SBE (Windows Client) Stored Cross-Site Scripting (XSS) Vulnerability in ASG/ProxySG's WebFTP Mode Information Disclosure Vulnerability in ASG/ProxySG FTP Proxy WebFTP Mode Stored XSS Vulnerability in KAASoft Library CMS 2.1.1 via /admin/book/create/ Title Parameter Stored XSS Vulnerability in Schiocco Support Board - Chat And Help Desk Plugin 1.2.3 for WordPress Cross-Site Scripting (XSS) Vulnerability in MetInfo 6.1.2 Admin Panel APN Data Extraction Vulnerability in Orange AirBox Y858_FL_01.16_04 Information Disclosure in Orange AirBox Y858_FL_01.16_04: Remote Discovery of Connected Devices Factory Reset Vulnerability in Orange AirBox Y858_FL_01.16_04 Devices XSS Vulnerability in Elementor Pro Plugin for WordPress Improper Handling of Passwords in IBM WebSphere Application Server 8.5 and 9.0 Session Fixation Vulnerability in Bigtree CMS Stored XSS Vulnerability in Z-BlogPHP 1.5.2.1935 (Zero) via Content-Type Header in Image Attachment Upload Remote Code Execution Vulnerability in Advanced HRM 1.6 via User Avatar Update Buffer Overflow in Info-ZIP UnZip 6.0's list.c due to Crafted Relationship in ZIP Archive Denial of Service Vulnerability in Asciidoctor < 1.5.8 due to Infinite Loop Pseudo Terminal Hang/Block Vulnerability in Linux Kernel Privilege Escalation Vulnerability in playSMS 1.4.2 through Daemon Abuse Remote Code Execution in eScan Agent Application (MWAGENT.EXE) 4.0.2.98 LDAP Authentication Bypass Vulnerability in Neo4j Enterprise Database Server 3.4.x before 3.4.9 User Enumeration Vulnerability in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1 Critical User Privilege Escalation Vulnerability in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions v2.1 Privilege Escalation in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions v2.1 Critical Password Management Vulnerability in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions v2.1 Clear Text Storage of Sensitive Information in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions v2.1 Hidden Token Access Vulnerability in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1 Critical Remote Code Execution Vulnerability in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions v2.1 Userfaultfd Access Control Vulnerability Out-of-Bounds Read and SEGV Vulnerability in Xfce Thunar 1.6.15 SQL Injection Vulnerability in ArchiveNews.aspx in KARMA 6.0.0 Privilege Escalation Vulnerability in IBM WebSphere Application Server 8.5 and 9.0 XSS Vulnerability in jQuery v2.2.2 via Crafted onerror Attribute of IMG Element Blind XXE Vulnerability in Tufin SecureTrack 18.1 Heap-Based Buffer Over-Read Vulnerability in Tcpreplay 4.3.0 beta1 Use-After-Free Vulnerability in Tcpreplay 4.3.0 beta1's tcpbridge Binary Stack-based Buffer Over-read Vulnerability in setbit() Function of TCPFLOW 1.5.0 World-readable CA Private Key in IBM Cloud Private 2.1.0 XSS Vulnerability in LANGO Codeigniter Multilingual Script 1.0 Stored XSS Vulnerability in Ekushey Project Manager CRM 3.1 Stored XSS Vulnerability in ARDAWAN.COM User Management 1.1 Upload Section Bypass of OIDC Namespace Signature Verification in IBM Cognos Analytics 11 Configuration Tool CSRF Vulnerability in Zenario Content Management System 8.3 via admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent URI CSRF Vulnerability in UsualToolCMS 8.0: Unauthorized User Account Addition Arbitrary Currency Issuance Vulnerability in Primeo (PEO) Token's doAirdrop Function Arbitrary PHP Code Execution in s-cms 3.0 via User-agent Disallow Value in robots.php txt Parameter SQL Injection Vulnerability in s-cms 3.0 via member/post.php and member/member_login.php Unauthenticated RTSP Stream Access Vulnerability in TP-Link TL-SC3130 1.6.18P12_121101 Devices Insecure Communication Channel in IBM Cloud Private IAM Services XSS Vulnerability in DESTOON B2B 7.0 via admin\setting.inc.php XSS Vulnerability in DESTOON B2B 7.0 via admin.php?moduleid=2&action=add URI CSRF Vulnerability in DESTOON B2B 7.0 via admin.php URI XSS Vulnerability in DESTOON B2B 7.0 via admin/category.inc.php Arbitrary File Download Vulnerability in litemall-wx-api Component Privilege Escalation and Weak Folder Permissions in KioWare Server Version 4.9.6 and Older CSRF Vulnerability in JTBC(PHP) 3.0: Account Creation via console/account/manage.php?type=action&action=add URI XSS Vulnerability in AXIOS ITALIA Axioscloud Sissiweb Registro Elettronico 1.7.0 via secret/relogoff.aspx Integer Overflow Vulnerability in Qemu's IOReadHandler Remote and Local Exploitation Vulnerabilities in DENX U-Boot through 2018.09-rc1 XML External Entity Injection (XXE) Vulnerability in IBM FileNet Content Manager 5.2.1 and 5.5.0 Local Buffer Overflow in DENX U-Boot through 2018.09-rc1 via Crafted Kernel Image D-Link DCS Series Wi-Fi Cameras Expose Sensitive Configuration Information Remotely Vulnerability: Denial-of-Service (DoS) Attacks on D-Link DCS-825L Devices with Firmware 1.08 Memory Leak in ThreadPool in OpenEXR 2.3.0 Out-of-Bounds Write Vulnerability in makeMultiView.cpp in OpenEXR 2.3.0 Out-of-bounds Memory Access Vulnerability in Linux Kernel BPF Verifier Deserialization of Untrusted Data in dotPDN Paint.NET (Issue 1 of 2) Deserialization of Untrusted Data in dotPDN Paint.NET (Issue 2 of 2) CSRF Vulnerability in EmpireCMS 7.5 Allows Unauthorized User Account Addition XML External Entity Injection (XXE) Vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 SQL Injection in PbootCMS before V1.3.0 build 2018-11-12 in SingleController.php Heap-based Buffer Over-read in CCITTFaxStream::readRow() in Xpdf 4.00 Heap-based Buffer Over-read Vulnerability in GfxImageColorMap Class of Xpdf 4.00 Stack-based buffer over-read vulnerability in Xpdf 4.00 allows denial of service via crafted PDF file NULL Pointer Dereference Vulnerability in Xpdf 4.00's DCTStream::readScan Function NULL Pointer Dereference Vulnerability in Xpdf 4.00's DCTStream::decodeImage Function NULL Pointer Dereference Vulnerability in Xpdf 4.00 XML External Entity Injection (XXE) Vulnerability in IBM Rational Engineering Lifecycle Manager Cross-Site Scripting (XSS) Vulnerability in wp-live-chat-support v8.0.15 WordPress Plugin Arigato Autoresponder and Newsletter Plugin Remote Code Execution Vulnerability Cleartext Storage of Emergency Credentials in SecurEnvoy SecurAccess 9.3.502 Logs Intent Spoofing Vulnerability in Daniel Gultsch Conversations 2.3.4 Directory Traversal Vulnerability in IBM Financial Transaction Manager (FTM) XXE and SSRF Vulnerabilities in Axentra Firmware: Remote Command Execution as Root Root Remote Command Execution Vulnerability in Western Digital WD My Book Live and WD My Book Live Duo Hidden Backdoor Vulnerability in PATLITE NH-FB, NH-FV, and NBM Series Devices Allows Remote Code Execution Unrestricted Arbitrary File Upload in Zoho ManageEngine OpManager before 12.3 build 123214 SQL Injection Vulnerability in mysql-binuuid-rails 1.1.0 and Earlier Persistent Cross-Site Scripting (XSS) Vulnerability in LibreNMS before 1.44 Cross-Site Scripting (XSS) Vulnerability in IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 Heap-based Buffer Over-read in libopencad 0.2.0's ReadMCHAR Function Heap-based Buffer Over-read Vulnerability in libopencad 0.2.0 Memory Leak in libpg_query 10-1.0.2: Potential Denial of Service Vulnerability Integer-Overflow Vulnerability in get_count Function of GNU libiberty Stack Exhaustion Vulnerability in GNU libiberty's C++ Demangling Functions Arbitrary File Deletion Vulnerability in PHPSHE 1.7 SQL Injection Vulnerability in PHPSHE 1.7 via admin.php?mod=user&act=del user_id[] parameter Predictable Database Backup File Locations in Gxlcms v2.0 SQL Injection Vulnerability in Gxlcms v2.0 via ids[] Parameter Denial of Service Vulnerability in TP-LINK WR840N v2 Firmware 3.16.9 Build 150701 Rel.51516n Weak Reference Use-After-Free Vulnerability in Thunderbird and Firefox Buffer Overflow Vulnerability in Skia Library with Hardware Accelerated Canvas 2D Actions Same-Origin Policy Violation in Thunderbird and Firefox Versions < 64: Cross-Origin URL Entry Theft via Javascript Location Property WebExtension Content Scripts Bypass Permissions Vulnerability Clickjacking Vulnerability in Firefox RSS Feed Preview Bypassing URI Limitations in Firefox WebExtensions Integer Overflow Vulnerability in Image Buffer Size Calculation Same-Origin Policy Violation in Firefox and Thunderbird: Cross-Origin URL Entry Theft via Meta Refresh Unauthorized Administration Operations in IBM Security Access Manager Appliance HTML5 Stream Parser Use-After-Free Vulnerability Memory Corruption Vulnerabilities in Firefox 64 and Firefox ESR 60.4 Memory Corruption Vulnerability in Firefox 64 Compartment Mismatch Vulnerability in JavaScript Audio Buffer Manipulation in Firefox < 65 Buffer Freed While In Use: Exploitable Crash and Memory Read Vulnerability in Firefox < 65 Insufficient Authentication in Inter-process Communication (IPC) Channels Proxy Auto-Detection Vulnerability in Firefox < 65 Denial of Service Vulnerability in Network Security Services (NSS) S/MIME Signature Verification Flaw in Thunderbird < 60.5.1 Allows Content Manipulation Arbitrary Code Execution Vulnerability in IBM WebSphere Application Server Liberty OpenID Connect Non-persistent Denial of Service (DOS) Attack via about:crashcontent and about:crashparent Pages in Firefox < 64 Cross-origin image reading vulnerability in Firefox 65.0.1 Use-After-Free Vulnerability in Thunderbird Sound Notification Denial-of-Service (DOS) Vulnerability in Thunderbird < 60.5 Cross-Site Scripting (XSS) Vulnerability in Citrix NetScaler Gateway Insecure Permissions in BestXsoftware Best Free Keylogger before 6.0.0 Allow Privilege Escalation Invalid Memory Address Dereference in elf_end function in libelf in elfutils through v0.174 Denial of Service Vulnerability in arlib_add_symbols() Function in elfutils 0.174 Stored XSS Vulnerability in Evernote 6.15 on Windows Allows Remote Code Execution SQL Injection Vulnerability in OwnTicket 2018-05-23 via showTicketId or editTicketStatusId Parameter SQL Injection Vulnerability in ThinkPHP 3.2.4 via count Parameter Remote Clickjacking Vulnerability in IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) SQL Injection in ThinkPHP 5.1.25 via count parameter Insecure Random Number Generation in CAPTCHA Generation ASUS Aura Sync v1.07.22 and Earlier: Arbitrary Ring-0 Code Execution via Asusgio Low-Level Driver Vulnerability Vulnerability: Privilege Escalation via GLCKIo and Asusgio Low-Level Drivers in ASUS Aura Sync Arbitrary DWORD Write Vulnerability in ASUS Aura Sync v1.07.22 and Earlier XSS Vulnerability in TeaKKi 2.7 via Crafted onerror Attribute Teeworlds 0.6.5 Vulnerability: Connection Packet Forgery and Server Slot Occupation Memory Leak Vulnerability in WriteMSLImage and ProcessMSLScript Functions XSS Vulnerability in Fiyo CMS 2.0.7 via name parameter in edit_user.php SQL Injection Vulnerability in ThinkPHP 3.2.4 via order Parameter Cross-Site Scripting (XSS) Vulnerabilities in Vesta Control Panel 0.9.8-22 XSS Vulnerability in Ajenti Docker Control Panel's File Manager SQL Injection Vulnerability in ServersCheck Monitoring Software (before 14.3.4) Allows Authenticated User Exploitation Persistent and Reflected XSS Vulnerabilities in ServersCheck Monitoring Software Directory Traversal Vulnerability in ServersCheck Monitoring Software Allows Denial of Service XSS Vulnerability in Leanote 2.6.1: Blog Basic Setting Title Field VyOS 1.1.8 Sandbox Escape Vulnerability Privilege Escalation Vulnerability in VyOS 1.1.8: Operator Users Can Execute pppd Binary with Elevated Permissions Arbitrarily-sized JBIGDecode Out-of-Bounds Write in LibTIFF Insecure Input Validation in ESP-IDF Bootloader Allows Arbitrary Code Execution Race condition vulnerability in Linux kernel through 4.19 allows for use-after-free and potential Program Counter control Insecure Permissions in Roche Accu-Chek Inform II and CoaguChek/cobas h232 Handheld Base Units Allow Remote Command Execution Weak Access Credentials Vulnerability Improper Access Control in Roche Accu-Chek and CoaguChek Devices Allows Arbitrary Code Execution Improper Access Control Vulnerability in Roche Accu-Chek Inform II Instrument, CoaguChek Pro II, and cobas h 232 Arbitrary File Overwrite Vulnerability in Roche Medical Devices Information Disclosure Vulnerability in Polycom VVX 500 and 601 Devices with Skype for Business Integration Vulnerability: Man-in-the-Middle Attack on AudioCodes 440HD and 450HD Devices with Skype for Business Integration Man-in-the-Middle Vulnerability in Polycom VVX Devices with Skype for Business Integration Server-Side Request Forgery Vulnerability in Dundas BI Server Bypassing Fine-Grained Access Control (FGAC) in IBM DB2 11.1 Cross-Site Scripting (XSS) Vulnerability in Planon before Live Build 41 Impersonation and Unauthorized Actions Vulnerability in Citrix XenMobile Server Incomplete '.htaccess' Filter Allows Arbitrary PHP Code Execution in osCommerce 2.3.4.1 Arbitrary PHP Code Execution Vulnerability in osCommerce 2.3.4.1 Directory Traversal Vulnerability in The Hustle WordPress Plugin XSS Vulnerability in DedeCMS 5.7 SP2 via plus/qrcode.php Type Parameter Reflected XSS Vulnerability in DedeCMS 5.7 SP2 via /member/pm.php Folder Parameter Cross-Site Request Forgery Vulnerability in IBM API Connect 5.0.0.0 through 5.0.8.6 Heap-Based Buffer Over-Read Vulnerability in LuPng's internalPrintf Heap-based Buffer Overflow in LuPng's insertByte Function Heap-based Buffer Overflow in LuPng's insertByte Function Out-of-Bounds Write Vulnerability in mspack/cab.h Null Character Filename Vulnerability in libmspack Directory Traversal Vulnerability in chmextract.c Insecure Password Storage: BigProf AppGini 5.70 Uses MD5 Hash Critical Remote Arbitrary Code Execution Vulnerability in Micro Focus Real User Monitoring Software Privilege Escalation Vulnerability in IBM API Connect 5.0.0.0 through 5.0.8.4 Remote Code Execution and Information Disclosure Vulnerability in Micro Focus Operations Bridge Containerized Suite Micro Focus Service Manager Unauthorized Data Disclosure Vulnerability Remote Directory Traversal and Remote Disclosure of Privileged Information in UCMDB Configuration Management Service Out-of-Bounds Write Vulnerability in Stegdetect's f5_compress Function Command Injection Vulnerability in Guardzilla GZ180 Remote Upgrade Feature Buffer Overflow Vulnerability in Guardzilla GZ621W Firmware 0.5.1.4 Cloud API User Enumeration Vulnerability in Guardzilla Smart Cameras Sandbox Escape Vulnerability in 360 Total Security 3.5.0.1033 Heap-based Buffer Over-read Vulnerability in GNU Binutils 2.31 NULL Pointer Dereference in merge_strings function in libbfd NULL Pointer Dereference in elf_link_input_bfd in GNU Binutils 2.31 Cross-Site Scripting (XSS) Vulnerability in DedeCMS 5.7 SP2 via GetPageList Function SQL Injection Vulnerability in Advanced Comment System 1.0 Stored XSS Vulnerability in CommuniGate Pro 6.2 via Pronto! Mail Composer XSS Vulnerability in Waimai Super Cms 20150505 via index.php?m=public&a=doregister username parameter Incomplete Fix for XSS Vulnerability in Grafana 5.3.1 via Dashboard > Text Panel Screen Incomplete Fix for XSS Vulnerability in Grafana 5.3.1 via Column Style on Dashboard Table Panel Incomplete Fix for XSS Vulnerability in Grafana 5.3.1 via Link on Dashboard > All Panels > General Screen Arbitrary File and Directory Deletion Vulnerability in PHPYun V4.6 Remote Code Execution via Deserialization in Pippo 1.11.0 Untrusted Search Path Vulnerability in Keybase Command-Line Client Insecure File Permissions in McKesson Cardiology Product 13.x and 14.x: Local System Access Vulnerability Persistent XSS Vulnerability in Synacor Zimbra Collaboration Suite 8.6, 8.7, and 8.8 Cross-Site Scripting (XSS) Vulnerability in MailCleaner CE 2018.08 and 2018.09 Administration Login Interface Cross-Site Scripting (XSS) Vulnerability in D-link DSL-2640T Routers via cgi-bin/webcm Command Injection Vulnerability in Neato Botvac Connected 2.2.0 Setup API Information Exposure Through Browser Caching Vulnerability in GitLab Community and Enterprise Edition Cleartext Storage of Sensitive Information Vulnerability in GitLab Cross-Site Scripting (XSS) Vulnerability in GitLab Community and Enterprise Edition Persistent XSS Vulnerability in GitLab CE & EE 11.2 and later Information Exposure via GitLab Prometheus Integration Information Exposure via Unsubscribe Links in Email Replies SSRF Vulnerability in GitLab Community and Enterprise Edition Missing Authorization Vulnerability in GitLab Community and Enterprise Edition Information Exposure Through Error Messages in GitLab Community and Enterprise Edition Remote Code Execution Vulnerability in GitLab Wiki API Integer Overflow Denial of Service Vulnerability in Xpdf 4.00 Denial of Service Vulnerability in Xpdf 4.00 via Large Loop in AcroForm.cc Remote Command Execution Vulnerability in Veritas NetBackup Appliance 3.1.2 and Earlier UEFI Secure Boot Bypass Vulnerability in Linux Kernel Local Privilege Escalation Vulnerability in Crossroads 2.81 Username Leakage Vulnerability in Prayer 1.3.5 Clear-text Storage of Login Credentials in PureVPN Client for Windows Unauthenticated Sensitive Information Disclosure in Arcserve Unified Data Protection (UDP) through 6.5 Update 4 Unauthenticated Sensitive Information Disclosure in Arcserve UDP Unauthenticated XXE Vulnerability in Arcserve Unified Data Protection (UDP) Reflected Cross-site Scripting Vulnerability in Arcserve Unified Data Protection (UDP) NULL Pointer Dereference in LibTIFF's LZWDecode Function Out-of-Bounds Read Vulnerability in MuPDF 1.14.0 Integer Overflow Vulnerability in NexxusToken's mintToken Function Integer Overflow Vulnerability in SwftCoin (SWFTC) Token's mintToken Function Integer Overflow Vulnerability in PylonToken's mintToken Function XSS Vulnerability in GNUBOARD5 (before 5.3.2.0) via homepage title Parameter XSS Vulnerability in GNUBOARD5 5.3.1.9: Injection via board title contents parameter XSS Vulnerability in GNUBOARD5 5.3.1.9 via Extra Contents Parameter XSS Vulnerability in GNUBOARD5 5.3.1.9 via mobile board head contents Parameter XSS Vulnerability in GNUBOARD5 5.3.1.9 via board head contents Parameter XSS Vulnerability in GNUBOARD5 5.3.1.9 via Menu Link Parameter XSS Vulnerability in GNUBOARD5 5.3.1.9 via board tail contents Parameter XSS Vulnerability in GNUBOARD5 5.3.1.9 via mobile board title contents Parameter XSS Vulnerability in GNUBOARD5 5.3.1.9 via mobile board tail contents Parameter XSS Vulnerability in GNUBOARD5 before 5.3.2.0 via board group extra contents parameter Signature Validation Bypass via Incremental Saving in PDF Readers and Editors Signature Wrapping Vulnerability in Multiple PDF Products Unchecked Error Condition in xfs_attr_shortform_addname Leads to Non-Operational Filesystem Vulnerability Reflected XSS Vulnerability in SEMCO Semcosoft 5.3 Login Form Stored XSS in Monstra CMS 3.0.4 via File Upload without Extension Buffer Overflow Vulnerability in M2SOFT Report Designer Viewer 5.0 via Crafted MRD File CSRF Vulnerability in Microstrategy Analytics 10.4.0026.0049 and Earlier Cleartext Wi-Fi Password Storage Vulnerability on Xiaomi Mi A1 Devices Out-of-Bounds Write Vulnerability in GoPro gpmf-parser 1.2.1 Stack Consumption Vulnerability in GNU libiberty Stack Consumption Vulnerability in GNU libiberty SQL Injection Vulnerability in iCMS v7.0.11 via spider.admincp.php Multiple Arbitrary File Read Vulnerabilities in PhpTpoint Mailing Server Using File Handling 1.0 SQL Injection Vulnerability in PhpTpoint Pharmacy Management System Multiple SQL Injection Vulnerabilities in PhpTpoint Hospital Management System Buffer Overflow Vulnerability in Tenda AC Series Routers Buffer Overflow Vulnerability in Tenda AC Series Routers' Web Server Buffer Overflow Vulnerability in Tenda Router's Web Server Buffer Overflow Vulnerability in Tenda Router's Web Server Cross-Site Scripting (XSS) Vulnerability in IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.0, 3.0.2, and 3.0.5 Information Leak in cdrom_ioctl_select_disc in Linux Kernel CSRF Vulnerability in WUZHI CMS 4.1.0 Allows Unauthorized Password Change CSRF Vulnerability in WUZHI CMS 4.1.0 Allows Unauthorized Username Change Arbitrary File Read Vulnerability in PHPYun 4.6 Stack-based Buffer Overflow in RegFilter.sys of IOBit Malware Fighter 6.2 and Earlier via IOCTL 0x8006E010 Stored XSS Vulnerability in Zoho ManageEngine OpManager 12.3 Self XSS Vulnerability in Zoho ManageEngine OpManager 12.3 before 123219 XSS Vulnerability in Eleanor CMS (ajax.php) Double-Free Vulnerability in gThumb's add_themes_from_dir Method Cross-Site Scripting (XSS) Vulnerability in IBM Maximo Asset Management 7.6 Cross-Site Scripting (XSS) Vulnerability in YUNUCMS 1.1.5 Cross-Site Scripting (XSS) Vulnerability in YUNUCMS 1.1.5 - admin/link/editlink?id=5 Cross-Site Scripting (XSS) Vulnerability in YUNUCMS 1.1.5 - admin/content/editcontent?id=29&gopage=1 XSS Vulnerability in YUNUCMS 1.1.5's Edit Area Functionality Cross-Site Scripting (XSS) Vulnerability in YUNUCMS 1.1.5 Cross-Site Scripting (XSS) Vulnerability in YUNUCMS 1.1.5 - admin/banner/editbanner?id=20 Cross-Site Scripting (XSS) Vulnerability in YUNUCMS 1.1.5's admin/sitelink/editsitelink?id=16 Buffer Overflow Vulnerability in Tenda Router's Web Server Remote Code Execution Vulnerability in Tenda AC9, AC15, and AC18 Devices Heap-based Buffer Overflow Vulnerability in Tenda Router's Web Server Buffer Overflow Vulnerability in Tenda Router's Web Server Buffer Overflow Vulnerability in Tenda Router's Web Server Buffer Overflow Vulnerability in Tenda Router's Web Server XSS Vulnerability in Catfish CMS 4.8.30: Write Source Code CSRF Vulnerability in Catfish CMS 4.8.30 CSRF Vulnerability in catfish blog 2.0.33's admin/Index/tiquan Catfish Blog 2.0.33 XSS Vulnerability: Write Source Code XXE and SSRF Vulnerability in Douchat 4.0.4 via Data\notify.php XSS Vulnerability in SEMCMS 3.4 via category_key Parameter XSS Vulnerability in SEMCMS 3.4 via admin/SEMCMS_Products.php?lgid=1 Keywords Field Information Disclosure Vulnerability in IBM API Connect 5.0.0.0 through 5.0.8.5 XSS Vulnerability in SEMCMS 3.4 via admin/SEMCMS_Link.php?lgid=1 URI XSS Vulnerability in SEMCMS 3.4 via admin/SEMCMS_Download.php?lgid=1 CSRF Vulnerability in SEMCMS 3.4 via admin/SEMCMS_User.php?Class=add&CF=user URI XSS Vulnerability in SEMCMS 3.4 via admin/SEMCMS_Categories.php?pid=1&lgid=1 URI XSS Vulnerability in SEMCMS 3.4 via Admin Panel XSS Vulnerability in SEMCMS 3.4 via admin/SEMCMS_Menu.php?lgid=1 Sandboxie 5.26 Sandbox Escape via import os Statement Integer Overflow in data-tools leads to incorrect end value in write_wchars function Open Redirect Vulnerability in IBM InfoSphere Information Governance Catalog Double Free Vulnerability in GNU Gettext 0.19.8 Arbitrary File Upload Vulnerability in Webiness Inventory 2.3 via logo Parameter in WsSaveToModel.php Typecho V1.1 Remote Command Execution via SSRF Backdoor Root Account Vulnerability in ZyXEL VMG3312-B10B 1.00(AAPP.7) Devices SQL Injection in K-iwi Framework 1775 via user_group_id and user_id parameters Buffer Overflow Vulnerability in Local Server 1.0.9 on Port 4008 Open Faculty Evaluation System 5.6 for PHP 5.6 - SQL Injection in submit_feedback.php Open Faculty Evaluation System 7 for PHP 7 - SQL Injection in submit_feedback.php Buffer Overflow Vulnerability in Modbus Slave 7.0.0 Password Exposure in IBM Robotic Process Automation with Automation Anywhere 11 Control Room Log File CSRF Vulnerability in RhinOS 3.0 build 1190 SQL Injection Vulnerability in SaltOS 3.1 r8126 Database Download Vulnerability in SaltOS 3.1 r8126 SQL Injection in SaltOS 3.1 r8126 via action=ajax&query=numbers&page=usuarios&action2 parameter. Arbitrary Memory Read Vulnerability in Cesanta Mongoose 6.13 MQTT Packet Parsing Cesanta Mongoose 6.13 MQTT Packet Parsing Heap-Based Buffer Over-read Vulnerability Elevation of Privilege Vulnerability in Provisio SiteKiosk Call Dispatcher Cleartext Transmission of Credentials in D-Link 'myDlink Baby App' Unencrypted Password Storage Vulnerability in IBM Robotic Process Automation with Automation Anywhere 11 Arbitrary File Upload Vulnerability in LuLu CMS CSRF Vulnerability in CentOS Web Panel (CWP) Allows Arbitrary OS Command Execution CSRF Vulnerability in CentOS Web Panel (CWP) Allows Unauthorized Root Password Change Cross-Site Scripting (XSS) Vulnerability in CentOS Web Panel (CWP) 0.9.8.740 Cross-Site Scripting (XSS) Vulnerability in Microstrategy Web 7 Login.asp Cross-Site Scripting (XSS) Vulnerability in Microstrategy Web 7 via admin/admin.asp ShowAll Parameter Directory Traversal Vulnerability in Microstrategy Web 7 Arbitrary File Read Vulnerability in ACME mini_httpd before 1.30 Information Disclosure Vulnerability in IBM Robotic Process Automation with Automation Anywhere 11 (IBM X-Force ID: 151714) Cross-Site Scripting (XSS) Vulnerability in DedeCMS 5.7 SP2 via /member/uploads_select.php Reflected XSS Vulnerability in DedeCMS 5.7 SP2 via /member/myfriend.php ftype Parameter XSS Vulnerability in SEMCMS V3.4 via semcms_remail.php?type=ok umail Parameter SQL Injection Vulnerability in zzcms 8.3 via admin/tagmanage.php SQL Injection Vulnerability in zzcms 8.3 SQL Injection Vulnerability in zzcms 8.3 via pxzs Cookie SQL Injection Vulnerability in zzcms 8.3 via pxzs Cookie SQL Injection Vulnerability in zzcms 8.3 via tablename Parameter in admin/classmanage.php SQL Injection Vulnerability in zzcms 8.3 via Host HTTP Header SQL Injection Vulnerability in zzcms 8.3 via zxbigclassid Cookie SQL Injection Vulnerability in zzcms 8.3 via pxzs Cookie SQL Injection Vulnerability in zzcms 8.3 via pxzs Cookie Arbitrary File Upload Vulnerability in School Event Management System 1.0 CSRF Vulnerability in School Event Management System 1.0 SQL Injection Vulnerability in School Event Management System 1.0 SQL Injection Vulnerability in Library Management System 1.0's Search for Books Feature CSRF Vulnerability in School Attendance Monitoring System 1.0 SQL Injection Vulnerability in Attendance Monitoring System 1.0 CSRF Vulnerability in School Attendance Monitoring System 1.0 Tubigan Welcome to our Resort 1.0 Software SQL Injection Vulnerability SQL Injection Vulnerability in BSEN Ordering Software 1.0 CSRF Vulnerability in Tubigan Welcome to our Resort 1.0 Software SQL Injection Vulnerability in Curriculum Evaluation System 1.0 Bakeshop Inventory System 1.0: SQL Injection Vulnerability in Login Screen SQL Injection Vulnerability in Point Of Sales 1.0 Login Screen (LoginForm1.vb) SQL Injection Vulnerability in School Equipment Monitoring System 1.0 Cross-Site Scripting (XSS) Vulnerability in TIBCO Statistica Server Race-condition vulnerability in TIBCO JasperReports Server allows privilege escalation Directory Traversal Vulnerability in TIBCO JasperReports Library and Server Credential Exposure Vulnerability in TIBCO Managed File Transfer Command Center and Internet Server Spotfire Library External Storage File Modification Vulnerability Multiple Cross-Site Scripting Vulnerabilities in TIBCO Spotfire Analytics Platform and Server TIBCO Spotfire Authentication Bypass Vulnerability Unauthenticated Bypass of Authorization Checks in TIBCO JasperReports Server Persistent Cross Site Scripting Vulnerability in TIBCO JasperReports Server and Related Products Remote Registry Key Modification Vulnerability in Leostream Agent Unauthorized Chat Session Creation Vulnerability in MiCollab and MiVoice Business Express Vulnerability: Plain Text Display of Node Password in IBM Spectrum Protect Client Trace File Buffer Overflow Vulnerability in Icecast URL-Authentication Backend SQL Injection Vulnerability in Grapixel New Media v2.0 via pages.aspx pageref Parameter Cross-Site Scripting (XSS) Vulnerability in WolfCMS 0.8.3.1 via SVG File in File Manager Plugin Cross-Site Scripting (XSS) Vulnerability in WolfCMS v0.8.3.1 via SVG File Upload XSS Vulnerability in Pagoda Linux Panel V6.0 Login Log Rendering Heap-based Buffer Overflow in Libav 12.3's vc1_decode_p_mb_intfi Function Heap-based Buffer Over-read Vulnerability in Libav 12.3's ff_vc1_pred_dc Heap-based Buffer Overflow in Libav 12.3's vc1_decode_i_block_adv Function NULL Pointer Dereference Vulnerability in Libav 12.3's ff_vc1_parse_frame_header_adv Function Denial of Service Vulnerability in IBM MQ Console REST API Unauthenticated File Upload Vulnerability in MCMS 4.6.5 Directory Traversal Vulnerability in MCMS 4.6.5 SQL Injection via ASPSESSIONID Cookie in DKCMS 9.4 Heap-Based Buffer Overflow in libIEC61850 v1.3's BerEncoder_encodeOctetString Arbitrary PHP Code Execution via upload_template() in DocCms 2016.5.12 JSON Injection in Netdata 1.10.0 via api/v1/data tqx parameter HTTP Header Injection in Netdata 1.10.0 via api/v1/data filename parameter Netdata 1.10.0 Log Injection Vulnerability Full Path Disclosure (FPD) Vulnerability in Netdata 1.10.0 via api/v1/alarms Zip Slip Vulnerability in IBM Case Manager 5.x.x.x Cross-Site Scripting (XSS) Vulnerability in SEMCMS PHP V3.4 via SEMCMS_SeoAndTag.php Cross-Site Scripting (XSS) Vulnerability in SEMCMS PHP V3.4 via SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexkey Parameter CSRF Vulnerability in Z-BlogPHP 1.5.2.1935 (Zero) Allows Remote Code Execution SSRF Vulnerability in GitLab Kubernetes Integration Reflected Cross-Site Scripting Vulnerability in Advanced Comment System 1.0 Out-of-Bounds Access Vulnerability in Qemu 3.0.0's lsi_do_msgin Function Sensitive Information Disclosure in IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 Arbitrary Code Execution via Malicious YAML Configuration in Octopus Deploy Cerio DT-300N OS Command Injection Vulnerability Algorithmic Complexity Denial of Service in Lightbend Spray spray-json through 1.3.4 Denial of Service Vulnerability in Lightbend Spray spray-json through 1.3.4 Local Privilege Escalation Vulnerabilities in LiquidVPN Client for macOS Local Privilege Escalation Vulnerabilities in LiquidVPN Client for macOS Local Privilege Escalation Vulnerabilities in LiquidVPN Client for macOS Local Privilege Escalation Vulnerabilities in LiquidVPN Client for macOS Sensitive Information Disclosure Vulnerability in IBM Security Access Manager Appliance 9.0.x SwitchVPN Client 2.1012.03 for macOS - Local Privilege Escalation Vulnerability Remote Code Execution Vulnerability in PCMan FTP Server 2.0.7 via APPE Command Incorrect Access Control in BMC Remedy Mid-Tier 7.1.00 and 9.1.02.003 for BMC Remedy AR System Local File Inclusion Vulnerability in NGA ResourceLink 20.0.2.1 XSS Vulnerability in Loadbalancer.org Enterprise VA MAX before 8.3.3 Credentials Disclosure in Royal Browser Extensions TS and TSX Incomplete Fix for SSRF Vulnerability in tecrail Responsive FileManager 9.13.4 Persistent XSS Vulnerability in No-CMS 1.1.3 via contact_us name parameter Directory Traversal Vulnerability in EmpireCMS V7.5 Allows Arbitrary Code Execution Hard-coded Credentials Vulnerability in IBM Security Access Manager Appliance 9.0.x.x Unauthenticated Password Change Vulnerability in Gigaset Maxwell Basic VoIP Phones Stored XSS Vulnerability in Kieran O'Shea Calendar Plugin for WordPress NULL Pointer Dereference in ras_putdatastd function in JasPer 2.0.14 Arbitrary PHP Code Execution in nc-cms through 2017-03-10 Stored Cross-site Scripting (XSS) Vulnerability in Columbia Weather MicroServer Firmware Version MS_2.6.9900 Directory Traversal Vulnerability in Columbia Weather MicroServer Firmware Version MS_2.6.9900 Authenticated Web User Access to Alternative Configuration Page in Columbia Weather MicroServer Firmware Version MS_2.6.9900 Remote Denial of Service Vulnerability in Columbia Weather MicroServer Firmware MS_2.6.9900 Command Injection Vulnerability in Columbia Weather MicroServer Firmware Version MS_2.6.9900 Untrusted Search Path Vulnerability in IBM i Access for Windows: Arbitrary Code Execution via Trojan Horse DLL Columbia Weather MicroServer Firmware Version MS_2.6.9900 - Reflected XSS Vulnerability in networkdiags.php ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition Module 1.05 Firmware v1.05 - Denial of Service (DOS) Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition Module 1.05 Nested VT-x Vulnerability in Xen Hypervisor Stored XSS Vulnerability in Helpy v2.1.0 via Ticket Title SQL Injection Vulnerability in S-CMS PHP 1.0 via type parameter in member_news.php Arbitrary PHP File Upload Vulnerability in laravelCMS Cross-Site Scripting (XSS) Vulnerability in IBM Security Guardium 10.0 and 10.5 Full Path Disclosure Vulnerability in MiniCMS 1.10 via /mc-admin/post.php?state=delete&delete= File Deletion Vulnerability in MiniCMS 1.10 Arbitrary PHP Code Execution Vulnerability in MiniCMS 1.10 Jinjava before 2.4.6 Vulnerability: Unblocked getClass Method in JinjavaBeanELResolver Directory Traversal Vulnerability in Older Lexmark Devices' Embedded Web Server Memory Leak in GfxColorSpace::setDisplayProfile in Poppler 0.71.0 Denial of Service Vulnerability in Best Practical Request Tracker Email-Ingestion Feature Absolute RPATHs in IBM SDK, Java Technology Edition Version 8 on AIX Platform Vulnerability Remote Code Execution Vulnerability in Vanilla 2.6.x before 2.6.4 D-Link DIR-850L 1.21WW Partial WPA Handshake Vulnerability Cleartext HTTP Requests in Sky Go Desktop Application for Windows: Vulnerability for Man-in-the-Middle Attacks XSS Vulnerability in xhEditor 1.2.2 via SRC Attribute of IFRAME Element Cross-Site Scripting (XSS) Vulnerability in IBM Security Guardium 10 and 10.5 Stack-based Buffer Overflow in Easy File Sharing (EFS) Web Server 7.2 Allows Remote Code Execution DLL Search Order Hijacking Vulnerability in Opera Remote Denial of Service Vulnerability in Exiv2 0.27-RC1 XSS Vulnerability in WP Editor.md Plugin 10.0.1 for WordPress via Comment Area Cross-Site Scripting (XSS) Vulnerability in IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 Invalid Opcode Vulnerability in Py-EVM v0.2.0-alpha.33 CSRF Vulnerability in PHP Server Monitor before 3.3.2 Remote Code Execution via AbiSoft Ticketly 1.0 add_user Vulnerability Multiple SQL Injection Vulnerabilities in AbiSoft Ticketly 1.0 Arbitrary Code Execution via Image-Upload in ProjeQtOr 7.2.5 Remote Code Execution Vulnerability in Gogs 0.11.66 Remote Code Execution Vulnerability in Gitea before 1.5.4 Cross-Site Scripting (XSS) Vulnerability in PublicCMS V4.0 Integer Overflow in ICU's DecimalQuantity::toScientificString() Function Default Local Administrator Credentials Vulnerability in Tightrope Media Carousel Seneca HDn Windows-based Appliance 7.0.4.104 Cross-Site Scripting (XSS) Vulnerability in IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 Arbitrary File Upload Vulnerability in Tightrope Media Carousel Digital Signage Product 7.0.4.104 Privilege Escalation via Insecure Default Permissions in Tightrope Media Carousel Remote Denial of Service and Information Disclosure Vulnerability in Foxit Reader 9.3.0.10826 Arbitrary PHP Code Execution via ZIP File Upload in PopojiCMS v2.0.1 CSRF Vulnerability in PopojiCMS v2.0.1 via po-admin/route.php?mod=component&act=addnew URI Arbitrary File Deletion Vulnerability in PopojiCMS v2.0.1 NULL Pointer Dereference in ClientDataSet_getValues in libIEC61850 v1.3 Stored XSS Vulnerability in WUZHI CMS 4.1.0 via index.php?m=core&f=index Stored XSS Vulnerability in WUZHI CMS 4.1.0 via index.php?m=core&f=index Reflected XSS Vulnerability in Netscape Enterprise 3.63 SnoopServlet Remote Privilege Escalation in Vignette Content Management Version 6 Arbitrary PHP Code Execution in baserCMS ThemeConfig Logo Parameter Cross-Site Scripting (XSS) Vulnerability in baserCMS 4.1.4 Buffer Overflow Vulnerability in Artha ~ The Open Thesaurus 1.0.3.0 SQL Injection Vulnerability in Zoho ManageEngine OpManager 12.3 Cross-Site Scripting (XSS) Vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 Path Traversal Vulnerability in KindEditor through 4.1.11: Unauthenticated File and Directory Browsing XSS Vulnerability in JEECMS 9.3 via index.do#/content/update?type=update URI Out-of-Bounds Memory Access in pnv_lpc_do_eccb Function in Qemu Privilege Escalation in Linux Kernel User Namespace Handling Denial of Service Vulnerability in Suricata 4.x (CVE-2018-18956) Stack-Based Buffer Overflow in libIEC61850 v1.3's prepareGooseBuffer Function Incorrect Access Control in OPNsense 18.7.x before 18.7.7 Denial of Service Vulnerability on Epson WorkForce WF-2861 Possible Host Header Injection Vulnerability in IBM Connections 5.0, 5.5, and 6.0 Amplification Attack Vulnerability in Epson WorkForce WF-2861 Devices SQL Injection Vulnerability in Degrau Publicidade e Internet Plataforma de E-commerce's Busca.aspx.cs Incomplete '.htaccess' for Blacklist Filtering in osCommerce 2.3.4.1 Product Page Incomplete '.htaccess' for Blacklist Filtering in osCommerce 2.3.4.1 Product Page Incomplete '.htaccess' blacklist filtering in osCommerce 2.3.4.1 product page allows HTML rendering in .eml files Stack-based Buffer Overflow in IBM DB2 db2pdcfg (CVE-2020-4414) Weak Certificate-Pinning Implementation in Ascensia Contour NEXT ONE iOS App Allows Disclosure of Medical Information Direct Object Reference Vulnerability in Ascensia Contour NEXT ONE Application Weak Obfuscation in Ascensia Contour NEXT ONE Android App Allows Extraction of Sensitive Medical Data Static Encryption Key Vulnerability in Ascensia Contour NEXT ONE Android App Static Initialization Vector in Ascensia Contour NEXT ONE Android App Allows Unauthorized Access to Patient Medical Information XML External Entity (XXE) Injection Vulnerability in Zoho ManageEngine Network Configuration Manager and OpManager Denial-of-Service Vulnerability in Rockwell Automation FactoryTalk Services Platform 2.90 and Earlier Arbitrary SQL Injection Vulnerability in NUUO CMS Versions 3.3 and Prior Heap-based Buffer Overflow in VT-Designer Version 2.1.7.31 Unencrypted Storage of Sensitive Information in Medtronic Programmers Cross-Site Scripting Vulnerability in Tridium Niagara Enterprise Security and Niagara AX LCDS Laquis SCADA Prior to Version 4.1.0.4150 Report Format File Vulnerability Arbitrary Memory Write Vulnerability in VT-Designer Version 2.1.7.31 Remote Code Execution Vulnerability in LCDS Laquis SCADA Memory Reference Vulnerability in CX-One Versions 4.42 and Prior Improper Access Control in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 Path Traversal Vulnerability in LCDS Laquis SCADA Reflected Cross-Site Scripting Vulnerability in SCADA WebServer (Versions prior to 2.03.0001) Remote Code Execution Vulnerability in LCDS Laquis SCADA prior to version 4.1.0.4150 Stack-based Buffer Overflow Vulnerabilities in CX-One Versions 4.42 and Prior Out of Bounds Read Vulnerability in LCDS Laquis SCADA Prior to Version 4.1.0.4150 Unauthenticated Access Vulnerability in ABB GATE-E1 and GATE-E2 Ethernet Devices Unauthenticated Remote Code Execution in LCDS Laquis SCADA (prior to version 4.1.0.4150) Unauthenticated Remote Code Execution in ABB GATE-E1 and GATE-E2 Ethernet Devices Hard Coded Credentials in LCDS Laquis SCADA Prior to Version 4.1.0.4150 Stack Buffer Overflow Vulnerability in WebAccess/SCADA Version 8.3.2 Cross-Site Scripting (XSS) Vulnerability in IBM Curam Social Program Management Authentication Bypass Vulnerability in LCDS Laquis SCADA Prior to Version 4.1.0.4150 Weak Encryption Vulnerability in Philips HealthSuite Health Android App LCDS Laquis SCADA Prior to Version 4.1.0.4150 Project File Code Generation Vulnerability Path Traversal Vulnerability in GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e Versions 03.03.28C to 05.02.04C, EX2100e All versions prior to v04.09.00C, EX2100e_Reg All versions prior to v04.09.00C, and LS2100e All versions prior to v04.09.00C Out of Bounds Read Vulnerability in LCDS Laquis SCADA Prior to Version 4.1.0.4150 Improper Input Validation Vulnerability in Cscape, Version 9.80.75.3 SP3 and Prior Cross-Site Scripting Vulnerability in OSIsoft PI Vision OS System Command Injection Vulnerability in Geutebrueck GmbH E2 Camera Series Arbitrary Code Execution Vulnerability in ABB CP400 Panel Builder's TextEditor 2.0 Clear-text Credential Data Exposure in Pilz PNOZmulti Configurator (Prior to Version 10.9) Elevated Privileges Vulnerability in IBM WebSphere Application Server 8.5 and 9.0 Vulnerability: Network Packet Reboot Disruption in Drager Infinity Delta and Infinity Explorer C700 Monitors Arbitrary Code Execution in CX-Supervisor (Versions 3.42 and prior) Vulnerability: Kiosk Mode Breakout in Drager Infinity Delta, Delta XL, Kappa, and Infinity Explorer C700 Command Injection Vulnerability in CX-Supervisor (Versions 3.42 and prior) Allows File Deletion and Content Manipulation Unauthenticated Network Access to Log Files Reveals Sensitive Information in Drager Infinity Delta and Delta XL Patient Monitors Command Injection and Code Execution Vulnerability in CX-Supervisor (Versions 3.42 and prior) Denial-of-Service Vulnerability in Rockwell Automation EtherNet/IP Web Server Modules Use After Free Vulnerabilities in CX-Supervisor (Versions 3.42 and Prior) Allow Code Execution Uninitialized Pointer Vulnerability in CX-Supervisor (Versions 3.42 and prior) Allows Code Execution Type Confusion Vulnerability in CX-Supervisor (Versions 3.42 and prior) Allows Code Execution Remote Connection Spoofing Vulnerability in IBM WebSphere Application Server Array Out-of-Bounds Read Vulnerability in CX-Supervisor (Versions 3.42 and prior) Authentication Bypass Vulnerability in Emerson DeltaV DCS Versions 11.3.1 - R6 Fixed Code Vulnerability in Hetronic Nova-M Remote Control Arbitrary Command Execution Vulnerability in JUUKO K-808 Firmware (Versions Ending in ...9A, ...9B, ...9C, etc.) Type Confusion Vulnerabilities in CX-One and CX-Protocol: Code Execution via Crafted Project Files Remote Code Execution and Memory Manipulation in LCDS Laquis SCADA (CVE-2021-XXXX) Privilege Escalation Vulnerability in IBM Sterling Connect:Direct for UNIX Command Injection Vulnerability in 360 Router Series Products (V2.0.61.58897) Remote Code Execution Vulnerability in Bosch IP Cameras Denial of Service Vulnerability in Virgin Media Wireless Router 3.0 Hub Web Interface Arbitrary File Read Vulnerability in Grafana Arbitrary Code Execution Vulnerability in IBM WebSphere Application Server Directory Listing Vulnerability in Media File Manager Plugin 1.4.2 for WordPress Cross-Site Scripting (XSS) Vulnerability in Media File Manager Plugin 1.4.2 for WordPress Arbitrary File Movement Vulnerability in Media File Manager Plugin for WordPress Arbitrary File Renaming Vulnerability in Media File Manager Plugin for WordPress Arbitrary File Overwrite Vulnerability in keepalived 2.0.8 Sensitive Information Leakage in keepalived 2.0.8 via PrintData and PrintStats Functions Potential Information Leakage in keepalived 2.0.8 via Temporary File SSRF Vulnerability in mPDF through 7.1.6 DOM XSS via onload attribute in malformed SVG element in Simditor through 2.3.21 XML External Entity Injection (XXE) Vulnerability in IBM WebSphere Application Server 9.0.0.0 through 9.0.0.9 XSS Vulnerability in MetInfo 6.1.3 via admin/index.php?a=dogetpassword langset Parameter XSS Vulnerability in MetInfo 6.1.3 via abt_type Parameter in admin/index.php?a=dogetpassword Path Traversal Vulnerability in mod_alias_physical_handler Arbitrary PHP Code Execution in PbootCMS 1.2.2 DOM XSS vulnerability in pandao Editor.md 1.5.0 via mishandling of input starting with <<. XSS Vulnerabilities in SimpleMDE 1.11.2 Denial of Service Vulnerability in Poppler 0.71.0 Out-of-Bounds Read Vulnerability in Poppler 0.71.0 Code Download Vulnerability in IBM InfoSphere Information Server NULL Pointer Dereference in Poppler 0.71.0 Leads to Denial of Service SQL Injection Vulnerability in DedeCMS 5.7 SP2 via dede\co_do.php ids Parameter Blank Password Vulnerability on Foscam C2 and Opticam i5 Devices Blank Password Vulnerability on Foscam C2 and Opticam i5 Devices Hardcoded Password Vulnerability in Foscam C2 and Opticam i5 Devices Hardcoded Password Encryption Vulnerability in Foscam C2 and Opticam i5 Devices Hardcoded Password Vulnerability in Foscam C2 and Opticam i5 Devices Unauthorized Access to Telnet Switch Feature on Foscam Opticam i5 Devices Vulnerability: Unauthorized Telnet Access with Default Credentials Arbitrary OS Command Execution Vulnerability in Foscam C2 and Opticam i5 Devices Insecure Permissions on /mnt/mtd/boot.sh Allows Local Command Execution Insecure Permissions on Foscam C2 and Opticam i5 Devices Arbitrary OS Command Execution Vulnerability in Foscam C2 and Opticam i5 Devices Vulnerability: Ineffective Firewall on Foscam C2 and Opticam i5 Devices Vulnerability: Firewall Feature Disclosure in Foscam C2 and Opticam i5 Devices Vulnerability: Brute-Force Authentication Bypass on Foscam C2 and Opticam i5 Devices Denial of Service Vulnerability in Foscam Opticam i5 Devices Foscam Opticam i5 Devices: Administrator Credentials Exposed in ONVIF Media GetStreamUri Response Unauthenticated Reboot Vulnerability in Foscam Opticam i5 Devices Cross-Site Scripting Vulnerability in IBM Robotic Process Automation with Automation Anywhere 11 Unauthenticated Persistent XSS in Foscam Opticam i5 ONVIF Devicemgmt SetHostname Method Arbitrary OS Command Execution via ONVIF SetDNS Method in Foscam Opticam i5 Devices Stack-based Buffer Overflow Vulnerability in Foscam Opticam i5 ONVIF Devicemgmt SetDNS Method XSS Vulnerability in WeCenter 3.2.0 - 3.2.2 via htmlspecialchars_decode Function Stack-based Buffer Overflow in RegFilter.sys of IOBit Malware Fighter 6.2 Stack-based Buffer Overflow in RegFilter.sys of IOBit Malware Fighter 6.2 Stack-based Buffer Overflow in RegFilter.sys of IOBit Malware Fighter 6.2 Stack-based Buffer Overflow in RegFilter.sys of IOBit Malware Fighter 6.2 Stored XSS in Tianti 2.3 Userlist Module via Mishandled Name Parameter Stored XSS Vulnerability in Tianti 2.3 Article Management Module via Article Title Reflected XSS Vulnerability in Tianti 2.3 User Management Module XSS Vulnerability in YzmCMS v5.2 via search/index/archives/pubtime/ Query String SEGV Vulnerability in libIEC61850 v1.3: ControlObjectClient_setCommandTerminationHandler Cross-Site Scripting (XSS) Vulnerability in IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 CSRF Vulnerability in BageCMS 3.1.3 Allows Arbitrary File Upload and Server Privilege Escalation Remote Code Execution Vulnerability in LibreCAD 2.1.3 Invalid URL Encoding Vulnerability in Avi Vantage (AV-33959) Integer Overflow Vulnerability in Exiv2 0.26 Allows Denial of Service via Crafted PSD Image File Integer Overflow Vulnerability in Exiv2::PsdImage::readMetadata in PSD Image Reader Tianti 2.3 Remote Authentication Bypass Vulnerability Cross-Site Scripting (XSS) Vulnerability in IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.2 and 6.0 through 6.0.6 Unauthenticated Access to Skin Management in Tianti 2.3 Google Cardboard App 1.8 and 1.2 Sends Potentially Private Cleartext Information to Unity 3D Stats Web Site Privilege Escalation Vulnerability in Pronestor PNHM Outlook Add-in Arbitrary File Upload and Privilege Escalation Vulnerability in MinDoc Heap-based Buffer Overflow in keepalived before 2.0.7 when Parsing HTTP Status Codes Remote Denial of Service Vulnerability in Zoho ManageEngine ADAudit Cross-Site Scripting (XSS) Vulnerability in IBM DOORS Next Generation (DNG/RRC) 6.0.2 through 6.0.6 Outbound TCP Connection Disclosure Vulnerability in KDE HTML Thumbnailer Plugin SEGV Vulnerability in libIEC61850 v1.3 Ethernet_receivePacket NULL Pointer Dereference Vulnerability in libIEC61850 v1.3 Ethernet_sendPacket Arbitrary Image File Write Vulnerability in PrestaShop 1.6.x and 1.7.x on Windows Remote Directory Deletion Vulnerability in PrestaShop 1.6.x and 1.7.x Arbitrary Code Execution via File Upload in PrestaShop 1.6.x and 1.7.x Arbitrary Code Execution via Code Injection in PHPCMS 2008 Heap-based Buffer Over-read Vulnerability in Libav 12.3's decode_frame Function NULL Pointer Dereference Vulnerability in Libav 12.3 Cross-Site Scripting (XSS) Vulnerability in IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.3 and 6.0 through 6.0.6 Invalid Memory Access Vulnerability in Libav 12.3's vc1_decode_frame Function XSS Vulnerability in Squid 4.4 and Earlier Versions via Crafted X.509 Certificate Denial of Service Vulnerability in Squid (Memory Leak via SNMP Packet) Critical Email Address Leak Vulnerability in Flarum Core 0.1.0-beta.7.1 Type Confusion Vulnerability in Artifex Ghostscript through 9.25 CSRF Vulnerability in ClipperCMS 1.3.3 Allows Unauthorized File Upload and Access XSS Vulnerability in DomainMOD 4.11.01 via assets/edit/registrar-account.php raid Parameter XSS Vulnerability in DomainMOD 4.11.01 via assets/edit/ip-address.php CSRF Vulnerability in WSTMart 2.0.7 via index.php/admin/staffs/add.html URI Memory Leak in JasPer 2.0.14: jas_malloc.c and jpc_unk_getparms in jpc_cs.c Vulnerability Cross-Site Scripting (XSS) Vulnerability in IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 XSS Vulnerability in OTRS 4.0.x and 5.0.x XSS Vulnerability in OTRS 6.0.x before 6.0.13 File Deletion Vulnerability in OTRS 4.0.x, 5.0.x, and 6.0.x XSS Vulnerability in S-CMS v1.5 search.php via keyword Parameter XSS Vulnerability in Concrete5 8.4.3 via SVG File Uploads Caddy 0.11.0 Vulnerability: Incorrect Certificate Disclosure for Invalid Requests NULL Pointer Dereference in Poppler Attachment Handling Memory Corruption Vulnerability in PDMODELProvidePDModelHFT in pdmodel.dll Remote Denial of Service Vulnerability in Qtum 0.16: Exploiting Invalid Headers/Blocks Remote Denial of Service Vulnerability in Emercoin 0.7: Disk and RAM Exhaustion via Invalid Headers/Blocks Remote Denial of Service Vulnerability in Particl 0.17: Exploiting Invalid Headers/Blocks HTMLCOIN 2.12 Vulnerability: Remote Denial of Service via Invalid Headers/Blocks Remote Denial of Service Vulnerability in NavCoin 4.3.0: Disk and RAM Exhaustion via Invalid Headers/Blocks Remote Denial of Service Vulnerability in PIVX 3.1.03: Exploiting Invalid Headers/Blocks Storage Remote Denial of Service Vulnerability in Phore 1.3.3.1: Exploiting Invalid Headers/Blocks Storage Remote Denial of Service Vulnerability in ColossusCoinXT 1.0.5: Exploiting Invalid Headers/Blocks Storage Remote Denial of Service Vulnerability in Lux (through version 5.2.2) via Invalid Headers/Blocks Cross-Site Scripting (XSS) Vulnerability in IBM Jazz Foundation Remote Denial of Service Vulnerability in Diamond 3.0.1.2: Exploiting Invalid Headers/Blocks Storage Remote Denial of Service Vulnerability in Alqo through 4.1 Remote Denial of Service Vulnerability in Divi Cryptocurrency Remote Denial of Service Vulnerability in StratisX 2.0.0.5: Exploiting Invalid Headers/Blocks Storage Remote Denial of Service Vulnerability in Reddcoin 2.1.0.5: Exploiting Invalid Headers/Blocks Storage Remote Denial of Service Vulnerability in Neblio 1.5.1: Exploiting Invalid Headers/Blocks Storage Remote Denial of Service Vulnerability in Peercoin 0.6.4: Exploiting Invalid Headers/Blocks Storage Remote Denial of Service Vulnerability in CloakCoin 2.2.2.0: Exploiting Invalid Headers/Blocks Storage Arbitrary Code Execution via Shell Metacharacter Injection in FruityWifi (PatatasFritas/PatataWifi) Authenticated User Access to JSP Files and Sensitive Information Disclosure in IBM InfoSphere Information Server Stored XSS Vulnerability in JPress v1.0-rc.5 via starter-tomcat-1.0/admin/setting URI Stored XSS vulnerability in com/lxinet/jeesns/core/utils/XssHttpServletRequestWrapper.java in JEESNS 1.3 via HTML EMBED element Cross-Site Scripting (XSS) Vulnerability in IBM Jazz Reporting Service (JRS) 6.0.3-6.0.6 Arbitrary PHP Code Execution in YUNUCMS 1.1.5 via Install.php Vulnerability Arbitrary File Deletion Vulnerability in YUNUCMS 1.1.5 CSRF Vulnerability in Engelsystem before commit hash 2e28336 Denial of Service Vulnerability in ethereumjs-vm 2.4.0 via code: Buffer.from(my_code, 'hex') Attribute Denial of Service Vulnerability in Go Ethereum (geth) 1.8.17 via Crafted Bytecode Heap-based Buffer Overflow in libIEC61850 v1.3's BerEncoder_encodeOctetString XSS Vulnerability in Amazon PAYFORT payfort-php-SDK: Exploiting route.php paymentMethod Parameter XSS Vulnerability in Amazon PAYFORT payfort-php-SDK Payment Gateway SDK XSS Vulnerability in Amazon PAYFORT payfort-php-SDK: success.php fort_id Parameter XSS Vulnerability in Amazon PAYFORT payfort-php-SDK Payment Gateway SDK XSS Vulnerability in Amazon PAYFORT payfort-php-SDK: Exploiting error.php error_msg Parameter Cross-Site Scripting (XSS) Vulnerabilities in Webmin 1.890 CSRF Vulnerability in XiaoCms 20141229 XSS Vulnerability in XiaoCms 20141229: Exploiting the New News Input Box Full Path Disclosure in XiaoCms 20141229 XSS Vulnerability in XiaoCms 20141229: template\default\show_product.html Arbitrary Code Execution Vulnerability in XiaoCms 20141229 Arbitrary Directory Deletion Vulnerability in XiaoCms 20141229 Out-of-Bounds Write Vulnerability in uriparser before 0.9.0 Integer Overflow in uriparser's UriQuery.c XML External Entity Injection (XXE) Vulnerability in IBM Marketing Platform 9.1.0, 9.1.2, and 10.1 Null Pointer Dereference in uriparser's UriCommon.c Reflected XSS Vulnerability in MyBB ModCP Profile Editor (CVE-2020-12345) Reflected XSS Vulnerability in MyBB 1.8.x through 1.8.19 via 'upsetting[bburl]' Parameter Remote Unauthenticated Termination of PRTG Core Server Service Vulnerability Arbitrary Code Execution and OS Command Injection in PRTG Network Monitor GnuPG MDC Integrity-Protection Warning Vulnerability in Roundcube XSS Vulnerability in Roundcube before 1.3.8 via Crafted SVG Style Arbitrary Code Execution Vulnerability in Van Ons WP GDPR Compliance Plugin (CVE-2018-19207) NULL Pointer Dereference in WP6ContentListener::defineTable Function in libwpd 0.10.2 NULL Pointer Dereference in NASM 2.14rc15: A DoS Vulnerability in find_label Function Cross-Site Scripting (XSS) Vulnerability in IBM Campaign 9.1.0, 9.1.2, 10.1, and 11.0 NULL Pointer Dereference Vulnerability in LibTIFF 4.0.9 NULL Pointer Dereference in _nc_parse_entry Function Leads to Denial of Service Attack in ncurses 6.1 Denial of Service Vulnerability in libwebm through 2018-10-03 Memory Leaks in NASM (Netwide Assembler) Version 2.14rc16: Potential DoS Vulnerability Heap-Based Buffer Over-Read Vulnerability in NASM 2.14rc15 Heap-Based Buffer Over-Read Vulnerability in NASM 2.14rc16's expand_mmac_params Function Use-after-free vulnerability in NASM before 2.13.02 in detoken at asm/preproc.c NULL Pointer Dereference Vulnerability in ncurses Illegal Address Access Vulnerability in LibSass 3.5-stable Leading to DoS Attack Illegal Address Access Vulnerability in LibSass 3.5-stable: Exploitable DoS Attack via Sass::Eval::operator Buffer Overflow Vulnerability in IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 Arbitrary PHP Code Execution in LAOBANCMS 2.0 via install/ URI SQL Injection Vulnerability in LAOBANCMS 2.0 via admin/login.php guanliyuan parameter Vulnerability: LAOBANCMS 2.0 Admin Password Reset via /install/mysql_hy.php?riqi=0&i=0 Attack Cross-Site Scripting (XSS) Vulnerability in LAOBANCMS 2.0 via admin/type.php?id=1 URI Spoofing Vulnerability in LAOBANCMS 2.0 Allows Unauthorized Access CSRF Vulnerability in LAOBANCMS 2.0's admin/mima.php Directory Traversal Vulnerability in LAOBANCMS 2.0 Allows Remote File Listing XSS Vulnerability in LAOBANCMS 2.0 via admin/liuyan.php neirong[] Parameter Arbitrary File Deletion Vulnerability in LAOBANCMS 2.0 XSS Vulnerability in LAOBANCMS 2.0 via admin/art.php?typeid=1 biaoti Parameter Buffer Overflow Vulnerability in IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 Denial of Service Vulnerability in Epson WorkForce WF-2861 Firmware Update Service Hard-coded Credentials Vulnerability in COMPAREX Miss Marple Enterprise Edition Arbitrary Code Execution Vulnerability in COMPAREX Miss Marple Updater Service OS Command Injection Vulnerability in TRENDnet TEW-673GRU v1.00b40 Devices Buffer Overflow Vulnerability in TRENDnet TV-IP110WN and TV-IP121WN Devices Buffer Overflow Vulnerability in TRENDnet TV-IP110WN and TV-IP121WN Devices Buffer Overflow Vulnerability in TRENDnet TEW-632BRP and TEW-673GRU Devices: Control Flow Hijacking via Crafted POST Request XML External Entity (XXE) Vulnerability in Charles 4.2.7 Import/Export Setup Local File Inclusion Vulnerability in PHP-Proxy 5.1.0 Unauthenticated Firmware Upload and Printer Reset Vulnerability in Epson WorkForce WF-2861 Devices Replay Attack Vulnerability in Stripe API v1 Weak Cryptographic Algorithms in IBM WebSphere MQ 9.1.x Cross-Site Request Forgery (CSRF) Vulnerability in IBM WebSphere Application Server Admin Console Cross-Site Request Forgery Vulnerability in IBM StoredIQ 7.6 SQL Injection Vulnerability in Centreon 3.4.x (Fixed in Centreon 18.10.0 and Centreon web 2.8.28) Remote Code Execution through Object Injection in phpBB 3.2.4 and earlier versions Default Password Vulnerability in Mitel InAttend and CMG Suite Servers Insecure Object Deserialization Allows Arbitrary Command Execution in OpenMRS XXE Bypass Vulnerability in PHPOffice PhpSpreadsheet through 1.5.0 via UTF-7 Encoding Buffer Overflow in DNS SRV and NAPTR Lookups in Digium Asterisk 15.x and 16.x before 15.6.2 and 16.0.1 Vulnerability: Plaintext Leakage of NTFS Files in PRIMX ZoneCentral Improper Authorization in IBM StoredIQ 7.6.0 Allows Low Privileged User Access to High Privileged User Endpoints Cross-Site Scripting (XSS) Vulnerability in Centreon 3.4.x Centreon 3.4.x SNMP Trap SQL Injection Vulnerability Denial of Service Vulnerability in Rockwell Automation PowerFlex 525 AC Drives XSS Vulnerability in Mubu Note 2018-11-11 via Crafted Account Name Cross-Site Scripting (XSS) in Ninja Forms Plugin for WordPress (<= 3.3.18) via Submissions Page Parameters XSS Vulnerability in Zoho ManageEngine OpManager 12.3 before Build 123223 via updateWidget API HTML Injection and JavaScript Execution via EMBED Element in Valine v1.3.3 Unauthenticated Access to Restricted Views in IBM Rational Engineering Lifecycle Manager Command Injection Vulnerability in Budabot's HELPBOT_MODULE CSRF Vulnerability in DiliCMS 2.4.0 Allows Unauthorized User or Group Deletion Improper Input Validation Vulnerability in Sylabs Singularity 2.4 to 2.6 Object Injection Vulnerability in PHPMailer Arbitrary Command Execution Vulnerability on D-Link DAP and DWR Series Routers Cross-Site Scripting (XSS) Vulnerability in tp4a TELEPORT 3.1.0 Login Page Cross-Site Scripting (XSS) Vulnerability in Centreon 3.4.x SQL Injection Vulnerability in Centreon 3.4.x (Fixed in Centreon 18.10.0 and Centreon web 2.8.24) CSRF Vulnerability in SRCMS 3.0.0 Allows Unauthorized Account Modification CSRF Vulnerability in SRCMS 3.0.0 Allows Unauthorized Price Manipulation Role-based Access Control Vulnerability in IBM API Connect 5.0.0.0 through 5.0.8.4 Ring0 memcpy-like functionality vulnerability in GDrv driver allows complete system takeover Privilege Escalation via GPCIDrv and GDrv Low-Level Drivers in GIGABYTE APP Center and Related Software Privilege Escalation via GPCIDrv and GDrv Low-Level Drivers in GIGABYTE APP Center and Related Software GDrv Low-Level Driver Exposes Machine Specific Register (MSR) Read/Write Vulnerability XSS Vulnerability in kimsQ Rb 2.3.0 via /?r=home&mod=mypage&page=info URI Zyxel VMG1312-B10D Directory Traversal Vulnerability CSRF Vulnerability in JTBC(PHP) 3.0.1.7 aboutus/manage.php Directory Traversal Vulnerability in LAOBANCMS 2.0 via install/mysql_hy.php Arbitrary File Deletion Vulnerability in GreenCMS v2.3.0603 Cross-Site Scripting (XSS) Vulnerability in IBM Planning Analytics 2.0 through 2.0.6 SQL Injection Vulnerability in S-CMS v1.5 search.php CSRF Vulnerability in S-CMS v1.5 Allows Unauthorized User Addition Memory Overwrite Vulnerability in gVisor's Shared Memory Handling Cross-Site Search (XS-Search) Vulnerability in Google Monorail Cross-Site Search (XS-Search) Vulnerability in Google Monorail Cross-Site Request Forgery Vulnerability in IBM Cognos Business Intelligence 10.2.2 Cross-Site Scripting (XSS) Vulnerability in Guriddo Form PHP 5.3 Denial of Service and Information Disclosure Vulnerability in Foxit Reader U3D Plugin Remote Code Execution Vulnerability in Foxit Reader U3D Plugin Remote Code Execution Vulnerability in Foxit Reader U3D Plugin Denial of Service and Information Disclosure Vulnerability in Foxit Reader U3D Plugin Remote Code Execution Vulnerability in Foxit Reader U3D Plugin Out-of-Bounds Read Vulnerability in Foxit Reader U3D Plugin Out-of-Bounds Read Vulnerability in Foxit Reader U3D Plugin Denial of Service and Information Disclosure Vulnerability in Foxit Reader U3D Plugin SQL Injection Vulnerability in SeaCMS v6.64 via admin_makehtml.php Sensitive Information Disclosure in IBM Connections 5.0, 5.5, and 6.0 Stored XSS Vulnerability in SeaCMS v6.6.4 via member.php?action=chgpwdsubmit Email Parameter Cross-Site Scripting (XSS) Vulnerability in Jupyter Notebook before 5.7.1 Cross-Site Scripting (XSS) Vulnerability in Jupyter Notebook before 5.7.2 Denial of Service Vulnerability in libansilove 1.0.0 Arbitrary Code Execution via File Upload in PrestaShop Customer Files Upload Addon Stack-based Buffer Overflow in XMPlay 3.8.3 via Crafted .m3u File URL Local Credential Retrieval Vulnerability in GNOME Keyring Incorrect Access Control in GitLab Community and Enterprise Edition 8.9 and later Stack-based Buffer Overflow in IBM DB2 libdb2e.so.1 (CVE-2020-4414) Unspecified Impact Vulnerability in FasterXML Jackson-databind 2.x Unspecified Impact Vulnerability in FasterXML Jackson-databind 2.x Unspecified Impact Vulnerability in FasterXML Jackson-databind 2.x Use-after-free vulnerability in QEMU's 9pfs file system implementation Directory Traversal Vulnerability in Wowza Streaming Engine 4.7.4.01 REST API Insecure Admin User Verification Endpoint in Portainer Local Privilege Escalation Vulnerability in IBM Cloud Private 3.1.1 Race Condition Vulnerability in Yoast SEO Plugin Allows Command Execution via ZIP Import XXE Vulnerability in SaveUserSettings service in SDL Web 8.5.0 allows reading sensitive files Local Privilege Escalation in Zoho ManageEngine ADManager Plus 6.6 Build 6657 CSRF Vulnerability in GreenCMS v2.3.0603 Allows Log File Deletion Local Privilege Escalation Vulnerability in IBM Cloud Private 3.1.1 Reflected XSS Vulnerability in SolarWinds Database Performance Analyzer 11.1.457 Denial of Service Vulnerability in Foxit Reader 9.3.0.10826 Denial of Service Vulnerability in Foxit Reader 9.3.0.10826 Open Redirect Vulnerability in IBM Cloud Private 3.1.1 Allows for Phishing Attacks Denial of Service Vulnerability in Foxit Reader 9.3.0.10826 Persistent XSS Vulnerability in Cobham Satcom Sailor 250 and 500 Devices Unauthenticated Password Reset Vulnerability in Cobham Satcom Sailor 250 and 500 Devices Arbitrary Content Writing and Denial of Service Vulnerability in Cobham Satcom Sailor 800 and 900 Devices Persistent XSS Vulnerability in Cobham Satcom Sailor 800 and 900 Devices NULL Pointer Dereference Vulnerability in PHP COM Extension Denial of Service Vulnerability in PHP's var_unserializer.c Remote Code Execution Vulnerability in YXcms 1.4.7 via ZIP Archive Upload NULL pointer dereference and BUG in kvm_pv_send_ipi vulnerability in Linux kernel (CVE-2018-19407) Denial of Service Vulnerability in vcpu_scan_ioapic Function Improper LockSafetyParams Check in Artifex Ghostscript Local Privilege Escalation Vulnerability in IBM Campaign 9.1.0 and 9.1.2 Unauthenticated Remote User Creation and Privilege Escalation in PRTG Network Monitor Privilege Escalation Vulnerability in PRTG Network Monitor Improper Access Controls in SonarQube API Expose Sensitive User Information Multiple Cross-Site Scripting (XSS) Vulnerabilities in Plikli CMS 4.0.0 SQL Injection Vulnerabilities in Plikli CMS 4.0.0 Out-of-Bounds Read Vulnerability in sysstat 12.1.1 Stack-smashing vulnerability in Contiki-NG MQTT Server allows for Remote Code Execution Command Injection Vulnerability in Foxit PDF ActiveX (CVE-XXXX-XXXX) Unrestricted HTML Execution Vulnerability in GetSimpleCMS 3.3.15 Vulnerability: HTML Uploads Allowed in GetSimpleCMS 3.3.15 Arbitrary PHP Code Execution in Subrion CMS 4.2.1 via .pht or .phar File Arbitrary Code Execution Vulnerability in Codiad 2.8.4 Remote File Upload Vulnerability in ClipperCMS 1.3.3 HTTP HOST Header Injection Vulnerability in IBM Cloud Private 3.1.0 and 3.1.1 NULL Pointer Dereference in libsndfile 1.0.28 Leads to Denial of Service XSS Vulnerability in ShowDoc 2.4.1 via lang Parameter Blind SQL Injection Vulnerability in Bank Account Matching - Receipts Screen SQL Injection in SortBy Parameter in SalesInquiry.php in webERP 4.15 Blind SQL Injection in webERP 4.15 Manufacturing Component Arbitrary Cookie Value Vulnerability in UCMS 1.4.7 Reflected XSS in Oracle Secure Global Desktop Administration Console via helpwindow.jsp Hard-coded Credentials Vulnerability in IBM Security Identity Governance and Intelligence Virtual Appliance ARM Trusted Firmware-A: Information Disclosure Vulnerability Insufficiently Random Generation of Robot Secret Keys in Neato Botvac Connected 2.2.0 Remote Code Execution Vulnerability in Neato Botvac Connected 2.2.0 Insecure Connection Attempt in Tryton 5.x Allows Session Theft Use After Free Vulnerability in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 Command Injection Vulnerability in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 via app.launchURL JavaScript API Remote Code Execution Vulnerability in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 via Specially Crafted PDF Files Stack-based Buffer Overflow in Foxit Reader SDK (ActiveX) 5.4.0.1031 Allows Remote Code Execution via Crafted PDF Files Uninitialized Object Vulnerability in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 Remote Code Execution Vulnerability in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 via Specially Crafted PDF Files Remote Click Hijacking Vulnerability in IBM Security Identity Governance and Intelligence Virtual Appliance Command Injection Vulnerability in Foxit Reader SDK (ActiveX) 5.4.0.1031 Allows Remote Code Execution via Specially Crafted PDF Files Command Injection Vulnerability in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 via Specially Crafted PDF Files Use After Free Vulnerability in TextBox Field Mouse Enter Action in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 Unrestricted File Upload Vulnerability in Kentico CMS before 11.0.45 WP Backup+ Plugin Information Disclosure Vulnerability Arbitrary File Upload Vulnerability in Logicspice FAQ Script 2.9.7 Unauthenticated File Read Vulnerability in PHP Proxy 3.0.3 Buffer Overflow Vulnerability in Adult Filter 1.0 via Crafted Black Domain List File Weak Algorithm Negotiation in IBM Security Identity Governance and Intelligence Virtual Appliance Cross-Site Scripting (XSS) Vulnerability in EmpireCMS 7.5 via admin\db\DoSql.php Arbitrary PHP Code Execution via SQL Injection in EmpireCMS 7.5 Arbitrary PHP Code Execution via Image Upload in Z-BlogPHP Cross-Site Scripting (XSS) Vulnerability in Discuz! X3.4 via admin.php Cross-Site Scripting (XSS) Vulnerability in Maccms through 8.0 via site_keywords Field Clear-text Storage of LDAP Credentials in Portainer SQL Injection in HuCart 5.7.4 via X-Forwarded-For HTTP Header XSS Vulnerability in ArticleCMS: Exploiting /update_personal_infomation Endpoint Cross-Site Scripting (XSS) Vulnerability in IBM Security Identity Governance and Intelligence Virtual Appliance Stack Overflow Vulnerability in Artifex Ghostscript Type Confusion Vulnerability in Artifex Ghostscript 9.26 Type Confusion Vulnerability in Artifex Ghostscript Denial of Service Vulnerability in Artifex Ghostscript Insecure Cookie Handling in IBM Security Identity Governance and Intelligence Virtual Appliance Command Execution Vulnerability in Git on Linux and UNIX Unauthenticated User Enumeration Vulnerability in WP-jobhunt Plugin Unauthenticated Remote Password Reset Vulnerability in WP-jobhunt Plugin Race Condition in v9fs_wstat Function in QEMU Allows for Denial of Service Sensitive Information Disclosure Vulnerability in IBM Security Identity Governance and Intelligence Virtual Appliance Heap-based Buffer Overflow in Gnuplot 5.2.5's df_generate_ascii_array_entry Function Buffer Overflow Vulnerability in Gnuplot 5.2.5's post.trm Buffer Overflow Vulnerability in Gnuplot's cairo.trm Terminal Persistent XSS Vulnerability in GitLab Community and Enterprise Edition Incorrect Access Vulnerability in GitLab Community and Enterprise Edition SSRF Vulnerability in GitLab Prometheus Integration Incorrect Access Control Vulnerability in GitLab Community and Enterprise Edition Denial of Service Vulnerability in The Sleuth Kit (TSK) through 4.6.4 XSS Vulnerability in Simplenia Pages Plugin 2.6.0 for Atlassian Bitbucket Server Remote Code Execution in Vanilla Forums before 2.5.5 and 2.6.x before 2.6.2 via Unserialize in Gdn_Format Class Sensitive Information Disclosure in IBM Security Identity Governance and Intelligence Virtual Appliance Heap-Based Buffer Overflow in FAAD2 2.8.1: excluded_channels() Function in libfaad/syntax.c Stack-based Buffer Overflow in calculate_gain() Function in FAAD2 2.8.1 NULL Pointer Dereference in ifilter_bank() in FAAD2 2.8.1 User Impersonation Vulnerability in Remedy AR System Server Cross-Site Scripting (XSS) Vulnerability in Zurmo 3.2.4 Reports Section XSS Vulnerability in CMSimple 4.7.5 via ?file=config&action=array URI XSS Vulnerability in CMSimple 4.7.5 via SVG File Upload Opportunistic Use of htmlspecialchars() in wg7.php Leads to XSS Vulnerability Cross-Site Scripting (XSS) Vulnerability in IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 SQL Injection Vulnerability in subscriber.php of Webgalamb through 7.0 via Client-IP HTTP Request Header CSRF Vulnerability in Webgalamb 7.0 Allows Unauthorized Password Change Arbitrary Code Execution Vulnerability in Webgalamb 7.0 Exposure of Sensitive Client Data and SQL Injection Exploitation via Predictable Log File Names in Webgalamb Arbitrary Code Execution Vulnerability in Webgalamb 7.0 Unauthenticated Access to Administrator Functionality in Webgalamb through 7.0 Improper Handling of http-equiv=REFRESH Value in KDE Applications Out-of-Bounds Read Vulnerability in sysstat 12.1.1 Remote Command Execution in University of Washington IMAP Toolkit 2007f Stack-based Buffer Over-read Vulnerability in tcpdump 4.9.2 Cross-Site Scripting (XSS) Vulnerability in IBM Jazz Foundation Arbitrary Code Execution Vulnerability in SDCMS 1.6 Arbitrary Code Execution Vulnerability in DriverAgent 2.2015.7.14 Buffer Overflow Vulnerability in DriverAgent 2.2015.7.14 Remote Code Execution Vulnerability in Shenzhen Skyworth DT741 Converged Intelligent Terminal CSRF and XSS Vulnerability in Systrome ISG-600C, ISG-600H, and ISG-800W Devices XSS Vulnerability in i4 Assistant 7.85 via Crafted Machine Name Field in iOS Settings Denial of Service Vulnerability in TP-Link TL-WR886N 7.0 1.1.0 Devices via Crafted DNS Packets Remote Command Execution in HTTL (Hyper-Text Template Language) 1.0.11 via Unsafe XStream Configuration Remote Command Execution in HTTL (Hyper-Text Template Language) 1.0.11 NULL Pointer Dereference Vulnerability in PdfTranslator::setTarget() Function of PoDoFo 0.9.6 Heap-based Buffer Over-read Vulnerability in Exiv2's PngChunk::readRawProfile Remote Command Execution Vulnerability in TP-Link Archer C5 Devices Access Violation in JasPer 2.0.14: Denial of Service Vulnerability Heap-based Buffer Overflow in JasPer's jas_icctxtdesc_input Function Heap-based buffer over-read vulnerability in JasPer NULL Pointer Dereference in JasPer 2.0.14: Denial of Service Vulnerability Heap-Based Buffer Over-read in JasPer 2.0.14: jp2_decode Function Vulnerability CSRF Vulnerability in JEECMS 9.3 Allows Unauthorized News Addition via api/admin/content/save URI CSRF Vulnerability in JEECMS 9.3 Allows Unauthorized User Addition CSRF and XSS Vulnerability in JTBC(PHP) 3.0.1.7 via console/xml/manage.php?type=action&action=edit URI XSS Vulnerability in JTBC(PHP) 3.0.1.7 via console/xml/manage.php?type=action&action=edit content parameter Unrestricted Parameter Sending in EduSec 4.2.6 Allows Brute-Force Attacks on Login SQL Injection Vulnerability in Interspire Email Marketer 6.1.6 via Dynamiccontenttags.php Arbitrary File Upload Vulnerability in Interspire Email Marketer 6.1.6 SQL Injection Vulnerability in Interspire Email Marketer 6.1.6 via Dynamiccontenttags.php SQL Injection Vulnerability in Interspire Email Marketer 6.1.6 via Dynamiccontenttags.php SQL Injection Vulnerability in Interspire Email Marketer 6.1.6 via Dynamiccontenttags.php Cross-Site Scripting (XSS) Vulnerability in Dotcms through 5.0.3 CSRF Vulnerability in tp4a TELEPORT 3.1.0 Allows Unauthorized Password Changes Content Spoofing Vulnerability in Z-BlogPHP 1.5's UploadMng Module Unauthenticated Access Vulnerability in arcms SQL Injection Vulnerability in arcms through 2018-03-19 SQL Injection Vulnerability in CuppaCMS (before 2018-11-12) via reference_id parameter Weak Password Policy in IBM Security Identity Manager 6.0.0 CSRF Vulnerability in BageCMS 3.1.3 Allows Unauthorized User Account Modification CSRF Vulnerability in sikcms 1.1 Allows Unauthorized Administrator Account Addition Arbitrary Code Execution via ZIP Archive in PHPok 4.9.015 Stored XSS Vulnerability in Easy Testimonials Plugin 3.2 for WordPress Buffer Over-read Vulnerability in crop_masked_pixels in dcraw through 9.28 Heap Buffer Over-read Vulnerability in parse_tiff_ifd in dcraw through 9.28 Floating Point Exception Vulnerability in parse_tiff_ifd in dcraw through 9.28 Floating Point Exception Vulnerability in Kodak RAD C Library Authorization Bypass Vulnerability in GitLab CE/EE Sensitive Information Exposure in IBM WebSphere Application Server 9 XSS Vulnerability in GitLab CE/EE Markdown Fields via Unrecognized HTML Tags SSRF Vulnerability in GitLab CE/EE Webhooks Symlink Time-of-Check-to-Time-of-Use Race Condition in GitLab Pages Chroot Environment XSS Vulnerability in GitLab CE/EE Markdown Fields via Mermaid XSS Vulnerability in GitLab CE/EE OAuth Authorization Page Insecure Direct Object Reference Vulnerability in GitLab CE/EE Access Control Issue Allowing Guest Users to Modify or Delete Their Own Comments on Confidential Issues Unauthorized User Access to Confidential Issue Titles and Namespace in Gitlab CE/EE Insecure Object Reference Vulnerability in GitLab EE 11.5 Persistent XSS Vulnerability in GitLab EE Operations Page (Fixed in Version 11.5.1) Email Address Change Notification Vulnerability in GitLab Insecure Object Reference Vulnerability in GitLab EE Allows Guest Users to Manipulate Issue Weight Insecure Direct Object Reference Vulnerability in GitLab EE Allows Unauthorized Publishing of Draft Merge Request Comments Access Token Exposure in GitLab Workhorse Logs Insecure Direct Object Reference Vulnerability in GitLab EE CRLF Injection in Project Mirroring in GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 Authenticated Directory Traversal Vulnerability in Silverpeas 5.15 through 6.0.2 SIGSEGV vulnerability in Cesanta Mongoose 6.13: mg_mqtt_add_session() function Incorrect Access Control in Alarm.com ADC-V522IR 0100b9 Devices Incorrect Access Controls of Security Officer (SO) in PKCS11 R2 Provider of Utimaco CryptoServer HSM: Reverse Ransomware Attack Vulnerability Hard-coded Credentials in IBM Security Identity Manager 7.0.1 Virtual Appliance Unresolved Socket Descriptor Allocation Vulnerability in GNU C Library Insecure Permissions in Corsair Link 4.9.7.35 Service: Potential System Takeover Arbitrary Code Execution Vulnerability in PbootCMS V1.3.1 HTML Injection Vulnerability in Zurmo 3.2.4 Report Section XSS Vulnerability in CMS Made Simple 2.2.8 via Uploaded SVG Document Cross-Site Scripting (XSS) Vulnerability in Statamic 2.10.3 via 'Add new user' Request XSS Vulnerability in Monstra CMS 1.6 via Uploaded SVG Document XSS Vulnerability in Rhymix CMS 1.9.8.1 via SVG Upload SSRF Vulnerability in Rhymix CMS 1.9.8.1 via SVG Upload NULL Pointer Dereference Vulnerability in Exiv2 v0.27-RC2 Local Unprivileged RSA Decryption Plaintext Recovery Vulnerability in Arm Mbed TLS Sensitive Information Disclosure in ShowDoc 2.4.1 via Modified page_id Information Disclosure Vulnerability in IBM Emptoris Contract Management 10.0.0 and 10.1.3.0 Remote Code Execution via File Upload in Westermo DR-250 and DR-260 Routers CSRF Vulnerability in Westermo DR-250 and DR-260 Routers Cross-Site Scripting (XSS) Vulnerability in Westermo DR-250 and DR-260 Routers Arbitrary Code Injection Vulnerability in Rockwell Automation Allen-Bradley PowerMonitor 1000 Unauthenticated User Can Manipulate Administrators in Rockwell Automation Allen-Bradley PowerMonitor 1000 Session Token Invalidation Vulnerability in IBM Security Identity Manager 7.0.1 Virtual Appliance Remote Code Execution in ShowDoc 2.4.1: Unauthorized Editing of User Notes CSRF Vulnerability in ShowDoc 2.4.2 Allows Unauthorized Addition of Team Members Infinite Loop Vulnerability in Wireshark MMSE Dissector Vulnerability: LBMPDM Dissector Crash and Arbitrary Memory Write Vulnerability: Crash in PVFS Dissector due to NULL Pointer Dereference Heap-based Buffer Over-read Vulnerability in Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10 DCOM Dissector Crash Vulnerability in Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10 Buffer Overflow Vulnerability in Wireshark IxVeriWave File Parser ZigBee ZCL Dissector Crash Due to Divide-by-Zero Error in Wireshark 2.6.0 to 2.6.4 ImageNow Server Denial of Service Vulnerability Unauthenticated Reflected XSS in uhttpd in OpenWrt and LEDE Survey Information Exposure Vulnerability in CA Service Desk Manager 14.1 and 17 Privilege Escalation Vulnerability in CA Service Desk Manager 14.1 and 17 Arbitrary Execution of ndspath Binary with Root Privileges Local File Overwrite Vulnerability in Supportutils Arbitrary File Overwrite Vulnerability in supportutils Arbitrary Command Execution Vulnerability in supportutils (CVE-2018-19638) Arbitrary Process Killing Vulnerability in supportutils (CVE-2018-19638) Unauthenticated Remote Code Execution Vulnerability in Micro Focus Solutions Business Manager (SBM) Critical Denial of Service Vulnerability in Micro Focus Solutions Business Manager (SBM) Versions Prior to 11.5 Information Leakage Vulnerability in Micro Focus Solutions Business Manager (SBM) Versions Prior to 11.5 Vulnerability: Reflected Cross-Site Scripting in Micro Focus Solutions Business Manager (SBM) versions prior to 11.5 Authentication Bypass Vulnerability in Solutions Business Manager (SBM) Versions Prior to 11.5 Arbitrary OS Command Execution in Python CGI Scripts in Imperva SecureSphere Privilege Escalation and Command Execution via NETCONF Access Management in ADTRAN PMAA Reflected XSS Vulnerability in InfoVista VistaPortal SE Version 5.1 (build 51029) via ConnPoolName Parameter Stack-based Buffer Overflow in Antiy-AVL ATool Security Management v1.0.0.22 Server Side Request Forgery (SSRF) vulnerability in Interspire Email Marketer through 6.1.6 allows unauthorized access to remote and local resources Cleartext Agent-to-Agent RPC Communication Vulnerability in HashiCorp Consul Username Duplication Vulnerability in Sales & Company Management System (SCMS) Stack-based Buffer Overflow in find_green() Function of dcraw through 9.28 Stored XSS Vulnerability in YXBJ Markdown Editor Authenticated Command-Injection Vulnerability in Moxa NPort W2x50A Products Command-Injection Vulnerability in Moxa NPort W2x50A Products Buffer Over-read Vulnerability in libsndfile 1.0.28: Denial of Service Buffer Over-read Vulnerability in libsndfile 1.0.28: Denial of Service Heap-Based Buffer Over-Read Vulnerability in libjpeg-turbo 2.0.1's put_pixel_rows Function QEMU Bluetooth Subsystem Memory Corruption Vulnerability Directory Traversal Vulnerability in OSSEC Agent on Windows Cross-Site Scripting Vulnerability in IBM Security Identity Manager 6.0.0 IBM Security Identity Manager 7.0.1 Unauthorized Information Disclosure Vulnerability File Upload Vulnerability in IBM Security Identity Manager 6.0.0 Arbitrary PHP Code Execution Vulnerability in tp5cms Cross-Site Scripting (XSS) Vulnerability in tp5cms through 2017-05-25 Reflected XSS Vulnerability in HMS Industrial Networks Netbiter WS100 3.30.5 and Previous Versions Use After Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader XML External Entity Injection (XXE) Vulnerability in IBM Security Identity Manager 7.0.1 Use After Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Heap Overflow Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Session Token Exposure Vulnerability in Adobe Connect 9.8.1 and Earlier Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Untrusted Pointer Dereference Vulnerability in Adobe Acrobat and Reader Out-of-bounds read vulnerability in Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Stored Cross-Site Scripting Vulnerability in Adobe Experience Manager Forms (Versions 6.2, 6.3, and 6.4) Adobe Acrobat and Reader Privilege Escalation Vulnerability Stored Cross-Site Scripting Vulnerability in Adobe Experience Manager Versions 6.0-6.4 Reflected Cross-Site Scripting Vulnerability in Adobe Experience Manager Versions 6.0-6.4 Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Privilege Escalation Vulnerability in IBM API Connect 5.0.0.0 through 5.0.8.4 Privilege Escalation Vulnerability in IBM WebSphere 8.0.0.0 through 9.1.1 via Multiplexed Channels Arbitrary File Read Vulnerability in SDCMS 1.6 Admin Controller XSS Vulnerability in DomainMOD 4.11.01 via Owner Name Field in assets/add/account-owner.php Cross-Site Scripting (XSS) Vulnerability in IBM Rational DOORS Web Access XSS Vulnerability in DomainMOD 4.11.01 via Add Custom Field Action XSS Vulnerability in DomainMOD 4.11.01: Admin SSL Fields Notes Field XSS Vulnerability in DomainMOD 4.11.01 via Registrar Notes Field Directory Traversal Vulnerability in Tarantella Enterprise before 3.11 Bypassing Access Control in Tarantella Enterprise before 3.11 Denial of Service Vulnerability in Netwide Assembler (NASM) 2.14rc16 due to Illegal Address Access in asm/preproc.c Heap-based Buffer Over-read Vulnerability in libsixel 1.8.2 (stb_image.h - stbi__tga_load) NULL Pointer Dereference Vulnerability in libsixel 1.8.2: Denial of Service Heap-Based Buffer Over-Read Vulnerability in libsndfile 1.0.28 Heap-based Buffer Over-read Vulnerability in libsixel 1.8.2: Denial of Service Sensitive Information Disclosure in IBM API Connect 5.0.0.0 through 5.0.8.4 via REST API Memory Leak in cfg_init function in libConfuse 3.2.2 Denial of Service Vulnerability in libsixel 1.8.2: Illegal Address Access in sixel_decode_raw_impl Heap-based Buffer Overflow in libsixel 1.8.2's image_buffer_resize function in fromsixel.c Heap-Based Buffer Over-Read Vulnerability in libsixel 1.8.2: Denial of Service Reflected XSS Vulnerability in InfoVista VistaPortal SE Version 5.1 (build 51029) Reflected XSS Vulnerability in InfoVista VistaPortal SE Version 5.1 (build 51029) via GroupRessourceAdmin.jsp Reflected XSS Vulnerability in InfoVista VistaPortal SE Version 5.1 (build 51029) via PresentSpace.jsp Reflected XSS Vulnerability in InfoVista VistaPortal SE Version 5.1 (build 51029) Reflected XSS Vulnerability in InfoVista VistaPortal SE Version 5.1 (build 51029) via UserProperties.jsp Denial of Service Vulnerability in IBM DB2 for Linux, UNIX and Windows 11.1 Reflected XSS Vulnerability in InfoVista VistaPortal SE Version 5.1 (build 51029) via ConnPoolName Parameter in Users.jsp Reflected XSS Vulnerability in InfoVista VistaPortal SE Version 5.1 (build 51029) via EditCurrentPool.jsp Reflected XSS Vulnerability in InfoVista VistaPortal SE Version 5.1 (build 51029) Reflected Cross Site Scripting in InfoVista VistaPortal SE Version 5.1 (build 51029) via EditCurrentUser.jsp Reflected XSS Vulnerability in InfoVista VistaPortal SE Version 5.1 (build 51029) Reflected Cross Site Scripting in InfoVista VistaPortal SE Version 5.1 (build 51029) via Variables.jsp Infinite Loop Vulnerability in Artifex MuPDF 1.14.0's svg_dev_end_tile Function Buffer Overflow Vulnerability in IBM DB2 for Linux, UNIX and Windows Multiple Cross-Site Scripting (XSS) Vulnerabilities in FreshRSS 1.11.1 via GET Requests Authentication Bypass Vulnerability in Kentix MultiSensor-LAN 5.63.00 and Earlier Versions Weak Cryptography in str_rot_pass Function in PHP-Proxy 5.1.0 Allows for Local File Inclusion Cross-Site Scripting (XSS) Vulnerability in PHP-Proxy through 5.1.0 via URL Field Insecure Logging of Master Key in HashiCorp Vault XSS Vulnerability in lxml.html.clean Module Vulnerability in PolicyKit 0.115 Allows Unauthorized Execution of systemctl Commands Path Disclosure and Potential Remote Code Execution via Scalar Type Hint Vulnerability Open Redirect Vulnerability in Symfony 2.7.x - 4.2.x HTTP Range Header Amplification Vulnerability in LiteSpeed OpenLiteSpeed Buffer Overflow Vulnerability in LiteSpeed OpenLiteSpeed Server Arbitrary Command Execution in jiacrontab 1.4.5 Arbitrary Code Injection via UiV2Public.index in Internet2 Grouper 2.2 and 2.3 Vulnerability: Weak Password Storage in ChipsBank UMPTool Open Redirect Vulnerability in Ninja Forms Plugin for WordPress NULL Pointer Dereference in LibSass 3.5.5: Denial of Service via Crafted Input File Arbitrary PHP File Upload and Remote Command Execution in Fleetco Fleet Maintenance Management (FMM) 1.2 and Earlier Dolibarr ERP/CRM 8.0.3 - Cross-Site Scripting (XSS) in /exports/export.php?datatoexport= Buffer Overflow Vulnerability in IBM DB2 for Linux, UNIX and Windows Buffer Overflow in new_aubio_tempo: Vulnerability in Aubio v0.4.0 to v0.4.8 Vulnerability: NULL Pointer Dereference in Aubio v0.4.0 to v0.4.8 New Aubio Onset Vulnerability: NULL Pointer Dereference in Versions 0.4.0 to 0.4.8 Reflected Cross Site Scripting in InfoVista VistaPortal SE Version 5.1 (build 51029) via /VPortal/mgtconsole/GroupCopy.jsp Reflected Cross Site Scripting in InfoVista VistaPortal SE Version 5.1 (build 51029) via /VPortal/mgtconsole/GroupMove.jsp Reflected XSS Vulnerability in InfoVista VistaPortal SE Version 5.1 (build 51029) Reflected XSS Vulnerability in InfoVista VistaPortal SE Version 5.1 (build 51029) Reflected XSS Vulnerability in InfoVista VistaPortal SE Version 5.1 (build 51029) Reflected XSS Vulnerability in InfoVista VistaPortal SE Version 5.1 (build 51029) Reflected XSS Vulnerability in InfoVista VistaPortal SE Version 5.1 (build 51029) Reflected XSS Vulnerability in InfoVista VistaPortal SE Version 5.1 (build 51029) Reflected XSS Vulnerability in InfoVista VistaPortal SE Version 5.1 (build 51029) Reflected XSS Vulnerability in InfoVista VistaPortal SE Version 5.1 (build 51029) Reflected XSS Vulnerability in InfoVista VistaPortal SE Version 5.1 (build 51029) Cross-Site Scripting (XSS) Vulnerability in IBM Rational Team Concert 5.0 through 6.0.6 Reflected XSS Vulnerability in InfoVista VistaPortal SE Version 5.1 (build 51029) Reflected XSS Vulnerability in InfoVista VistaPortal SE Version 5.1 (build 51029) Reflected XSS Vulnerability in InfoVista VistaPortal SE Version 5.1 (build 51029) Use-after-free vulnerability in Linux kernel ALSA driver through 4.19.6 Denial of Service Vulnerability in LibSass 3.5.5 due to Endless Loop in inspect.cpp Use-After-Free Vulnerability in LibSass 3.5.5 SharedPtr Class XSS Vulnerability in Artica Integria IMS 5.0.83 via search_string Parameter CSRF Vulnerability in Artica Integria IMS 5.0.83 Allows Arbitrary User Deletion Cross-Site Scripting (XSS) Vulnerability in IBM Rational Team Concert 5.0 through 6.0.6 BAFC Smart Contract Vulnerability: Unauthorized Ownership Transfer via UBSexToken() Function Insecure Ownership Transfer Vulnerability in Cryptbond Network (CBN) Smart Contract Owner Manipulation Vulnerability in NETM Smart Contract Implementation Unauthenticated Ownership Transfer Vulnerability in DDQ Token Smart Contract Critical Vulnerability: Unauthenticated Ownership Transfer in BOMBBA (BOMB) Smart Contract Reflected XSS Vulnerability in Metinfo 6.1.3 via admin/column/move.php lang_columnerr4 Parameter Arbitrary HTTP Header Injection in Metinfo 6.1.3 Denial-of-Service Vulnerability in LibSass Prior to 3.5.5 Denial-of-Service Vulnerability in LibSass Prior to 3.5.5 Heap-based Buffer Over-read Vulnerability in LibSass prior to 3.5.5 Cross-Site Scripting (XSS) Vulnerability in IBM Rational Team Concert 5.0 through 6.0.6 Denial-of-Service Vulnerability in WavPackPackInit Function Denial-of-Service Vulnerability in WavPack through 5.1.0 Denial of Service Vulnerability in getToken Function in radare2 Buffer Over-read Vulnerability in radare2 Library XSS Vulnerability in FROG CMS 0.9.5 via admin/?/snippet/add Name Parameter Stored XSS in GetSimple CMS 3.3.12 via admin/edit.php post-menu parameter Cross-Site Scripting (XSS) Vulnerability in YzmCMS 5.2 via admin/content/search.html searinfo Parameter Unused Legacy Driver in IBM Trusteer Rapport/Apex 3.6.1908.22 Allows Buffer Overflow and Kernel Panic (IBM X-Force ID: 154207) Elevation-of-Privilege Vulnerability in hitshop: Unauthorized Administrator Account Creation Incomplete Initialization of Structures in crypto_report_one() in Linux Kernel (CVE-2013-2547 Regression) CSV Injection Vulnerability in UiPath Orchestrator Directory Traversal Vulnerability in GitLab Templates API Uninitialized Pointer Read Vulnerability in VLC Media Player 3.0.4 XXE vulnerability in PrinceXML versions 10 and below allows for SSRF and file-read access Directory Traversal Vulnerability in OpenRefine ZIP Archive Processing Vulnerability: Improper Restriction of LMP Commands Execution Buffer Overflow in MiniShare 1.4.1 and Earlier: Remote Code Execution via Long HTTP HEAD Request Buffer Overflow in MiniShare 1.4.1 and Earlier: Remote Code Execution via Long HTTP POST Request Sensitive Data Logging Vulnerability in 1Password 7.2.3.BETA Remote Code Execution and Denial of Service Vulnerability in NUUO NVRmini2 Network Video Recorder Firmware Virtual Keyboard Keystroke Logging Vulnerability Segmentation Fault Vulnerability in Qt's SVG Image Handling Plain Text Password Disclosure in IBM Spectrum Protect for Enterprise Resource Planning Tracing NULL Pointer Dereference in QGifHandler Causing Segmentation Fault QTgaFile Uncontrolled Resource Consumption Vulnerability Division by Zero Crash in Qt 5.11 due to Malformed PPM Image Buffer Overflow in QBmpHandler via BMP Data Memory Freeing Vulnerability in Cairo 1.16.0 XSS Vulnerability in Adiscon LogAnalyzer Login Button Referer Field Unlimited Login Vulnerability on Teltonika RTU950 R_31.04.89 Devices Unprotected Authentication Functionality Allows for Unlimited Login Attempts on Teltonika RTU9XX Devices Denial of Service Vulnerability in Artifex MuPDF 1.14.0 via Crafted SVG File NULL Pointer Dereference Vulnerability in Artifex MuPDF 1.14.0 Invalid Memory Address Dereference in huffcode Function in FAAC 1.29.9.2 Invalid Memory Address Dereference in huffcode Function in FAAC 1.29.9.2 Invalid Memory Address Dereference in huffcode function leads to Denial of Service in FAAC 1.29.9.2 Invalid Memory Address Dereference in huffcode Function in FAAC 1.29.9.2 Invalid Memory Address Dereference in huffcode Function in FAAC 1.29.9.2 Invalid Memory Address Dereference in huffcode Function in FAAC 1.29.9.2 Cross-Site Scripting (XSS) in DomainMOD 4.11.01 via admin/dw/add-server.php SQL Injection Vulnerability in PbootCMS 1.2.1 via SearchController.php SQL Injection in ThinkCMF X2.2.2 CommentadminController.class.php via check() and delete() functions SQL Injection in ThinkCMF X2.2.2 via edit_post() function in NavController.class.php SQL Injection in ThinkCMF X2.2.2 SlideController.class.php via delete() Function SQL Injection in ThinkCMF X2.2.2 via _listorders() function in AdminbaseController.class.php SQL Injection in ThinkCMF X2.2.2 via ArticleController.class.php edit_post Method Sensitive Configuration Information Disclosure in IBM Cloud App Management V2018.2.0, V2018.4.0, and V2018.4.1 Persistent XSS Vulnerability in No-CMS 1.1.3 via article_title Parameter Persistent XSS vulnerability in No-CMS 1.1.3 via blog/manage_article keyword parameter Persistent XSS Vulnerability in XSLT CMS: Exploiting the create/?action=items.edit&type=Page title field Persistent XSS Vulnerability in XSLT CMS via body Field in create/?action=items.edit&type=Page HTML Injection Vulnerability in razorCMS 3.4.8 via /#/page Keywords Parameter Stored XSS vulnerability in razorCMS 3.4.8 via the /#/page description parameter Server-Side Template Injection Vulnerability in Crafter CMS 3.0.18 Arbitrary Command Execution via Unescaped Filename in MISP STIX Import Information Disclosure Vulnerability in IBM API Connect 5.0.0.0 and 5.0.8.6 Arbitrary Command Execution in FreeSWITCH through 1.8.2 with mod_xml_rpc Enabled XSS Vulnerability in DomainMOD 4.11.01 via registrar-accounts.php XSS Vulnerability in DomainMOD 4.11.01 via assets/add/dns.php Profile Name or Notes Field XSS Vulnerability in DomainMOD 4.11.01 via assets/edit/host.php Reflected Cross-Site Scripting (XSS) Vulnerabilities in Microweber 1.0.8 XSS Vulnerability in CuppaCMS via SVG Document Upload Persistent XSS in Pixelimity 1.0 via admin/portfolio.php data[title] parameter Buffer Overflow Vulnerability in IBM Power 9 Bootloader Firmware XSS Vulnerability in Zoho ManageEngine OpManager 12.3 Persistent Cross-Site Scripting (XSS) in Actiontec C1000A Router's Website Blocking Page CSRF Vulnerability in SCMS Member Email Edit Action Email Address XSS Vulnerability in SCMS SQL Injection Vulnerability in SCMS via member/member_order.php Type Parameter Reflected XSS Vulnerability in Zenitel Norway IP-StationWeb before 4.2.3.9 Stored XSS and Authentication Bypass in Zenitel Norway IP-StationWeb Data Leakage Vulnerability in IBM Spectrum Scale (GPFS) with Local Read Only Cache (LROC) Heap-based Buffer Overflow in BFD Library's bfd_elf32_swap_phdr_in Function Integer Overflow and Infinite Loop Vulnerability in GNU Binutils' BFD Library XSS Vulnerability in Bolt CMS <3.6.2 via Text Input Click Preview Button SolarWinds Serv-U FTP Server 15.1.6.25 Reflected XSS Vulnerability in Web Management Interface NULL Pointer Dereference and Application Crash in PHP imap_mail Function Arbitrary File Deletion Vulnerability in PrinterOn Enterprise 4.1.4 Passcode Bypass Vulnerability in VideoLAN VLC Media Player for iOS NULL Pointer Dereference in Goodix GT9xx Touchscreen Driver SQL Injection Vulnerability in IBM InfoSphere Information Server 11.5 and 11.7 Title: QNAP NAS Vulnerability Allows Unauthorized Access to Cleartext Cookies Title: Cross-Site Scripting (XSS) Vulnerability in Earlier Versions of File Station Critical Cross-Site Scripting Vulnerability Patched in QNAP QTS Versions Cleartext Transmission of Sensitive Information Vulnerability in QTS Devices Arbitrary File Renaming Vulnerability in QNAP Devices Running QTS 4.3.4 to 4.3.6 Improper Certificate Validation Vulnerability in Helpdesk Information Exposure Vulnerability in Earlier Versions of Helpdesk Title: Cross-Site Request Forgery (CSRF) Vulnerability in Earlier Versions of Helpdesk Allows Unintended Actions Execution Remote Command Injection Vulnerability in QNAP QTS Versions Command Injection Vulnerability in QNAP Systems Inc. Music Station Cross-Site Scripting Vulnerability in QNAP Systems Inc. Music Station Remote Code Execution Vulnerability in QNAP Systems Inc. Music Station Remote Code Injection Vulnerability in QNAP QTS Versions Remote Code Injection Vulnerability in QNAP Photo Station Remote Code Injection Vulnerability in QNAP Photo Station Remote Code Injection Vulnerability in QNAP Photo Station Insufficient HTTP Security Headers Vulnerability in QNAP NAS Improper TLS Configuration in IBM WebSphere Application Server Allows Man-in-the-Middle Attacks Local File Overwrite Vulnerability in OnionShare TLB Flush Vulnerability in Xen on AMD x86 Platforms Xen Vulnerability: Unsafe Combination of Small IOMMU Mappings on AMD x86 Platforms Xen 4.11 Vulnerability: HVM Guest OS Denial of Service and Host OS Privilege Escalation Denial of Service Vulnerability in Xen 4.11.x Denial of Service Vulnerability in Xen due to Incorrect Meltdown Mitigation Xen x86 PV Guest OS Denial of Service and Privilege Escalation Vulnerability Denial of Service Vulnerability in Xen on Intel x86 Platforms Local File Disclosure Vulnerability in phpMyAdmin before 4.8.4 CSRF Vulnerabilities in phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 Denial of Service Vulnerability in IBM Business Automation Workflow and Business Process Manager 18.0.0.0-18.0.0.2 XSS Vulnerability in phpMyAdmin Navigation Tree via Crafted Database/Table Name JFrog Artifactory Pro 6.5.9 Incorrect Access Control Vulnerability Uninitialized Data Disclosure Vulnerability in YARA 3.8.1 Arbitrary Memory Read Vulnerability in YARA 3.8.1 Exposure of Environment Information in YARA 3.8.1 Virtual Machine Command Injection Vulnerability in Auerswald COMfort 1200 IP Phone 3.4.4.1-10589 Remote Code Execution Vulnerability in Auerswald COMfort 1200 IP Phone Privilege Escalation Vulnerability in IBM WebSphere MQ 8.0.0.0 through 9.1.1 Denial of Service Vulnerability in Anker Nebula Capsule Pro NBUI_M1_V2.1.9 Devices Insecure Storage of AWS STS Temporary Credentials in Android SharedPreferences Vulnerability: Cleartext Sniffing and Z-Wave Network Key Extraction on KT MC01507L Z-Wave S0 Devices Z-Wave S0 Security Version Denial of Service Vulnerability Arbitrary Read Vulnerability in hso_get_config_data Function RemotePort Parameter Vulnerability in D-Link DIR-818LW Rev.A 2.05.B03 and DIR-822 B1 202KRb06 Devices Command Injection Vulnerability in D-Link DIR-822, DIR-860L, DIR-868L, DIR-880L, and DIR-890L Routers Command Injection Vulnerability in D-Link DIR-868L Rev.B 2.05B02 Devices via /HNAP1/SetClientInfoDemo Unvalidated Input Handling in D-Link DIR-822 QoS Settings Sensitive Version Information Disclosure in IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 Vulnerability: Command Injection in D-Link DIR-822 B1 202KRb06 Devices Unauthorized Modification of Configuration Vulnerability in Jenkins Arbitrary File Read Vulnerability in Jenkins Stapler Web Framework Improper Authorization Vulnerability in Jenkins Allows Unauthorized Cancellation of Queued Builds Improper Authorization Vulnerability in Jenkins Allows Unauthorized Agent Launches and Aborts Cross-Site Scripting Vulnerability in Jenkins BuildTimelineWidget Sensitive Information Exposure in Jenkins Plugin Extraction Date and Time Cross-Site Scripting Vulnerability in Jenkins Stapler Debug Mode Cross Site Scripting (XSS) Vulnerability in October CMS Media Module Local File Inclusion Vulnerability in October CMS (prior to Build 437) Allows Remote Code Execution and Sensitive Information Disclosure Out-of-Array Access Vulnerabilities in FFmpeg MMS Protocol Buffer Overflow Vulnerability in FFmpeg's asf_o Format Demuxer Infinite Loop Vulnerability in FFmpeg PVA Format Demuxer Use-after-free vulnerability in FFmpeg realmedia demuxer allows attacker to read heap memory Out-of-Array Access Vulnerability in FFmpeg MXF Format Demuxer Out-of-Array Read Vulnerability in FFmpeg's ASF_F Format Demuxer Cross Site Scripting (XSS) Vulnerability in Pydio version 8.2.0 and earlier Server-Side Request Forgery (SSRF) vulnerability in Pydio version 8.2.0 and earlier Unvalidated User Input in Pydio AntivirusScanner.php Allows Remote Code Execution Unauthenticated Remote Code Execution in Chamilo LMS version 11.x Arbitrary File Deletion Vulnerability in ONF ONOS Version 1.13.2 and Earlier Cross Site Scripting (XSS) Vulnerability in Gleez CMS 1.3.0 Profile Page Editor Eval Injection (CWE-95) Vulnerability in PEAR HTML_QuickForm 3.2.14 Code Injection Vulnerability in Battle for Wesnoth Project MathJax \unicode{} Macro Cross Site Scripting (XSS) Vulnerability Jenkins TraceTronic ECU-TEST Plugin 2.3 and Earlier: Man-in-the-Middle Vulnerability Server-Side Request Forgery Vulnerability in Jenkins TraceTronic ECU-TEST Plugin 2.3 and Earlier Jenkins SaltStack Plugin Vulnerability: Credential Exposure via Known Credentials ID Jenkins Accurev Plugin 0.7.16 and Earlier: Sensitive Information Exposure Vulnerability Cross-Site Scripting Vulnerability in Jenkins Shelve Project Plugin 1.5 and Earlier Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin: Sensitive Information Exposure Vulnerability Sensitive Information Exposure in Jenkins meliora-testlab Plugin Data Modification Vulnerability in Jenkins Agiletestware Pangolin Connector for TestRail Plugin Jenkins Anchore Container Image Scanner Plugin Vulnerability: Password Exposure Jenkins Inedo ProGet Plugin 0.8 and Earlier: Man-in-the-Middle Vulnerability Jenkins Inedo BuildMaster Plugin: Man-in-the-Middle Vulnerability Jenkins SSH Agent Plugin: Sensitive Information Exposure Vulnerability Jenkins Resource Disposer Plugin 0.11 and Earlier: Data Modification Vulnerability Confused Deputy Vulnerability in Jenkins Publisher Over CIFS Plugin Server-Side Request Forgery Vulnerability in Jenkins Confluence Publisher Plugin 2.0.1 and Earlier Jenkins Kubernetes Plugin 1.10.1 and Earlier: Sensitive Information Exposure Vulnerability Sensitive Information Exposure in Jenkins Tinfoil Security Plugin 1.6.1 and Earlier Jenkins XStream2 Deserialization Remote Code Execution Vulnerability Ephemeral User Record Creation Vulnerability in Jenkins Denial of Service Vulnerability in Jenkins CronTab.java Persistent Login Vulnerability in Jenkins 2.137 and earlier, 2.121.2 and earlier Sensitive Information Exposure Vulnerability in Jenkins Improper Authorization Vulnerability in Jenkins Update Center Bypassing Web Application Firewall in VeryNginx 0.3.3 due to Missing Error Handler Stored Cross-Site Scripting (XSS) Vulnerability in Dolibarr 8.0.2 Reflected Cross-Site Scripting (XSS) Vulnerability in Dolibarr 8.0.2 via transphrase Parameter Arbitrary SQL Command Execution Vulnerability in Dolibarr 8.0.2 Stored Cross-Site Scripting (XSS) Vulnerability in Dolibarr 8.0.2 SQL Injection Vulnerability in Dolibarr 8.0.2: Remote Code Execution via employee Parameter Privilege Escalation via Incorrect Access Controls in SolarWinds Serv-U FTP Server 15.1.6.25 Cross-Site Request Forgery Vulnerability in IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 XXE Vulnerability in Apereo Bedework bw-webdav before 4.0.3 Floating Point Exception Vulnerability in Libav 12.3 Leads to Remote Denial of Service Memory Leak Vulnerability in _bfd_generic_read_minisymbols Function in GNU Binutils 2.31 Stack-based Buffer Overflow in Mini-XML (mxml) 2.12 via mxml_write_node in mxml-file.c Use-after-free vulnerability in Mini-XML (mxml) 2.12 in mxml-search.c Stored XSS Vulnerability in PHPok v5.0.055 via title parameter in api.php?c=post&f=save Improper Access Control in Yeelight Smart AI Speaker 3.3.10_0074 Allows Root Shell Access and Data Exfiltration Vulnerability: Improper Access Control in iBall Baton iB-WRB302N20122017 Devices XSS Vulnerability in DomainMOD 4.11.01 via SSL Provider Name or URL Field Cross-Site Request Forgery Vulnerability in IBM Cram Social Program Management XSS Vulnerability in DomainMOD 4.11.01 via assets/add/ssl-provider-account.php Username Field XSS Vulnerability in DomainMOD 4.11.01 via assets/add/category.php Category Name or Stakeholder Field XSS Vulnerability in PHPCMF 4.1.3 Registration Page UrBackup 2.2.6 Client Application Shutdown Vulnerability UrBackup 2.2.6 Client Application Shutdown Vulnerability CSRF Vulnerability in YzmCMS v5.2 Admin Role Add Page XSS Vulnerability in SEMCMS 3.5 via SEMCMS_Main.php URI SQL Injection Vulnerability in S-CMS V3.0 via S_id Parameter Multiple Heap Out-of-Bound Write Vulnerabilities in LibVNC Heap Out-of-Bound Write Vulnerability in LibVNC: Remote Code Execution Title: LibVNC Infinite Loop Vulnerability Allows Resource Exhaustion Vulnerability Title: Improper Initialization in LibVNC Allows Stack Memory Reading and ASLR Bypass CWE-665: Improper Initialization Vulnerability in LibVNC VNC Repeater Client Code Allows Stack Memory Reading and ASLR Bypass Null Pointer Dereference in LibVNC Client Code Leading to DoS Vulnerability Insufficient Random Value Generation in CODESYS V3 Products Improper Communication Address Filtering in CODESYS V3 Products Code Injection Vulnerability in yaml_parse.load Method of Pylearn2 Incorrect Access Control in Contao 3.x, 4.4.x, and 4.6.x before specified versions Uninitialized Memory Read Vulnerability in DokanFS Library 0.6.0 CPU Resource Exhaustion Vulnerability in libexif version 0.6.21 Preemptive Item Deletion Vulnerability in FlexNet Publisher 11.16.1.0 and Earlier: Remote Denial of Service FlexNet Publisher Denial of Service Vulnerability in lmgrd and Vendor Daemon Components Remote Code Execution Vulnerability in FlexNet Publisher Remote Denial of Service Vulnerability in FlexNet Publisher 11.16.1.0 and Earlier: Disrupting Heartbeat and Shutting Down Vendor Daemon Cross-Site Scripting (XSS) Vulnerability in IBM Jazz Reporting Service (JRS) 6.0 through 6.0.6 Information Disclosure Vulnerability in IBM BigFix Platform 9.2 and 9.5 Denial of Service Vulnerability in Jooan JA-Q1H Wi-Fi Camera Firmware 21.0.0.91 Remote Denial of Service Vulnerability in Jooan JA-Q1H Wi-Fi Camera Firmware 21.0.0.91 Privilege Escalation Vulnerability in Cerner Connectivity Engine (CCE) 4 Devices Command Injection Vulnerability in Cerner Connectivity Engine (CCE) 4 Devices Stack-based Buffer Overflow in D-Link DIR-619L and DIR-605L Devices Arbitrary OS Command Execution in D-Link DIR-619L and DIR-605L Devices Local File Path Traversal Vulnerability in Evernote Attachment Previewing (MACOSNOTE-28634) XXE (XML External Entity) Vulnerability in Pippo 1.11.0's JaxbEngine.java Arbitrary File Upload Vulnerability in IBM Robotic Process Automation with Automation Anywhere 11 Authorization Header Exposure in urllib3 Cross-Origin Redirects SQL Injection Vulnerability in ERPNext 10.x and 11.x through 11.0.3-beta.29 Arbitrary PHP Code Execution Vulnerability in NoneCms V1.3 Unrestricted File Upload Vulnerability in Gurock TestRail 5.6.0.3853 Arbitrary File Write Vulnerability in doorGets 7.0 Unrestricted URI Action Vulnerability in PDFium Heap Corruption Vulnerability in Google Chrome Extensions Confusion of Origin in Google Chrome Navigation Confusion of Page Origin via 304 Status Code Handling in Google Chrome Confusion of Origin in Google Chrome on iOS prior to 71.0.3578.80 Weak Cryptographic Algorithms in IBM API Connect 2018.1 and 2018.4.1.2: A Threat to Sensitive Data Encryption URL Spoofing Vulnerability in Google Chrome Remote Code Execution via Insufficient Origin Checks in Google Chrome Payments Local File Disclosure Vulnerability in Google Chrome Information Disclosure Vulnerability in IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 Information Disclosure Vulnerability in IBM API Connect v2018.1 and 2018.4.1: Unauthorized Access to User Data Bypassing Project Permission Checks in Cloudera Data Science Workbench SQL Injection Vulnerability in Cloudera Data Science Workbench (CDSW) 1.4.0 - 1.4.2: Unauthorized Query Execution Directory Traversal Vulnerability in PTC ThingWorx Platform 8.3.0 Path Traversal Vulnerability in XXL-CONF 1.6.0 Allows Unauthorized File Download Excessive Memory Allocation Vulnerability in Bento4 1.5.1-627 Heap-Based Buffer Over-Read Vulnerability in Exiv2 0.27-RC3 Remote Denial of Service Vulnerability in Exiv2 0.27-RC3 Heap-Based Buffer Over-Read Vulnerability in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3 Remote Denial of Service Vulnerability in Exiv2 0.27-RC3: Infinite Loop in Exiv2::Jp2Image::encodeJp2Header Insecure Data Transfer in August Connect Devices: Exposing Home Wi-Fi Credentials XSS Vulnerability in Import users from CSV with meta Plugin for WordPress Out-of-Bounds Read Vulnerability in HAProxy (CVE-2018-20102) Infinite Recursion and Stack Exhaustion Vulnerability in HAProxy Insecure Logging of Passwords in yast2-rmt of SUSE Linux Enterprise Server 15 and openSUSE Leap Improper Character Escaping in yast2-printer Allows Code Execution as Root Information Disclosure Vulnerability in IBM API Connect 2018.1 through 2018.4.1.5 Unauthenticated Remote OS Command Execution in D-Link DIR-818LW and DIR-860L Devices Stored Cross-Site Scripting (XSS) Vulnerability in Podcast Generator 2.7 via addcategory Parameter Command Injection Vulnerability in FASTGate Fastweb Devices Memory Leak in pvrdma_realize function in QEMU Out-of-Bounds Access Vulnerability in QEMU's RDMA Backend Denial of Service Vulnerability in QEMU's PVRDMA Command Handling Memory Leak Vulnerability in QEMU's pvrdma_cmd.c Arbitrary File Deletion Vulnerability in zzzphp CMS 1.5.8 Arbitrary File Deletion Vulnerability in UsualToolCMS v8.0 Arbitrary PHP Code Execution Vulnerability in DedeCMS V5.7 SP2 Information Disclosure Vulnerability in IBM API Connect 2018.1 through 2018.4.1.5 Privilege Escalation and Sensitive File Disclosure Vulnerability in Code42 App Code Injection Vulnerability in ymlref Arbitrary Hostname Modification Vulnerability in Samsung Galaxy Apps Cross-Site Scripting (XSS) Vulnerability in FUEL CMS 1.4.3 via Layout Variables in new-page creation Cross-Site Scripting (XSS) Vulnerability in FUEL CMS 1.4.3 via Page Data Management Stored XSS in PHP Scripts Mall Entrepreneur B2B Script 3.0.6 via Account Settings Fields Multiple Cross-Site Scripting (XSS) Vulnerabilities in Zenphoto 1.4.14 Reflected Cross-Site Scripting (XSS) Vulnerability in AbanteCart 1.2.12 via sort parameter Incorrect Access Control in GitLab Community and Enterprise Edition 11.x before 11.3.13, 11.4.x before 11.4.11, and 11.5.x before 11.5.4 ACL Bypass Vulnerability in Eclipse Mosquitto 1.5.x before 1.5.5 Privilege Escalation Vulnerability in Liquidware ProfileUnity and FlexApp Metadata Bypass Vulnerability in WordPress PHP Object Injection Vulnerability in WordPress XMLRPC wp.getMediaItem MIME Type Bypass Vulnerability in WordPress Remote Clickjacking Vulnerability in IBM API Connect 2018.1 and 2018.4.1.4 Crafted URLs Triggering XSS in WordPress Plugins User Activation Page Information Disclosure Vulnerability Post Type Bypass Vulnerability in WordPress WordPress Comment XSS Vulnerability Information Disclosure Vulnerability in WP Maintenance Mode Plugin Bypassing Access Restrictions in WP Maintenance Mode Plugin Arbitrary PHP Code Execution Vulnerability in WP Maintenance Mode Plugin for WordPress XML External Entity (XXE) Vulnerability in OpenRefine's Data Import Functionality Remote Code Execution via ZIP Archive Upload in i-doit open 1.11.2 XXE Vulnerability in ZxChat (ZeXtras Chat) in Synacor Zimbra Collaboration Suite Wi-Fi Disconnection Vulnerability in BlinkForHome Sync Module 2.10.4 and Earlier Improper Input Validation in Digi TransPort LR54 4.4.0.26 and Earlier Devices Allows Privilege Escalation Regular Expression Denial of Service (ReDoS) in UA-Parser UAP-Core before 0.6.0 OpenText Portal 7.4.4 Cross-Site Scripting (XSS) Vulnerability File-Upload Vulnerability in Rukovoditel 2.3.1: Mishandling of Extension Checking Remote Code Execution Vulnerability in Terminology before 1.3.1 via Mishandled popmedia Control Sequence gVisor Prior to 2018-08-22: Denial of Service Vulnerability via Reused Pagetable USB Subsystem Size Check Vulnerability OpenStack Keystone User Enumeration Vulnerability XSS Vulnerability in Nagios XI RSS Dashlet XSS Vulnerability in Nagios XI RSS Dashlet SQL Injection Vulnerability in Zoho ManageEngine OpManager 12.3 Out-Of-Bounds Read Vulnerability in rdesktop v1.8.3: Information Leak in ui_clip_handle_data() Integer Signedness Errors in rdesktop v1.8.3: Out-Of-Bounds Read Vulnerability Out-of-Bounds Read Vulnerability in rdesktop v1.8.3: Denial of Service (segfault) Heap-Based Buffer Overflow in rdesktop v1.8.3: Integer Overflow Vulnerability Out-Of-Bounds Read Vulnerability in rdesktop v1.8.3: Denial of Service (segfault) Integer Underflow in rdesktop v1.8.3: Heap-Based Buffer Overflow in lspci_process() with Remote Code Execution Heap-Based Buffer Overflow in rdesktop v1.8.3: Integer Underflow Vulnerability Integer Underflow in rdesktop v1.8.3: Heap-Based Buffer Overflow and Remote Code Execution Buffer Overflow Vulnerability in rdesktop v1.8.3: Remote Code Execution Heap-based Buffer Overflow in WriteTGAImage Function of GraphicsMagick 1.4 Snapshot-20181209 Q8 Heap-based Buffer Over-read in ReadBMPImage Function of GraphicsMagick 1.4 Snapshot-20181209 Q8 Memory Allocation Vulnerability in Bento4 1.5.1-627 Timing Side-Channel Vulnerability in Botan ECC Key Generation CSRF Vulnerability in FUEL CMS 1.4.3 Allows Unauthorized Administrator Account Creation Denial of Service Vulnerability in GraphicsMagick 1.3.31's ReadDIBImage Function XML External Entity Injection (XXE) Vulnerability in IBM Security Identity Manager 6.0.0 Virtual Appliance NULL Pointer Dereference in LibSass 3.5.5: Denial of Service Vulnerability QEMU PVRDMA Driver Null Pointer Dereference Vulnerability Privilege Escalation Vulnerability in Certain Secure Access SA Series SSL VPN Products Stack-based Buffer Underflow in calculate_gain function in FAAD2 2.8.8 NULL Pointer Dereference Vulnerability in FAAD2 2.8.8 Stack-based Buffer Overflow in calculate_gain function in FAAD2 2.8.8 Stack-based Buffer Underflow in calculate_gain function in FAAD2 2.8.8 NULL Pointer Dereference Vulnerability in FAAD2 2.8.8 NULL Pointer Dereference Vulnerability in FAAD2 2.8.8 Bypassing Certificate Pinning in OkHttp 3.x through 3.12.0 Stack-based Buffer Over-read Vulnerability in Espruino 2V00's jsfNameFromString Function Cross-Site Scripting (XSS) Vulnerability in IBM QRadar SIEM 7.2 and 7.3 ExifTool 8.32 DLL Hijacking Vulnerability Cross-Site Scripting (XSS) Vulnerability in bin/statistics in TWiki 6.0.2 via webs parameter Denial of Service Vulnerability in libexcel 0.01 via Long Name in wbook_addworksheet Infinite Loop Vulnerability in QEMU's pvrdma_dev_ring.c KDC Crash Vulnerability via S4U2Self Request Command Injection Vulnerability in Teracue ENC-400 Devices Authentication Bypass Vulnerability in Teracue ENC-400 Devices IBM QRadar SIEM 7.2 and 7.3 Information Disclosure Vulnerability Unauthenticated Access to Sensitive Information on Teracue ENC-400 Devices Remote Code Execution Vulnerability in Deltek Ajera Timesheets 9.10.16 and Prior Critical XXE Vulnerability in Airsonic before 10.1.2: Parsing Exploit Vulnerability: Unintended Installation of Private Packages via --extra-index-url Lack of Role.toString Method Override Allows Unauthorized Super Administrator Addition in THEHIVE PROJECT Cortex Directory Traversal Vulnerability in RDF4J 2.4.2 via ZIP Archive Entry CSRF Vulnerability in Subsonic V6.1.5 Allows SSRF via internetRadioSettings.view streamUrl Directory Traversal Vulnerability in GitLab Community and Enterprise Edition Heap-based Buffer Overflow in PSPP 1.2.0's read_bytes_internal Function CSRF Vulnerability in WordPress Two-Factor-Authentication Plugin Allows 2FA Disabling Cross-Site Scripting (XSS) Vulnerability in Atlassian Jira Labels Widget Gadget XML External Entity (XXE) Vulnerability in Atlassian Universal Plugin Manager Argument Injection Vulnerability in Atlassian Sourcetree for macOS via Mercurial Filenames Argument Injection Vulnerability in Atlassian Sourcetree for Windows via Mercurial Repository Filenames Command Injection Vulnerability in Sourcetree for Windows via URI Handling Authenticated User Can Download Deleted Pages in Atlassian Confluence Server and Data Center Insufficient Session Expiration Vulnerability in Atlassian Crowd Cross-Site Scripting (XSS) Vulnerability in Application Links Insecure Permissions in IBM QRadar SIEM 7.2 and 7.3 Cross-Site Scripting (XSS) Vulnerability in Atlassian Fisheye and Crucible Administrative Linker Functionality Cross-Site Scripting (XSS) Vulnerability in Atlassian Fisheye and Crucible Edit Upload Resource Apache JSPWiki XSS Vulnerability: Session Hijacking Exploit URL Parameter Exposure of Credentials in POST Requests Arbitrary JavaScript Execution Vulnerability in Apache Airflow Improper Exception Handling in LDAP Auth Backend Disables Server Certificate Checking Stack Overflow Vulnerability in Foxit Quick PDF Library Out-of-Bounds Memory Access Vulnerability in Foxit Quick PDF Library Out-of-Bounds Memory Access Vulnerability in Foxit Quick PDF Library Insecure Permissions in IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments WinRAR ACE Format Path Traversal Vulnerability WinRAR ACE Format Path Traversal Vulnerability Out-of-Bounds Write Vulnerability in WinRAR 5.60 and Earlier Versions Out-of-Bounds Write Vulnerability in WinRAR 5.60 and Earlier Versions Directory Listing Vulnerability in IBM Financial Transaction Manager 3.2.1 for Digital Payments IBM Maximo Asset Management 7.6 Authenticated User Phishing Vulnerability XML External Entity (XXE) Vulnerability in S3 Browser before 8.1.5 Buffer Overflow Vulnerability in Bosch Smart Home Cameras Arbitrary PHP Code Execution in Empire CMS 7.5 via ftemp Parameter Coherence User Registration Endpoint Mass Assignment Vulnerability XSS Vulnerability in Steve Pallen Xain 0.6.2 via Order Parameter Directory Traversal Vulnerability in Gogs File Upload Functionality Denial of Service Vulnerability in libexcel 0.01 via Long Argument in wbook_addworksheet Arbitrary Remote Code Execution in D-Link DIR-816 A2 1.10 B05 via Stack-Based Buffer Overflow Stored XSS Vulnerability in Pulse Secure Virtual Traffic Manager Web Administration Interface Sensitive Historical Activity Information Disclosure in Pulse Secure Virtual Traffic Manager 9.9 and 10.4 versions Race Condition Vulnerability in Foxit Reader and PhantomPDF Race Condition Vulnerability in Foxit Reader and PhantomPDF Race Condition Vulnerability in Foxit Reader and PhantomPDF Race Condition Vulnerability in Foxit Reader and PhantomPDF Race Condition Vulnerability in Foxit Reader and PhantomPDF Race Condition Vulnerability in Foxit Reader and PhantomPDF Race Condition Vulnerability in Foxit Reader and PhantomPDF Race Condition Vulnerability in Foxit Reader and PhantomPDF XXE Vulnerability in getXmlDoc Method of BaseWxPayResult.java in weixin-java-tools v3.2.0 Privilege Escalation Vulnerability in Rancher 2 through 2.1.5 Cross-site scripting (XSS) vulnerability in LimeSurvey version 3.15.5 allows for Javascript code execution against LimeSurvey administrators Arbitrary OS Command Execution in MailCleaner Community Edition 2018.08 Arbitrary Command Execution Vulnerability in Danijar Hafner Definitions Package XSS Vulnerability in ChinaMobile PLC Wireless Router GPN2.4P21-C-CN Firmware W2001EN-00 XSS Vulnerability in Chamilo LMS Gradebook Dependencies Tool XSS Vulnerability in Chamilo LMS 1.11.8 Social Groups Tool SQL Injection Vulnerability in Chamilo LMS Version 1.11.8 Integer Overflow and Heap-Based Buffer Overflow in libjpeg-turbo 2.0.1's tjLoadImage Function Kernel Pool Buffer Overflow in Antiy AVL ATool v1.0.0.22: Privilege Escalation and Denial of Service Vulnerability Arbitrary File Reading and Directory Listing Vulnerability in OpenWebif Plugin Unauthenticated Access to USB Device and App Information in ASUSWRT Router Command Injection Vulnerability in ASUSWRT 3.0.0.4.384.20308 via fb_email Parameter Unauthenticated DoS Vulnerability in ASUSWRT 3.0.0.4.384.20308 Stack-based Buffer Overflow in ASUSWRT 3.0.0.4.384.20308: Information Leak Vulnerability Stack-based Buffer Overflow in LibRaw 0.19.1's parse_makernote Function SQL Injection Vulnerability in Zoho ManageEngine OpManager 12.3 (Build 123239) Alarms Section XSS Vulnerability in Zoho ManageEngine OpManager 12.3 Unchecked Buffers in Yubico libu2f-host 1.1.6: Exploiting Buffer Overflow via USB Device Unquoted Service Path Vulnerability in WINMAGIC SecureDoc Disk Encryption Software Root Terminal Vulnerability in Floureon IP Camera SP012 Buffer Overflow Vulnerabilities in Ken Silverman Build Engine 1: Arbitrary Code Execution via Crafted Map File Improper Access Control in StackStorm API Allows Unauthorized Data Retrieval Magellan: Integer Overflow and Buffer Overflow Vulnerability in SQLite FTS3 Extension Denial of Service Vulnerability in libpff_item_tree_create_node in libpff NULL Pointer Dereference in igraph_i_strdiff Function Stored XSS Vulnerability in Evernote (Chinese) Markdown Component (MAC-832) Use-after-free vulnerability in mg_cgi_ev_handler function in Cesanta Mongoose Embedded Web Server Library allows remote code execution Use-after-free vulnerability in mg_http_get_proto_data function in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows for remote code execution Use-after-free vulnerability in Cesanta Mongoose Embedded Web Server Library allows for remote code execution Use-after-free vulnerability in mg_http_free_proto_data_cgi function allows for remote code execution Use-after-free vulnerability in mg_http_free_proto_data_cgi function in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier NULL Pointer Dereference in sbr_process_channel of FAAD2 2.8.8 Invalid Memory Address Dereference in FAAD2 2.8.8: Denial of Service Vulnerability Invalid Memory Address Dereference in FAAD2 2.8.8: Denial of Service Vulnerability Invalid Memory Address Dereference in FAAD2 2.8.8: Denial of Service Vulnerability Invalid Memory Address Dereference in FAAD2 2.8.8: Denial of Service Vulnerability NULL Pointer Dereference in ifilter_bank of FAAD2 2.8.8 NULL Pointer Dereference in LibRaw::raw2image() in libraw_cxx.cpp NULL Pointer Dereference in LibRaw::copy_bayer() in libraw_cxx.cpp Heap-based Buffer Overflow in LibRaw::raw2image() Stored XSS Vulnerability in WSTMart 2.0.8_181212 via consultContent Parameter XSS Vulnerability in Master Slider Plugin for WordPress XSS Vulnerability in Barracuda Message Archiver 2018's ldap_load_entry.cgi Module XSS Vulnerability in SZ NetChat before 7.9 Allows Command Injection Authorization Bypass Vulnerability in PhotoRange Photo Vault 1.2 XSS Vulnerability in TP-Link TD-W8961ND Devices via DHCP Client Hostname XSS Vulnerability in Tenda ADSL Modem Routers 1.0.1 via DHCP Client Hostname Out-of-Bounds Write Vulnerability in Tiny C Compiler 0.9.27 Out-of-Bounds Write Vulnerability in Tiny C Compiler 0.9.27 Out-of-Bounds Write Vulnerability in Tiny C Compiler 0.9.27 Remote Wi-Fi Credential Disclosure in Orange Livebox 00.96.320S Devices Remote Code Execution and Denial of Service Vulnerability in OpenSynergy Blue SDK 3.2-6.0 Cross Protocol Injection Vulnerability in Technicolor DPC3928SL Devices via setSSID Parameter SNMP Credential Discovery Vulnerability in Ambit DDW2600, DDW2602, T60C926, and U10C019 Devices Vulnerability: Unauthorized Credential Discovery in Technicolor DPC2320 Devices via SNMP Requests Remote Credential Discovery Vulnerability in Jiuzhou BCM93383WRG 139.4410mp1.3921132mp1.899.004404.004 Devices via SNMP Requests Vulnerability: Unauthorized Credential Discovery in ARRIS DG950A and DG950S Devices Credential Exposure via SNMP Requests in iNovo Broadband IB-8120-W21 and IB-8120-W21E1 Devices SNMP Credential Discovery Vulnerability in CastleNet Devices Remote Credential Discovery in ARRIS SBG6580-2 D30GW-SEAEAGLE-1.5.2.5-GA-00-NOSH Devices SNMP Credential Disclosure Vulnerability in Bnmux BCW700J, BCW710J, and BCW710J2 Devices Remote Credential Discovery Vulnerability in Comtrend CM-6200un and CM-6300n Devices SNMP Credential Disclosure Vulnerability in D-Link DCM-604 and DCM-704 Devices Information Disclosure Vulnerability in Kaonmedia CG2001 Devices Vulnerability: Credential Discovery in TEKNOTEL CBW700N 81.447.392110.729.024 Devices via SNMP Requests Credential Discovery Vulnerability in S-A WebSTAR DPC2100 v2.0.2r1256-060303 Devices Vulnerability: Credential Discovery via SNMP Requests in Technicolor CGA0111, CWA0101, DPC3928SL, TC7110.AR, TC7110.B, TC7110.D, TC7200.d1I, and TC7200.TH2v2 Devices SNMP Credential Discovery Vulnerability in Thomson DWG849, DWG850-4, DWG855, and TWG870 Devices Remote Credential Discovery in NETWAVE MNG6200 C4835805jrc12FU121413.cpr Devices via SNMP Requests Credential Discovery Vulnerability in NET&SYS MNG2120J and MNG6300 Devices Vulnerability: Credential Discovery in mplus CBC383Z and CBC383Z_mplus_MDr026 Devices via SNMP Requests Credential Discovery Vulnerability in Skyworth CM5100 Series Devices Motorola SBG901, SBG941, and SVG1202 Devices SNMP Credential Discovery Vulnerability Ubee DVW2108 and DVW2110 SNMP Credential Discovery Vulnerability Zoom 5352 v5.5.8.6Y SNMP Credential Discovery Vulnerability Default User Accounts with Weak Passwords in Safe Software FME Server Denial of Service Vulnerability in ETK_E900.sys Driver for VIA Technologies EPIA-E900 System Board Full Path Disclosure Vulnerability in BigTree 4.3 Integer Overflow in _pickle.c in Python before 3.7.1 Memory Leak in AP4_DescriptorFactory::CreateDescriptorFromStream in Bento4 1.5.1-627 Memory Leak in AP4_StdcFileByteStream::Create in Bento4 1.5.1-627 Heap-based Buffer Over-read in AP4_AvccAtom::Create in Bento4 1.5.1-627 Stack-Based Buffer Overflow in WellinTech KingSCADA before 3.7.0.0.1 via Specially Crafted Packet to AlarmServer Service Cross-Site Scripting (XSS) Vulnerability in Craft CMS 3.0.25 via Console Tab CSRF Vulnerability in DouCo DouPHP 1.5 Allows Unauthorized Addition of Administrator Account Directory Traversal Vulnerability in Z_CreateCompanyTemplateFile.php Denial of Service Vulnerability in Go Ethereum (geth) 1.8.19 via Memory Consumption Authentication Bypass Vulnerability in Discuz! DiscuzX 3.4 with WeChat Login Bypassing Disabled Registration Setting in Discuz! DiscuzX 3.4 with WeChat Login Remote Code Execution via WeChat Login in Discuz! DiscuzX 3.4 NULL Pointer Dereference in pushdup function of libming 0.4.8's decompile.c NULL Pointer Dereference in newVar3 Function of libming 0.4.8 NULL Pointer Dereference in getInt Function of libming 0.4.8's decompile.c File NULL Pointer Dereference in strlenext function of libming 0.4.8 NULL Pointer Dereference in getName Function of libming 0.4.8's decompile.c File Out-of-Bounds Read Vulnerability in GNU Libextractor's history_extract() Function NULL Pointer Dereference vulnerability in process_metadata() function in GNU Libextractor through 1.8 Hardcoded Telnet Credentials Vulnerability in D-Link COVR-2600R and COVR-3902 Kit XXE vulnerability in c3p0 0.9.5.2 during initialization Arbitrary OS Command Execution in LibreNMS 1.46 SSRF Vulnerability in Telegram's Secret Chat Feature Arbitrary File Download Vulnerability in FEBS-Shiro Title: Remote Discovery of Wi-Fi Credentials in Technicolor TC7110.AR STD3.38.03 Devices via SNMP Requests Wi-Fi Credential Discovery Vulnerability in Technicolor DPC3928SL Devices Title: Remote Discovery of Wi-Fi Credentials in Technicolor CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC Devices via SNMP Requests Title: Remote Discovery of Wi-Fi Credentials in Technicolor TC7200.TH2v2 SC05.00.22 Devices via SNMP Requests Title: Remote Discovery of Wi-Fi Credentials in Technicolor TC7110.B STC8.62.02 Devices via SNMP Requests Vulnerability: Unauthorized Wi-Fi Credential Discovery in Technicolor TC7200.d1I and TC7200.d1IE-N23E-c7000r5712-170406-HAT Devices Title: Remote Discovery of Wi-Fi Credentials in Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU Devices via SNMP Requests Vulnerability: Unauthorized Wi-Fi Credential Discovery in D-Link DCM-604 and DCM-704 Devices XSS Vulnerability in Frog CMS 0.9.5 via Database Name Field Information Disclosure Vulnerability in hidma_chan_stats Function Double Free Vulnerability in libxls 1.4.0 Allows Denial of Service Heap-based Buffer Over-read Vulnerability in libdoc's process_file Function Memory Management Vulnerability in libxls 1.4.0 Allows for Denial of Service and Possible Impact Heap-based Buffer Over-read in getlong Function of libdoc XSS Vulnerability in 74cms v4.2.111: upload/index.php?c=resume&a=resume_list Stack-based buffer overflow in parseOperand function in radare2 prior to 3.1.1 Stack-based buffer over-read vulnerability in parseOperand function in radare2 prior to 3.1.1 Denial-of-Service Vulnerability in radare2 through 3.1.3 via Assemble Function in asm_arm_cs.c Out-of-Bounds Read Vulnerability in r_bin_dyldcache_extract in radare2 Denial-of-Service Vulnerability in radare2 through 3.1.3: armass_assemble Function Allows Out-of-Bounds Read Stack-based Buffer Overflow in parseOperands function in radare2 prior to 3.1.2 Out-of-Bounds Read Vulnerability in radare2 prior to 3.1.1 Cross-Site Scripting (XSS) Vulnerability in JSmol2WP Plugin 1.07 for WordPress Arbitrary File Read and SSRF Vulnerability in JSmol2WP Plugin 1.07 for WordPress Reflected XSS Vulnerability in CMS Made Simple 2.2.8 admin/myaccount.php Server-side Template Injection in Craft CMS through 3.0.34 allows sensitive information disclosure Denial of Service Vulnerability in ImageMagick's bmp.c CSV Injection Vulnerability in Tyto Sahi Pro's Web Reports Module H2 SQL Injection Vulnerability in Tyto Sahi Pro Directory Traversal Vulnerability in Tyto Sahi Pro Web Reports Module Stored XSS Vulnerability in Tyto Sahi Pro Logs Web Interface Cross-Site Scripting (XSS) Vulnerability in S-CMS 3.0 via admin/demo.php T_id Parameter SQL Injection Vulnerability in S-CMS 3.0 via bank/callback1.php P_no Field Arbitrary File Disclosure in S-CMS 1.0 via admin/download.php DownName Parameter SQL Injection Vulnerability in S-CMS 1.0 via wap_index.php?type=newsinfo S_id Parameter SQL Injection Vulnerability in S-CMS 1.0 via js/pic.php P_id Parameter NULL Pointer Dereference in XRef::getEntry in Poppler 0.72.0 Denial of Service Vulnerability in GNU Tar through 1.30 with --sparse Option Information Disclosure via user.xdg.origin.url and user.xdg.referrer.url Metadata Attributes in GNU Wget XSS Vulnerability in Zoho ManageEngine ADSelfService Plus 5.7 XSS Vulnerability in Zoho ManageEngine ADSelfService Plus 5.7 Cross-Site Scripting (XSS) Vulnerability in MetInfo 6.x through 6.1.3 via /admin/login/login_check.php url_array[] Parameter Arbitrary Code Execution via Firewall Rule Inclusion in Inteno IOPSYS Information Exposure Vulnerability in GitLab Community and Enterprise Edition Incorrect Access Control Vulnerability in GitLab Community and Enterprise Edition Cross-Site Scripting (XSS) Vulnerability in GitLab Community and Enterprise Edition Cross-Site Scripting (XSS) Vulnerability in GitLab Enterprise Edition Incorrect Access Control Vulnerability in GitLab Community and Enterprise Edition Incorrect Access Control Vulnerability in GitLab Community and Enterprise Edition Incorrect Access Control Vulnerability in GitLab Community and Enterprise Edition Information Exposure Vulnerability in GitLab Community and Enterprise Edition Cross-Site Scripting (XSS) Vulnerability in GitLab Community and Enterprise Edition SSRF Vulnerability in GitLab Community and Enterprise Edition Incorrect Access Control Vulnerability in GitLab Community and Enterprise Edition SSRF Vulnerability in GitLab Community and Enterprise Edition Insecure Permissions Issue: Unresettable Runner Registration Token in GitLab Incorrect Access Control Vulnerability in GitLab Community and Enterprise Edition Excessive Memory Allocation Vulnerability in Bento4 1.5.1-627 Cross-Site Scripting (XSS) Vulnerability in Allied Telesis 8100L/8 Devices via edit-ipv4_interface.php Denial of Service Vulnerability in SQLite 3.25.2 Integer Overflow and Buffer Overflow in SQLite FTS3 Merge Operation Incorrect Access Control Vulnerability in GitLab Enterprise Edition SQL Injection Vulnerability in CrashFix 1.0.4 via User[status] Parameter Information Disclosure Vulnerability in Linux Kernel 4.14.90 via print_binder_ref_olocked Function Information Disclosure Vulnerability in Linux Kernel 4.14.90's print_binder_transaction_ilocked Function Sensitive Kernel Address Information Disclosure in ipddp_ioctl Function Privilege Escalation Vulnerability in EPON CPE-WiFi Devices 2.0.4-X000 Arbitrary Resume Access and Modification Vulnerability in 74cms v4.2.111 XSS Vulnerability in MiniCMS V1.10 via mc-admin/post-edit.php Query String Content Provider Injection Vulnerability in Xiaomi Stock Browser on Redmi Android Phones Cross-Site Scripting (XSS) vulnerability in Chat Anywhere extension 2.4.0 for Chrome Directory Traversal Vulnerability in Roxy Fileman 1.4.5 copydir.php, copyfile.php, and fileslist.php Unrestricted File Upload Vulnerability in Roxy Fileman 1.4.5 SSRF Vulnerability in JEECMS 9 via ueditor/getRemoteImage.jspx upfile Parameter XSS Vulnerability in PHP Scripts Mall Website Seller Script 2.0.5 via Profile Field NULL Pointer Dereference Vulnerability in libsolvext.a NULL Pointer Dereference Vulnerability in libsolvext.a Illegal Address Access Vulnerability in libsolv.a Use-After-Free Vulnerability in NASM 2.14rc16: Denial of Service in pp_getline() Heap-Based Buffer Over-Read Vulnerability in libLAS 1.8.1's liblas::SpatialReference::GetGTIF() Function NULL Pointer Dereference Denial of Service Vulnerability in libLAS 1.8.1 Use-After-Free Vulnerability in NASM 2.14rc16's pp_getline Function Denial of Service Vulnerability in libLAS 1.8.1: Segmentation Fault Triggered by Illegal Address Access at liblas::SpatialReference::GetGTIF() Memory Leak in libLAS 1.8.1 at liblas::Open (liblas/liblas.hpp) Heap-based Buffer Overflow in libxsmm_sparse_csc_reader Heap-based Buffer Overflow in libxsmm_sparse_csc_reader Denial of Service Vulnerability in LIBXSMM 1.10: Excessive Memory Allocation in libxsmm_sparse_csc_reader Floating Point Exception in caca/dither.c (libcaca 0.99.beta19) Illegal WRITE Memory Access Vulnerability in libcaca 0.99.beta19 for 4bpp Data Illegal READ Memory Access Vulnerability in libcaca 0.99.beta19 Illegal READ Memory Access Vulnerability in libcaca 0.99.beta19 for 24bpp Data Illegal WRITE Memory Access Vulnerability in libcaca 0.99.beta19 for 1bpp Data Illegal WRITE Memory Access Vulnerability in libcaca 0.99.beta19 Denial of Service Vulnerability in Poppler 0.72.0: Reachable Object::getString Assertion in AnnotRichMedia Class Heap-Based Buffer Over-Read Vulnerability in Tcpreplay before 4.3.1 Heap-Based Buffer Over-Read Vulnerability in Tcpreplay before 4.3.1 Twitter Account Takeover Vulnerability in Design Chemical Social Network Tabs Plugin for WordPress SQL Injection Vulnerability in Booking Calendar Plugin 8.4.3 for WordPress Cross-Site Scripting (XSS) Vulnerability in DouCo DouPHP 1.5 20181221 Cross-Site Scripting (XSS) Vulnerability in DouCo DouPHP 1.5 20181221 via site_name Parameter Cross-Site Scripting (XSS) Vulnerability in DouCo DouPHP 1.5 20181221 via name parameter in admin/product.php?rec=update XSS Vulnerability in DouCo DouPHP 1.5 20181221 via show_name Parameter XSS Vulnerability in DouCo DouPHP 1.5 20181221 via title parameter in admin/article.php?rec=update XSS Vulnerability in DouCo DouPHP 1.5 20181221 via cat_name Parameter XSS Vulnerability in DouCo DouPHP 1.5 20181221 via mobile_name Parameter XSS Vulnerability in DouCo DouPHP 1.5 20181221 via cat_name Parameter XSS Vulnerability in DouCo DouPHP 1.5 20181221 via nav_name Parameter Full Path Disclosure in DouCo DouPHP 1.5 20181221 Installation Page Opportunistic Product Reload Vulnerability in DouCo DouPHP 1.5 20181221 SQL Injection Vulnerability in Ivan Cordoba Generic Content Management System (CMS) Allows Authentication Bypass SQL Injection Vulnerability in Ivan Cordoba Generic Content Management System (CMS) Allows Authentication Bypass Heap-Based Buffer Over-Read in jp2_encode function of JasPer 2.0.14 Arbitrary File Read Vulnerability in DamiCMS 6.0.1 SQL Injection in WUZHI CMS 4.1.0 via index.php?m=promote&f=index&v=search keywords parameter Denial of Service Vulnerability in yaml-cpp (aka LibYaml-C++) 0.6.2 Denial of Service Vulnerability in yaml-cpp (aka LibYaml-C++) 0.6.2 Undocumented URI for Manual Firmware Update in Orange Livebox 00.96.320S Devices CSRF Vulnerability in Orange Livebox 00.96.320S Devices Allows Arbitrary Outbound Telephone Calls CSRF Vulnerability in Orange Livebox 00.96.320S Devices Infinite Loop Vulnerability in NuttX's netlib_parsehttpurl() Function Stack-based Buffer Overflow in Contiki-NG JSON Parsing Function Arbitrary Code Execution Vulnerability in SmartBear ReadyAPI WSDL Import Functionality Cross-Site Request Forgery Vulnerability in GREE+ Android Application (Version 1.4.0.8) PHP League CommonMark Library XSS Vulnerability Denial of Service Vulnerability in JasPer 2.0.14 via jp2 Conversion Arbitrary Data Injection Vulnerability in bitcoind and Bitcoin-Qt (CVE-2018-17144) Incorrect Access Control in Bitcoin Core and Bitcoin Knots allows local users to steal currency by exploiting a loophole in RPC port binding. Buffer Over-read Vulnerability in libotfcc.a in otfcc v0.10.3-alpha XSS Vulnerability in Ivan Cordoba Generic CMS (2018-04-28) via Administrator/add_pictures.php Article ID XSS Vulnerability in Ivan Cordoba Generic CMS (2018-04-28) via Administrator/users.php User ID Heap-based Buffer Over-read Vulnerability in libming v0.4.8's decompileJUMP Function Use-After-Free Vulnerability in Mini-XML (mxml) v2.12 Stack-based Buffer Overflow in Mini-XML (mxml) v2.12's scan_file Function Reflected XSS Vulnerability in hsweb 3.0.4 CSRF Vulnerability in hsweb 3.0.4: Inadequate State Parameter Comparison SSRF Vulnerability in Jspxcms v9.0.0 XSS Vulnerability in UCMS 1.4.7 via dir Parameter in index.php sadmin_fileedit Action CSRF Vulnerability in UCMS 1.4.7: User Addpost Arbitrary PHP Code Execution in UCMS 1.4.7 via sadmin_fileedit Action XSS Vulnerability in UCMS 1.4.7 via sadmin\cedit.php and index.php sadmin_cedit action XSS Vulnerability in UCMS 1.4.7 via description parameter in index.php list_editpost action Full Path Disclosure in Lei Feng TV CMS (LFCMS) 3.8.6 via /install.php?s=/1 URI CSRF Vulnerability in Lei Feng TV CMS (LFCMS) 3.8.6: admin.php?s=/Member/add.html Directory Traversal Vulnerability in Lei Feng TV CMS (LFCMS) 3.8.6 Remote Code Execution in imcat 4.4 via root/run/adm.php and boot/bootskip.php Modification Full Path Disclosure Vulnerability in imcat 4.4 via dev.php?tools-ipaddr&api=Pcoln&uip= URI Remote Information Disclosure Vulnerability in imcat 4.4 Remote Code Execution Vulnerability in imcat 4.4 via root/tools/adbug/binfo.php?phpinfo1 URI Remote Information Disclosure Vulnerability in imcat 4.4 Directory Traversal Vulnerability in imcat 4.4 via root/run/adm.php efile Parameter XSS Vulnerability in imcat 4.4 via Crafted Cookie in root/tools/adbug/binfo.php CSRF Vulnerability in UWA 2.3.11: index.php?g=admin&c=admin&a=add_admin_do CSRF Vulnerability in TEMMOKU T1.09 Beta Allows Unauthorized User Addition Remote Code Execution via public/install/#/step3 URI in CIM 0.9.3 HTTP/2 Protocol Decoder Out-of-Bounds Read Vulnerability in HAProxy 1.8.x and 1.9.x Heap-Based Buffer Overflow in ok_wav_decode_ms_adpcm_data Function Heap-Based Buffer Overflow in ok_csv_decode2 Function Heap-Based Buffer Over-Read Vulnerability in ok-file-formats (CVE-2018-10-16) Local Privilege Escalation through Insecure Permissions in Microvirt MEmu 6.0.6 Memory Leak in JasPer 2.0.14 when Using --output-format jp2 Use-after-free vulnerability in GNU Binutils 2.31.1: Exploiting the error function in elfcomm.c via crafted ELF file Directory Traversal Vulnerability in PHP Scripts Mall Consumer Reviews Script 4.0.3 HTML Injection Vulnerability in PHP Scripts Mall Consumer Reviews Script 4.0.3 Directory Traversal Vulnerability in PHP Scripts Mall Charity Foundation Script Directory Traversal Vulnerability in PHP Scripts Mall Charity Donation Script Directory Traversal Vulnerability in PHP Scripts Mall Advance Crowdfunding Script 2.0.3 Full Path Disclosure in PHP Scripts Mall Website Seller Script 2.0.5 via Arbitrary Image URL Request Stored Cross-Site Scripting (XSS) in PHP Scripts Mall Advance B2B Script 2.1.4 via FIRST NAME or LAST NAME field Cross-Site Request Forgery (CSRF) Vulnerability in PHP Scripts Mall Advance B2B Script 2.1.4 Remote Denial of Service Vulnerability in PHP Scripts Mall Advance B2B Script 2.1.4 Directory Traversal Vulnerability in PHP Scripts Mall Advance B2B Script 2.1.4 HTML Injection Vulnerability in PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 Denial of Service Vulnerability in PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 Directory Traversal Vulnerability in PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 HTML Injection Vulnerability in PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 via Search Bar Stored Cross-Site Scripting (XSS) Vulnerability in PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 Cross-Site Request Forgery (CSRF) Vulnerability in PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 Denial of Service Vulnerability in PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 Directory Traversal Vulnerability in PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 Cross-Site Request Forgery (CSRF) Vulnerability in PHP Scripts Mall Basic B2B Script 2.0.9 HTML Injection Vulnerability in PHP Scripts Mall Basic B2B Script 2.0.9 Directory Traversal Vulnerability in PHP Scripts Mall Basic B2B Script 2.0.9 Directory Traversal Vulnerability in PHP Scripts Mall Car Rental Script 2.0.8 Cross-Site Request Forgery (CSRF) Vulnerability in PHP Scripts Mall Car Rental Script 2.0.8 Denial of Service Vulnerability in Poppler 0.72.0 due to Object::dictLookup Assertion NULL Pointer Dereference Vulnerability in GNU Binutils 2.31.1 Excessive Memory Allocation Vulnerability in tinyexr v0.9.5 Stack-based overflow vulnerability in WhatsApp for iOS prior to v2.18.90.24 and WhatsApp Business for iOS prior to v2.18.90.24 Memory Leak Vulnerability in demangle_template Function of GNU libiberty Denial of Service Vulnerability in Core FTP 2.0 Build 653 Excessive Memory Allocation Vulnerability in Bento4 1.5.1-627 Denial-of-Service Vulnerability in Poppler 0.72.0 PDFDoc::setup Persistent XSS Vulnerability in CUBA Platform's Reporting Addon XXE Vulnerability in Zoho ManageEngine ADSelfService Plus 5.x before build 5701 via Uploaded Product License Privilege Escalation Vulnerability in i915_gem_execbuffer2_ioctl Integer Overflow Vulnerability in load_specific_debug_section in GNU Binutils Integer Overflow Vulnerability in demangle_template Function in GNU libiberty Authenticated Remote Command Execution in D-Link DIR-822, DIR-822-US, DIR-850L, and DIR-880L Devices Authentication Bypass Vulnerability in D-Link DIR-822, DIR-822-US, DIR-850L, and DIR-880L Devices XSS Vulnerability in Bootstrap Tooltip's data-viewport Attribute XSS Vulnerability in Bootstrap Affix Configuration Target Property SQL Injection Vulnerability in LibreNMS 1.47: Exploitable via html/ajax_table.php sort[hostname] Parameter Out of Bounds Read Vulnerability in BusyBox DHCP Components XSS Vulnerability in Frog CMS 0.9.5 Admin Page Edit Body Field Vulnerability in mate-screensaver: Unauthorized Access and Application Control via External Output Devices Stored XSS in Fork CMS 5.0.6 via Facebook Admin IDs input Command Injection Vulnerability in Gitolite before 3.6.11 Arbitrary File Overwrite Vulnerability in WinSCP's SCP Implementation OpenSSH 7.9 Vulnerability: Bypassing Access Restrictions via . or Empty Filename in scp.c XML External Entity (XXE) Vulnerability in Raritan CommandCenter Secure Gateway Allows Arbitrary File Read and SSRF Attacks URL Injection Vulnerability in floragunn Search Guard Plugin for Kibana Denial of Service Vulnerability in Docker Engine 18.09 Reflected XSS Vulnerability in CubeCart 6.2.2 via /{ADMIN-FILE}/ Query String Heap-based Buffer Over-read Vulnerability in GNU libiberty SQL Injection Vulnerability in Shopware (SW-21404) File Deletion Vulnerability in Automattic WooCommerce Plugin Allows Privilege Escalation SQL Injection Vulnerability in OXID eSales 4.10.6 DB Abstraction Layer SQL Injection in CubeCart I forgot my Password! feature Remote Code Execution Vulnerability in PrestaShop Orders Section PHP Object Injection Vulnerability in Pydio before 8.2.2 SQL Injection Vulnerability in Tiki User Task Component Denial of Service Vulnerability in ABB Relion 630 Devices Out-of-Bounds Read Vulnerability in uriparser before 0.9.1 Cross-Site Scripting (XSS) Vulnerability in Cacti color_templates.php Cross-Site Scripting (XSS) Vulnerability in Cacti pollers.php Cross-Site Scripting (XSS) Vulnerability in Cacti graph_templates.php Cross-Site Scripting (XSS) Vulnerability in Cacti's host.php Command Injection Vulnerabilities in NeDi 1.7Cp3: Remote Code Execution CSRF Vulnerability in NeDi Allows Privilege Escalation via User-Management.php Reflected XSS Vulnerability in NeDi 1.7Cp3 via mh.php SQL Injection Vulnerability in NeDi 1.7Cp3's query.php Component Stored XSS Vulnerability in NeDi User-Chat.php Arbitrary Code Execution via Java Deserialization in SAS Web Infrastructure Platform XXE Vulnerability in BI Web Services in SAS Web Infrastructure Platform Privilege Escalation and Lateral Movement Vulnerability in BMC PATROL Agent DOM-based XSS in WSO2 API Manager Store Reflected XSS Vulnerability in WSO2 API Manager's Carbon Component Unbounded Memory Allocation Vulnerability in UC Berkeley RISE Opaque Denial of Service Vulnerability in Mumble 1.2.19 CORS Misconfiguration Vulnerability in Olivier Poitrey Go CORS Handler Arbitrary Origin Header Reflection Vulnerability in Yii 2.x through 2.0.15.1 Heap Out-of-Bounds Write Vulnerabilities in LibVNC (CVE-2018-20019 Incomplete Fix) Incomplete Fix for Heap Out-of-Bounds Write Vulnerability in LibVNC (CVE-2018-15127) Incomplete Fix for Heap Out-of-Bounds Write Vulnerability in LibVNC (CVE-2018-15127) NULL Pointer Dereference in crop_page function of PoDoFo 0.9.6 CSV Injection in Recon-ng before 4.9.5 allows Remote Code Execution Kaseya VSA RMM Remote Code Execution Vulnerability Cross-Site Scripting (XSS) Vulnerability in MODX Revolution User Photo Field Cross-Site Scripting (XSS) Vulnerability in MODX Revolution through v2.7.0-pl Cross-Site Scripting (XSS) in MODX Revolution through v2.7.0-pl via Extended User Fields Cross-Site Scripting (XSS) in MODX Revolution User Settings Out-of-Bounds Write Vulnerability in GPAC 0.7.1 and Earlier Buffer Overflow Vulnerability in GPAC Version 0.7.1 and Earlier Buffer Overflow Vulnerability in GPAC Version 0.7.1 and Earlier Out-of-Bounds Write Vulnerability in GPAC 0.7.1 and Earlier Buffer Overflow Vulnerability in HelpSystems tcpcrypt on Linux for BoKS Encrypted Telnet Authenticated Remote Command Execution Vulnerability on Xerox WorkCentre Devices Remote Code Execution Vulnerability on Xerox WorkCentre Devices Local File Inclusion Vulnerability on Xerox WorkCentre Devices Blind SQL Injection Vulnerability in Xerox WorkCentre Devices Unauthenticated Remote Command Execution Vulnerability on Xerox WorkCentre Devices Remote Code Execution in Frog CMS 0.9.5 via admin/?/layout/edit/1 URI Remote Code Execution Vulnerability in Frog CMS 0.9.5 via admin/?/page/edit/1 XSS Vulnerability in Frog CMS 0.9.5 via admin/?/layout/edit/1 Body Field Remote Code Execution in Frog CMS 0.9.5 via admin/?/plugin/file_manager Vulnerability Directory Listing Vulnerability in Frog CMS 0.9.5 XSS Vulnerability in Frog CMS 0.9.5 via admin/?/snippet/edit/1 Body Field Cross-Site Scripting (XSS) Vulnerability in Frog CMS 0.9.5 via admin/?/plugin/file_manager SQL Injection Vulnerability in Traq 3.7.1 via tickets?search= URI CSRF Vulnerability in Traq 3.7.1 Allows Creation of Admin Account Exposure of User Password in GNOME Keyring IPN Message Mishandling Vulnerability in GloBee Plugin for WooCommerce Buffer Over-read Vulnerability in PHAR Reading Functions Denial of Service Vulnerability in Linux Kernel's Fair Scheduler Vulnerability: Secure Boot Bypass and Memory Extraction on Neato Botvac Connected 2.2.0 Devices Out-of-Memory Denial of Service Vulnerability in libvterm Integer Overflow and OOPS Vulnerability in ft5x46 Touchscreen Driver on Xiaomi MIX 3 Integer Overflow Vulnerability in LED Driver on Xiaomi Redmi 6pro Arbitrary Directory Deletion Vulnerability in tecrail Responsive FileManager 9.13.4 Arbitrary File Deletion Vulnerability in tecrail Responsive FileManager 9.13.4 XSS Vulnerability in tecrail Responsive FileManager 9.13.4 via Media File Upload Arbitrary File Read Vulnerability in tecrail Responsive FileManager 9.13.4 Arbitrary File Write Vulnerability in tecrail Responsive FileManager 9.13.4 Arbitrary Image File Write Vulnerability in tecrail Responsive FileManager 9.13.4 Arbitrary File Read Vulnerability in tecrail Responsive FileManager 9.13.4 Uncontrolled Recursion Vulnerability in GNU C Library (glibc) through 2.29 Excessive Memory Allocation Vulnerability in PoDoFo 0.9.6 Incompatible Block Durations in pfSense 2.4.4_1 and sshguard Vulnerability Inconsistent Blocking of Source IP Addresses in pfSense 2.4.4_1 for Failed Authentication Data Loss Vulnerability in Open Ticket Request System (OTRS) 5.0.31 and 6.0.13 Regular Expression Denial of Service (ReDoS) in Highcharts JS SVGRenderer Component Compound Index Denial of Service Vulnerability in MongoDB Server Denial of Service Vulnerability in MongoDB Server Versions Prior to 4.0.5, 3.6.10, and 3.4.19 Denial of Service Vulnerability in MongoDB Server Versions 3.6 and 4.0 MongoDB Server Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerability in Phamm 0.6.8 Login Page Cross-Site Scripting (XSS) Vulnerability in Pulse Secure Pulse Connect Secure (PCS) 8.1.x before 8.1R12, 8.2.x before 8.2R9, and 8.3.x before 8.3R3 Improper Header Sanitization in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R3 (XSS Vulnerability) Denial of Service Vulnerability in Pulse Secure Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) Insecure Session Data Encryption in Pulse Secure Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) Hidden RPC Service Vulnerability in Pulse Secure Pulse Connect Secure 8.3RX and 8.1RX IPv6 DNS Traffic Leakage Vulnerability Input Validation Issue in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R2: login_meeting.cgi Vulnerability Cross-Site Scripting (XSS) Vulnerability in Pulse Secure Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) Buffer Overflow Risk in QEMU 3.1.0's load_device_tree Function XSS and CSRF Vulnerability in SalesAgility SuiteCRM Allows Session Hijacking Remote Code Execution Vulnerability in Activision Infinity Ward Call of Duty Games Buffer Overflow Vulnerability in OpenPLC Controller: Potential Runtime Crash and Unspecified Impact Heap-based Buffer Overflow in Dropbox Lepton 1.2.1 JPEG Decompression Component Integer Overflow Vulnerability in read_ujpg Function of Dropbox Lepton 1.2.1 Denial-of-Service Vulnerability in LibSass Parsing Component Denial-of-Service Vulnerability in LibSass 3.5.4 Xiaomi Mi 5s Gyroscope Vulnerability: MEMS Ultrasound Attack Cross-Site Scripting (XSS) Vulnerability in Jira WallboardServlet Unauthenticated Remote Attackers Can Set Reporter in Jira Issues via Missing Authorization Check Cross-Site Scripting (XSS) Vulnerability in Jira Activity Stream Gadget Arbitrary File Overwrite Vulnerability in node-tar Arbitrary File Overwrite Vulnerability in tar-fs before 1.16.2 Race Condition Leading to Use-After-Free in sas_expander.c XSS Vulnerability in Typesetter 5.1: index.php/Admin/Menu/Ajax?cmd=AddHidden Stored XSS vulnerability in ampforwp_save_steps_data in AMP for WP plugin (<=0.9.97.21) for WordPress. Cleartext Password Vulnerability in systemd 242 Unhandled Exception Vulnerability in Google Sign-In with Google API C++ Client Remote Command Execution Vulnerability in HooToo TripMate Titan HT-TM05 and HT-05 Routers Denial-of-Service Vulnerability in libexpat XML Parser Division-by-zero vulnerabilities in pi_next_pcrl, pi_next_cprl, and pi_next_rpcl functions in OpenJPEG through 2.3.0: Remote Denial of Service Denial of Service Vulnerability in OpenJPEG through 2.3.0 Integer Overflow in opj_get_encoding_parameters in OpenJPEG through 2.3.0 CSRF and XSS Vulnerability in Advisto PEEL SHOPPING 9.0.0 Arastta eCommerce 1.6.2 XSS Vulnerability in Login URI via PATH_INFO Self-XSS vulnerability in Stormshield Network Security's Command Line Interface (CLI) Agent Privilege Escalation in Helpy before 2.2.0 Improper Validation of Domain in Python Cookiejar Library MailPoet Newsletters Plugin Vulnerable to SPAM Attacks Off-by-one Error in Linux Kernel's Ocelot SerDes PHY Driver Leads to Out-of-bounds Read Stack Memory Leak in mlx5_ib_create_qp_resp in Linux Kernel Use-after-free vulnerability in Linux kernel before 4.18.7 XML Comment Attack in Zendesk Samlr Plugin Allows User Enumeration Pre-2018 Recommender Vulnerability: Cross-Site Scripting (XSS) Exploit Cross-Site Scripting (XSS) Vulnerability in edx-platform before 2018-07-18 via Chemical Equation Advanced Problem Response Crash Vulnerability in libopenmpt with Malformed MED Files Crash Vulnerability in libopenmpt before 0.3.11 with Malformed Custom Tunings in MPTM Files Insecure Password Changes in cPanel (SEC-366) Arbitrary Code Execution via Mailing-List Attachments in cPanel (SEC-452) Persistent Virtual FTP Accounts Vulnerability in cPanel (SEC-454) Self XSS vulnerability in cPanel's WHM Additional Backup Destination field (SEC-459) Stored XSS Vulnerability in cPanel's Reset a DNS Zone Feature (SEC-461) Open Redirect Vulnerability in cPanel before 76.0.8 (SEC-462) Stored XSS Vulnerability in cPanel's WHM MultiPHP Manager Interface (SEC-464) Arbitrary Code Execution Vulnerability in cPanel (SEC-465) Debug Logging Enabled in cPanel WebDAV Transport Feature (SEC-467) Weak File Permissions in Univa Grid Engine Docker Jobs with root_squash Spooling (GE-6890) CSRF Vulnerability in DrayTek Routers Allows Unauthorized DNS and DHCP Settings Modification Local Privilege Escalation Vulnerability in cPanel (SEC-409) Self XSS vulnerability in cPanel's WHM Create a New Account interface (SEC-428) Self XSS vulnerability in cPanel's WHM Security Questions interface (SEC-433) Self XSS vulnerability in cPanel Site Software Moderation interface (SEC-434) Self XSS vulnerability in cPanel's WHM Style Upload interface (SEC-437) Stored XSS Vulnerability in cPanel WHM File and Directory Restoration Interface (SEC-441) Arbitrary Code Execution Vulnerability in cPanel (SEC-444) Account Suspension Vulnerability in cPanel (SEC-445) Self-stored XSS vulnerability in cPanel before 74.0.8 on Security Questions login page (SEC-446) Arbitrary File-Write Vulnerability in cPanel (SEC-447) FTP Access Vulnerability in cPanel before 74.0.8 (SEC-449) Stored XSS Vulnerability in cPanel WHM File Restoration Interface (SEC-367) Apache HTTP Server Configuration Injection in cPanel (SEC-416) Insecure Storage of phpMyAdmin Session Files in cPanel (SEC-418) SQL Injection Vulnerability in cPanel Database Backups (SEC-420) Root Account File Modification Vulnerability in cPanel (SEC-424) File-read vulnerability in cPanel before 74.0.0 via password file caching (SEC-425) Arbitrary Zone File Modifications Vulnerability in cPanel (SEC-426) Arbitrary File-Read Vulnerability in cPanel File Restoration (SEC-436) Arbitrary Zone File Modifications in cPanel (SEC-439) Insecure File-Rename Operations in cPanel (SEC-442) Local User Access to Web-site Contents via Git Repositories in cPanel (SEC-443) API Tokens Retain Access Control Lists (ACLs) After Removal from Corresponding Accounts (SEC-393) Code Injection Vulnerability in cPanel WHM cPAddons Interface (SEC-394) Arbitrary File-Unlink Vulnerability in cPanel's cPAddons Moderation System (SEC-395) Email Injection Vulnerability in cPanel's cPAddons Moderation (SEC-396) Stored XSS Vulnerability in cPanel WHM cPAddons Installation Interface (SEC-398) Stored XSS Vulnerability in cPanel YUM Autorepair Functionality (SEC-399) Remote-Stored XSS Vulnerability in cPanel WHM Save Theme Interface (SEC-400) ClamAV Installation Vulnerability Allows Unauthorized Access to Root's Crontab File (SEC-408) Self XSS vulnerability in cPanel's WHM Backup Configuration interface (SEC-421) Bypassing Cron Feature Restriction in cPanel (SEC-427) Bypassing Backup Feature Restriction in cPanel (SEC-429) Bypassing Images Feature Restriction in cPanel (SEC-430) Unrestricted Mime::list_hotlinks API Access in cPanel (SEC-432) Arbitrary File-Read Vulnerability in cPanel (SEC-435) Arbitrary File-Chmod Vulnerability in cPanel Legacy Incremental Backups (SEC-338) Self XSS vulnerability in cPanel's WHM cPAddons showsecurity Interface (SEC-357) Code Execution Vulnerability in cPanel (SEC-359) Vulnerability: Code Execution in cPanel Demo Accounts via Awstats (SEC-362) Root Accesshash Disclosure in cPanel before 70.0.23 via WHM /cgi/trustclustermaster.cgi (SEC-364) OpenID Injection Vulnerability in cPanel (SEC-368) Stored XSS Vulnerability in cPanel's WHM Edit DNS Zone Action (SEC-369) Stored XSS Vulnerability in cPanel's WHM Edit MX Entry (SEC-370) cPanel Vulnerability: Unauthorized Disabling of Solr (SEC-371) Stored XSS Vulnerability in cPanel WHM DNS Cluster (SEC-372) Stored XSS Vulnerability in cPanel's WHM Create Account Action (SEC-373) Stored XSS Vulnerability in cPanel's WHM Edit DNS Zone Action (SEC-374) Stored XSS Vulnerability in cPanel's Delete a DNS Zone Action (SEC-375) Stored XSS Vulnerability in cPanel's WHM DNS Cleanup Action (SEC-376) Stored XSS Vulnerability in cPanel's WHM Synchronize DNS Records Action (SEC-377) Arbitrary File Read and Unlink Vulnerability in cPanel (SEC-378) Local Privilege Escalation in cPanel via WHM Legacy Language File Upload Interface (SEC-379) Local Privilege Escalation in cPanel via WHM Locale XML Upload Interface (SEC-380) Jailshell Escape Vulnerability in cPanel (SEC-382) Stored XSS Vulnerability in cPanel's cpaddons Vendor Interface (SEC-391) Open Redirect Vulnerability in cPanel (SEC-392) Htaccess Restrictions Bypass in cPanel (SEC-401) cPanel Landing Page Code Execution Vulnerability Apache HTTP Server Log Exposure Vulnerability in cPanel (SEC-406) Stored XSS Vulnerability in cPanel's WHM Edit DNS Zone Action (SEC-410) Unowned Account Suspension Vulnerability in cPanel (SEC-411) Stored XSS Vulnerability in cPanel via WHM Reset a DNS Zone Action (SEC-412) SRS Secret Disclosure Vulnerability in cPanel (SEC-308) Insecure Database and Dbuser Renaming in cPanel (SEC-321) Insecure Ownership Enforcement in cPanel API Calls (SEC-324) Directory Traversal Vulnerability in cPanel (SEC-339) cPanel Backup Enablement Vulnerability (SEC-342) Arbitrary File-Read Vulnerability in cPanel (SEC-349) cPanel Vulnerability: Unauthorized Access to Root's Crontab File (SEC-351) cPanel Pre-68.0.27 Vulnerability: Unauthorized Access to Root's Crontab File (SEC-352) cPanel before 68.0.27 Vulnerability: Unauthorized Access to httpd.conf during Syntax Test (SEC-353) Insecure File Operations Vulnerability in bin/csvprocess in cPanel before 68.0.27 (SEC-354) World-readable archive vulnerability in cPanel before 68.0.27 (SEC-355) Insecure File Write Vulnerability in cPanel (SEC-356) Self XSS vulnerability in cPanel Backup Restoration (SEC-383) Self XSS vulnerability in cPanel's WHM Apache Configuration Include Editor (SEC-385) Self-stored XSS Vulnerability in cPanel WHM Account Transfer (SEC-386) Self XSS vulnerability in cPanel's WHM Spamd Startup Config (SEC-387) World-readable file vulnerability in cPanel before 68.0.27 via WHM Apache Includes Editor (SEC-388) Self XSS vulnerability in cPanel's WHM listips interface (SEC-389) Insecure Encryption Handling in Mailpile: Allowing Disabled, Revoked, and Expired Keys Swann SWWHD-INTCAM-HD Devices: FTP Access as Root via Twipc Root Password Vulnerability Security Vulnerability: Swann SWWHD-INTCAM-HD Devices Log PSK After Factory Reset Replay Attack Vulnerability in Tapplock Bluetooth Low Energy (BLE) Subsystem Tapplock Vulnerability: MAC Address-based Key Derivation in Bluetooth Low Energy (BLE) Subsystem Jura E8 Bluetooth Vulnerability: Unsecured Connection Exposes Devices to Attacks Bluetooth Security Vulnerability Found in Nespresso Prodigio Devices Double Free Vulnerability in Linux Kernel's f_midi_set_alt Function XSS Vulnerability in Backpack\CRUD Backpack Component for Laravel XSS Vulnerability in WordPress Contact Form to Email Plugin (<=1.2.66) CSRF Vulnerability in Contact-Form-to-Email Plugin for WordPress XSS Vulnerability in Ultimate Member Plugin for WordPress (Version < 2.0.4) XSS Vulnerability in WooCommerce-Jetpack Plugin's Products Per Page Feature CSRF Vulnerability in wp-ultimate-csv-importer Plugin for WordPress CSRF Vulnerability in wp-ultimate-exporter Plugin for WordPress Unrestricted Command Execution in GNU Patch through 2.7.6 Multiple XSS Vulnerabilities in pdf-print Plugin for WordPress CSRF Vulnerability in Church-Admin Plugin for WordPress Allows Unauthorized Bible Reading Plan Upload CSRF Vulnerability in Companion Auto Update Plugin for WordPress Local File Inclusion Vulnerability in Companion Auto Update Plugin for WordPress CSRF Vulnerability in js-jobs Plugin for WordPress XSS Vulnerability in Fat Free CRM Tags Helper Use After Free Vulnerability in XFS File System Initialization XSS Vulnerability in all-in-one-schemaorg-rich-snippets Plugin for WordPress XSS Vulnerability in wp-all-import Plugin for WordPress (Version < 3.4.7) Privilege Escalation Vulnerability in Contact Form 7 Plugin for WordPress Parameter Tampering Vulnerability in Ninja Forms Plugin for WordPress Insufficient Restrictions on Submission-Data Retrieval in Ninja Forms Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in Media Library Assistant Plugin for WordPress XSS Vulnerability in wp-retina-2x Plugin for WordPress (<=5.2.3) Patreon-Connect Plugin for WordPress: Object Injection Vulnerability Local File Inclusion Vulnerability in wp-payeezy-pay Plugin for WordPress XSS Vulnerability in Advanced Custom Fields Plugin for WordPress PHP Object Injection Vulnerability in Newsletters-Lite Plugin for WordPress Eval Injection Vulnerability in wpgform Plugin for WordPress Integer Underflow and Panic Vulnerability in untrusted crate (Rust) Arbitrary File Overwrite Vulnerability in Rust Tar Crate Double Free Vulnerability in smallvec Crate Uninitialized Memory Exposure in Claxon Crate Uncontrolled Recursion Vulnerability in yaml-rust Crate Infinite Recursion Vulnerability in trust-dns-proto Crate Memory Corruption Vulnerability in slice-deque Crate: Mishandling of Deque Updates in move_head_unchecked Double Free Vulnerability in Crossbeam Crate Use-after-free vulnerability in CMS Signing in openssl crate before 0.10.9 for Rust Memory Corruption Vulnerability in arrayfire Crate Incorrect Results Caused by reset() Calls in Orion Crate Heap Memory Corruption Due to Incorrect Constructor Argument Order XSS Vulnerability in anycomment Plugin for WordPress (Version < 0.0.33) CSRF Vulnerability in js-support-ticket Plugin for WordPress SQL Injection Vulnerability in BuddyForms Plugin for WordPress SQL Injection Vulnerability in rsvpmaker Plugin for WordPress Code Injection Vulnerability in bbp-move-topics Plugin for WordPress CSRF Vulnerability in bbp-move-topics Plugin for WordPress Unrestricted Access to Supportive XL Folders in Woo-Confirmation-Email Plugin for WordPress Use-after-free vulnerability in rsi_mac80211_detach function in Linux kernel Integer Overflow in Poppler's Parser::makeStream in Parser.cc Heap Buffer Overflow in color_apply_icc_profile in OpenJPEG Unauthenticated Access to User and Donation Details in Charitable Plugin for WordPress XSS Vulnerability in cf7-invisible-recaptcha Plugin for WordPress Incorrect Access Control in Swape Theme for WordPress Allows Unauthorized Administrator Account Creation via xmlPath Stored XSS Vulnerability in BuddyBoss-Media Plugin for WordPress NULL Pointer Dereference in AVC_DuplicateConfig() Function in GPAC 0.7.1 Denial of Service Vulnerability in GPAC 0.7.1 Memory Leak in dinf_Read in GPAC 0.7.1 Timeout Mishandling in Mastodon before 2.6.3 Information Disclosure Vulnerability in Home Assistant (CVE-2018-12345) PHP Type Juggling Vulnerability in Centreon Web Allows Authentication Bypass SQL Injection Vulnerability in img_gantt.php in Centreon Web before 2.8.27 SQL Injection in makeXML_ListServices.php in Centreon Web before 2.8.28 via host_id parameter Arbitrary Code Execution in Centreon Web via ns_id Parameter Arbitrary File Upload Vulnerability in Centreon Web before 2.8.27 Privilege Escalation Vulnerability in Centreon VM through 19.04.3 Unauthenticated Remote Information Disclosure Vulnerability in Hitachi Command Suite Remote Code Execution via Out-of-Memory (OOM) Vulnerability in Boa Web Server Memory Leak Vulnerability in Boa Web Server (0.94.14rc21) Vulnerability: Lack of Hostname Validation in systemd 239-245 for DNS Over TLS Lack of Content Security Policy (CSP) Header in Jupyter Notebook before 5.5.0 Allows XSS Payload in SVG Documents Remote Access Control Bypass in Tautulli Versions 2.1.38 and Below Exposure of Technical Information through Error Messages in Hitachi Command Suite and Hitachi Automation Director Arbitrary CSS Token Sequence Loading Vulnerability in Hitachi Command Suite, Automation Director, and Infrastructure Analytics Advisor Arbitrary Access to Secrets and Manifests in Argo Git Storage WebSocket Denial of Service Vulnerability in Qt Denial of Service Vulnerability in Sails.js before v1.0.0-46 CSRF Vulnerability in Subrion CMS 4.1.5 Allows Unauthorized Password Change Authentication Bypass Vulnerability in Samsung Secure Folder App (SVE-2018-11628) Lockscreen Bypass Vulnerability on Samsung Mobile Devices with N(7.0) Software Race Condition and Use-After-Free Vulnerability in Samsung Exynos 9810 Chipsets (SVE-2018-12959) Unauthenticated Access to Gallery in Secure Folder on Samsung Mobile Devices (SVE-2018-13057) Arbitrary APK Installation Vulnerability on Samsung Mobile Devices Information Disclosure Vulnerability in Samsung Exynos 9810 Chipsets (SVE-2018-13035) Buffer Overflow Vulnerability in Samsung Mobile Devices' sem Trustlet Clipboard Access Vulnerability on Samsung Mobile Devices Clipboard Data Exposure via Emergency Dialer on Samsung Mobile Devices Factory Reset Protection (FRP) Bypass Vulnerability on Samsung Mobile Devices with O(8.x) Software Notification Leak Vulnerability on Samsung Mobile Devices in Standalone Dex Mode Arbitrary Memory Write Vulnerability in Samsung Mobile Devices with Exynos Chipsets (SVE-2018-12881) Buffer Overflow Vulnerability in Samsung Exynos Chipsets (SVE-2018-12852) Invalid Free Vulnerability in Samsung Fingerprint Trustlet (SVE-2018-12853) Arbitrary Code Execution Vulnerability in Samsung Mobile Devices with Exynos Chipsets (SVE-2018-12855) Clipboard Access Vulnerability on Samsung Mobile Devices with N(7.x), O(8.x), and P(9.0) Software eCryptFS Integer Underflow Buffer Overflow Vulnerability Rooting Vulnerability on Samsung Mobile Devices with N(7.0) Software Smartwatch Secure Folder Notification Content Disclosure Vulnerability Stack-based Buffer Overflow in Shannon Baseband on Samsung Mobile Devices (SVE-2018-12757) Cache Attacks on Samsung Mobile Devices with Exynos Chipsets Clipboard Content Visibility in Locked State via Emergency Contact Picker on Samsung Mobile Devices (SVE-2018-11806) Keyboard Learned Words Leak via Emergency Contact Picker on Samsung Mobile Devices Fake Charger Vulnerability on Samsung Mobile Devices Vulnerability: Unauthorized Access to Locked Secure Folder Content on Samsung Mobile Devices Keymaster Vulnerability in Samsung Exynos Chipsets Array Overflow Vulnerability in Samsung Mobile Devices (SVE-2017-11816) Integer Underflow Vulnerability in Samsung Mobile Devices (SVE-2017-11855) Buffer Overflow Vulnerability in Samsung Mobile Devices with M(6.0) Software Information Disclosure Vulnerability in Samsung Trustlet (SVE-2018-11600) Vulnerability: Unauthorized Access to Secure Folder via Split Screen on Samsung Mobile Devices Information Disclosure Vulnerability in MediaTek Driver on Samsung Mobile Devices Samsung Mobile Devices with MSM8998 or SDM845 Chipsets Secure Boot Bypass Vulnerability Unprotected Intent Vulnerability on Samsung Mobile Devices (SVE-2018-11633) Exynos Kernel Driver Out-of-Bounds Read/Write Vulnerability (SVE-2018-11358) Clipboard Access Vulnerability on Samsung Mobile Devices Information Disclosure Vulnerability in Samsung Mobile Devices (SVE-2017-10638) Unintended Path Class Loading Vulnerability in Samsung Call+ Application (SVE-2017-10886) Information Disclosure Vulnerability in Samsung Secure Driver on Exynos8890/8895 Chipsets Clipboard Content Disclosure Vulnerability in Samsung Mobile Devices Insecure SS and USSD Codes in Samsung Contacts Application (SVE-2018-11469) Kernel Pointer Leak in Samsung USB Gadget Driver (SVE-2017-10993) NFC Lockscreen Bypass Vulnerability on Samsung Mobile Devices Unauthorized Permission Access in Samsung Dual Messenger Dex Station App Pinning and Lock-Screen Bypass Vulnerability Information Disclosure Vulnerability in Samsung Mobile Devices (SVE-2017-11175) Race Condition and Read-After-Free Vulnerability in Samsung Mobile Devices (SVE-2017-11174) Race Condition and Use-After-Free Vulnerability in Samsung Mobile Devices (SVE-2017-11176) Race Condition and Double Free Vulnerability in Samsung Mobile Devices (SVE-2017-11177) Samsung Mobile Devices vnswap Heap-Based Buffer Overflow Vulnerability Unprotected System Service in InputMethodManagerService on Samsung Mobile Devices (SVE-2017-9995) Integer Overflow Vulnerability in Samsung Mobile Devices (SVE-2017-10732) Exynos Modem Chipset Baseband Buffer Overflow Vulnerability System Crash via Abnormal Exception Handling on Samsung Mobile Devices (SVE-2017-10906) Crafted AT Command Vulnerability on Samsung Mobile Devices via NFC Tag Stack-based Buffer Overflow Vulnerability in Multiple NETGEAR Devices Vulnerability: Incorrect Configuration of Security Settings in Certain NETGEAR Devices Stored XSS Vulnerability in NETGEAR SRR60 and SRS60 Devices CSRF Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in NETGEAR R7800 Devices Command Injection Vulnerability in NETGEAR R7800 Devices Command Injection Vulnerability in NETGEAR R7800 Devices Command Injection Vulnerability in NETGEAR R7800 Devices CSRF Vulnerability in NETGEAR ReadyNAS Devices Command Injection Vulnerability in NETGEAR R7800 Devices Command Injection Vulnerability in NETGEAR R7800 Devices Command Injection Vulnerability in NETGEAR R7800 Devices Command Injection Vulnerability in NETGEAR R7800 Devices Command Injection Vulnerability in NETGEAR R7800 Devices Command Injection Vulnerability in NETGEAR R7800 Devices Command Injection Vulnerability in NETGEAR R7800 Devices Command Injection Vulnerability in NETGEAR R7800 Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in Certain NETGEAR Devices Critical Remote Code Execution Vulnerability in NETGEAR XR500 Devices Remote Code Execution Vulnerability in NETGEAR XR500 Devices Remote Code Execution Vulnerability in NETGEAR XR500 Devices Authentication Bypass Vulnerability in NETGEAR XR500 Devices Command Injection Vulnerability in NETGEAR WAC505 and WAC510 Devices CSRF Vulnerability in Certain NETGEAR Devices Authentication Bypass Vulnerability in NETGEAR Devices Denial of Service Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Privilege Escalation Vulnerability in NETGEAR WAC510 Devices Authentication Bypass Vulnerability in NETGEAR WAC510 Devices Command Injection Vulnerability in NETGEAR WAC505 and WAC510 Devices Command Injection Vulnerability in NETGEAR WAC505 and WAC510 Devices Authentication Bypass Vulnerability in NETGEAR WAC505 and WAC510 Devices Sensitive Information Disclosure Vulnerability in NETGEAR WAC505 and WAC510 Devices Command Injection Vulnerability in NETGEAR WAC505 and WAC510 Devices Unauthenticated Firmware Downgrade Vulnerability in NETGEAR WAC505 and WAC510 Devices Authentication Bypass Vulnerability in NETGEAR WAC505 and WAC510 Devices Stack-Based Buffer Overflow Vulnerability in NETGEAR WAC505 and WAC510 Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Sensitive Information Disclosure Vulnerability in NETGEAR D3600 and D6000 Routers Critical Vulnerability: Hardcoded Password in NETGEAR D3600 and D6000 Routers NETGEAR D3600 and D6000 Devices Vulnerable to Incorrect Security Configuration Disclosure of Sensitive Information Vulnerability in Multiple NETGEAR Devices NETGEAR D3600 and D6000 Devices Vulnerable to Incorrect Security Configuration Denial of Service Vulnerability in Certain NETGEAR Devices Denial of Service Vulnerability in Certain NETGEAR Devices Sensitive Information Disclosure in NETGEAR GS810EMX Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Buffer Overflow Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Buffer Overflow Vulnerability in Multiple NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Stored XSS Vulnerability in Certain NETGEAR Devices Buffer Overflow Vulnerability in Multiple NETGEAR Devices Command Injection Vulnerability in Certain NETGEAR Devices Incorrect Configuration of Security Settings in NETGEAR R7800 Devices Insecure Configuration of Security Settings in NETGEAR ReadyNAS Devices CSRF Vulnerability in NETGEAR ReadyNAS Devices Vulnerability: Incorrect Security Settings Configuration in NETGEAR Devices Command Injection Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in NETGEAR R6220 and WNDR3700v5 Devices Denial of Service Vulnerability in Certain NETGEAR Devices Denial of Service Vulnerability in Certain NETGEAR Devices Stored XSS Vulnerability in Multiple NETGEAR Devices Sensitive Information Disclosure Vulnerability in Certain NETGEAR Devices Incorrect Configuration of Security Settings in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in NETGEAR Devices Stack-based Buffer Overflow Vulnerability in NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in NETGEAR Devices Stack-based Buffer Overflow Vulnerability in NETGEAR Devices Stack-based Buffer Overflow Vulnerability in NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Stack-based buffer overflow vulnerability in certain NETGEAR devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in NETGEAR Devices Stack-Based Buffer Overflow Vulnerability in NETGEAR R7800 and R9000 Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Reflected XSS Vulnerability in Certain NETGEAR Devices Buffer Overflow Vulnerability in Multiple NETGEAR Devices Buffer Overflow Vulnerability in Certain NETGEAR Devices Buffer Overflow Vulnerability in Multiple NETGEAR Devices Buffer Overflow Vulnerability in Certain NETGEAR Devices Buffer Overflow Vulnerability in Certain NETGEAR Devices Buffer Overflow Vulnerability in Certain NETGEAR Devices Buffer Overflow Vulnerability in NETGEAR Devices Buffer Overflow Vulnerability in NETGEAR Devices Buffer Overflow Vulnerability in Certain NETGEAR Devices Buffer Overflow Vulnerability in Certain NETGEAR Devices Buffer Overflow Vulnerability in Certain NETGEAR Devices Buffer Overflow Vulnerability in NETGEAR Devices Buffer Overflow Vulnerability in Certain NETGEAR Devices Buffer Overflow Vulnerability in Certain NETGEAR Devices Buffer Overflow Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in Multiple NETGEAR Devices Authentication Bypass Vulnerability in NETGEAR Devices Command Injection Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in Certain NETGEAR Devices Insecure Configuration Vulnerability in NETGEAR Devices Incorrect Configuration of Security Settings in Certain NETGEAR Devices Incorrect Configuration of Security Settings in Multiple NETGEAR Devices Uncontrolled Recursion in find_fixed_tags Leads to Stack Consumption in re2c before 2.0 Integer Overflow Vulnerability in TensorFlow BMP Decoder Deserialization of Untrusted JSON Data in Jodd before 5.0.4 with setClassMetadataName Authentication Bypass and Information Disclosure Vulnerability in Foxit E-mail Advertising System NULL Pointer Dereference Vulnerability in Foxit Reader NTLM Credential Theft via GoToE or GoToR Action in Foxit PhantomPDF Memory Consumption Vulnerability in Foxit PhantomPDF NTLM Credential Theft Vulnerability in Foxit Reader and PhantomPDF Memory Consumption Vulnerability in Foxit Reader and PhantomPDF Untrusted Search Path Vulnerability in Foxit PhantomPDF Remote Code Execution via GoToE or GoToR Action in Foxit PhantomPDF COM Object Mishandling in Foxit PhantomPDF with Microsoft Word Arbitrary Application Execution via Embedded Executable in Foxit PhantomPDF PDF Portfolio (FG-VD-18-029) HTTP Request Smuggling Vulnerability in Pound 2.8 Authentication Bypass in Caddy Server (CVE-2018-12686) Information Leak in LibVNCServer's ConnectToRFBRepeater Function Authentication Credential Mishandling Vulnerability Timing Mishandling Vulnerability in Mattermost Server Denial of Service Vulnerability in Mattermost Server Authorization Bypass Vulnerability in Mattermost Server Multiple E-mail Address Bypass Vulnerability in Mattermost Server Unauthorized User Invitation Vulnerability Bypassing Access Control via Message Slash Command in Mattermost Server Channel Modification Vulnerability Bypassing Access Restrictions via Group Message Slash Command Bypassing Access Restrictions via Channel Header Slash Command API in Mattermost Server Denial of Service Vulnerability in Mattermost Server via invite_people Slash Command Denial of Service Vulnerability in Mattermost Server WebSocket Privacy Violation in Mattermost Server Excessive Invitation Privileges in Mattermost Server Denial of Service Vulnerability in Mattermost Server 4.7.3 Authentication Bypass via Crafted SAML Response in Mattermost Server SAML Response Expiration Date Enforcement Vulnerability Same Origin Policy Mishandling in Mattermost Desktop App Remote Command Injection Vulnerability in Node.js Traceroute Package Symlink Vulnerability in OpenRC's checkpath Function Out-of-Bounds Read Vulnerability in Node.js stringstream Module (Versions < 0.0.6) Missing Authentication Check in SAP Startup Service and SAP KERNEL 7.45, 7.49, and 7.52 Excessive Authorization in SAP Solution Manager 7.20 Role SAP_BPO_CONFIG SAP HANA Remote Information Disclosure Vulnerability Arbitrary Code Execution Vulnerability in SAP NetWeaver and SAP BASIS Cross-Site Scripting (XSS) Vulnerability in SAP CRM WebClient UI and S4FND Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Portal, WebDynpro Java, 7.30-7.50 Path Traversal Vulnerability in SAP Business Process Automation (BPA) By Redwood 9.0 and 9.1 Insufficient Path Validation in ABAP File Interface in SAP BASIS Unauthenticated Access Vulnerability in SAP NetWeaver System Landscape Directory SAP HANA Unauthenticated Information Disclosure Vulnerability SSRF Vulnerability in SAP Central Management Console, BI Launchpad, and Fiori BI Launchpad SAP Netweaver AS Java Web Application 7.50 SAML 2.0 Service Provider XSS Vulnerability Insecure Logging of Keystore Password in SAP HANA Extended Application Services, 1.0 Unauthenticated SQL Injection Vulnerability in SAP HANA Extended Application Services, 1.0 Sensitive Data Exposure in SAP HANA Extended Application Services 1.0 Unauthorized Access to Application Environments in SAP HANA Extended Application Services Unauthorized Access to Application Environments in SAP HANA Extended Application Services Unauthorized Access to Server Statistics and Status Information in SAP HANA Extended Application Services 1.0 Unauthorized Access to Statistical Data in SAP HANA Extended Application Services SAP HANA Extended Application Services 1.0 Username Validation Vulnerability Insufficient Path Validation Vulnerability in SAP CRM Privilege Escalation Vulnerability in SAP ERP Financials Information System SAP Internet Graphics Server Vulnerability: Unauthorized Access to System Area Reflected Cross-Site Scripting Vulnerability in SAP Internet Graphics Server Versions 7.20, 7.20EXT, 7.45, 7.49, 7.53 Null Pointer Dereference Vulnerability in SAP Internet Graphics Server Denial of Service Vulnerability in SAP Internet Graphics Server Buffer Overflow Vulnerability in SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53 SAP Internet Graphics Server Information Disclosure Vulnerability SAP Internet Graphics Server: Stored Cross-Site Scripting Vulnerability Log File Injection Vulnerability in SAP Internet Graphics Server (IGS) Denial of Service Vulnerability in SAP Internet Graphics Server (IGS) Chart Service IGS Portwatcher Service Denial of Service Vulnerability XML External Entity (XXE) Vulnerability in SAP Internet Graphics Server (IGS) XML External Entity (XXE) Vulnerability in SAP Internet Graphics Server (IGS) Denial of Service Vulnerability in SAP Internet Graphics Server (IGS) SAP Internet Graphic Server (IGS) Information Retrieval and File Corruption Vulnerability Denial of Service Vulnerability in SAP Internet Graphics Server (IGS) Interpreter Service Cross-Site Scripting (XSS) Vulnerability in SAP Business Objects Business Intelligence Platform CMC SAP Business Client 6.5 Information Disclosure Vulnerability Inefficient Encoding Vulnerability in Process Monitoring Infrastructure SAP Business Process Automation (BPA) By Redwood Information Disclosure Vulnerability XML External Entity (XXE) Vulnerability in SAP Business Process Automation (BPA) By Redwood Clear Text Storage of User Credentials in SAP HANA Capture & Replay Functionality Unauthorized Access to Restricted Information in SAP Disclosure Management 10.1 File Upload Vulnerability in SAP Disclosure Management 10.1 SAP Solution Manager Incident Management Work Center Cross-Site Scripting Vulnerability Unquoted Windows Search Path Vulnerability in Crystal Reports Server, OEM Edition (CRSE) Session Hijacking Vulnerability in SAP Business Objects Session Hijacking Vulnerability in SAP Cloud Platform 2.0 Cross-Site Scripting (XSS) Vulnerability in SAP Business One Browser Access Privilege Escalation Vulnerability in SAP Disclosure Management 10.1 Privilege Escalation Vulnerability in SAP Disclosure Management 10.1 Content Spoofing Vulnerability in SAP NetWeaver Application Server Java Web Container and HTTP Service XML External Entity (XXE) Injection Vulnerability in SAP Identity Management 7.2 and 8.0 SAP Identity Management 8.0 Vulnerability: Unauthorized Information Access via ToASCII Pass Type SAP MaxDB ODBC Driver Code Injection Vulnerability Privilege Escalation Vulnerability in SAP Enterprise Financial Services Arbitrary File Upload Vulnerability in SAP Internet Graphics Server (IGS) SAP Internet Graphics Server (IGS) Portwatcher Denial of Service Vulnerability SAP Internet Graphics Server (IGS) Portwatcher Denial of Service Vulnerability SAP Internet Graphics Server (IGS) Denial of Service Vulnerability DOM-based Cross-Site Scripting (XSS) Vulnerability in SAP UI5 SAP Business One Backup Service Information Disclosure Vulnerability Code Injection Vulnerability in SAP BusinessObjects Business Intelligence Suite and SAP Crystal Reports SAP UI5 Handler Information Disclosure Vulnerability Cross-Site Scripting (XSS) Vulnerability in SAP BusinessObjects Business Intelligence Suite 4.10 and 4.20 HTTP Response Header Injection Vulnerability in SAP BusinessObjects Business Intelligence Denial of Service Vulnerability in SAP Gateway Arbitrary Content Spoofing Vulnerability in SAP NetWeaver UI Components Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver Enterprise Portal Privilege Escalation Vulnerability in SAP R/3 Enterprise Retail (EHP6) External Command Execution Vulnerability in SAP Internet Graphics Service (IGS) SAP Internet Graphics Server (IGS) Denial-of-Service Vulnerabilities Insufficient Request Validation Vulnerability in SAP Internet Graphics Server (IGS) Sensitive Information Exposure in SAP Dynamic Authorization Management (DAM) by NextLabs (Java Policy Controller versions 7.7 and 8.5) SAP Change and Transport System Information Disclosure Vulnerability Session Hijacking Vulnerability in SAP BusinessObjects Business Intelligence Cross-Site Scripting (XSS) Vulnerability in SAP BusinessObjects Financial Consolidation Server-Side Request Forgery (SSRF) Vulnerability in AdminTools of SAP BusinessObjects Business Intelligence Unauthenticated Information Disclosure in SAP BusinessObjects Business Intelligence SAP BusinessObjects Business Intelligence (Launchpad Web Intelligence) InfoObject Query Execution Vulnerability SAP SRM-MDM Utilities Information Disclosure Vulnerability Unauthenticated SMB Relaying Vulnerability in SAP SRM MDM Catalog SAP MaxDB (liveCache) Privilege Escalation and Data Manipulation Vulnerability Unintended Prolonged Validity of XS CLI User Sessions in SAP HANA Extended Application Services (XS) Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 Logon Application Privilege Escalation Vulnerability in SAP Enterprise Financial Services Privilege Escalation Vulnerability in SAP Enterprise Financial Services Privileged User Information Access Vulnerability in SAP Adaptive Server Enterprise 16.0 SAP Business One Crystal Report Connection Type Information Disclosure Vulnerability Data Leakage in SAP Mobile Platform Offline OData Application Insecure Certificate Verification in SAP Business One Android Application v1.2 Privilege Escalation Vulnerability in SAP HCM Fiori People Profile (GBX01 HR version 6.0) XML Document Validation Vulnerability in BEx Web Java Runtime Export Web Service Server-Side Request Forgery (SSRF) Vulnerability in SAP Hybris Commerce OCC API Stored Cross-Site Scripting (XSS) Vulnerability in SAP WebDynpro Java SAP HANA Extended Application Services Classic Model OData Parser XML Validation Vulnerability Cross-Site Scripting (XSS) Vulnerability in SAP Data Services 4.2 Management Console Information Disclosure Vulnerability in SAP BusinessObjects BI Platform Servers Backup Server Information Disclosure Vulnerability in SAP Adaptive Server Enterprise (ASE) Unauthorized Information Access in SAP Adaptive Server Enterprise (ASE) Versions 15.7 and 16.0 Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver Application Server for ABAP Unauthorized Information Access in SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 Cross-Site Scripting (XSS) Vulnerability in SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 (Web Intelligence DHTML Client) Denial of Service Vulnerability in SAP BusinessObjects Business Intelligence Platform Server Insufficient CSRF Protection in SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) Application Missing Network Isolation in Kubernetes Apiserver of Gardener Shoot Clusters Insufficient URL Validation in SAP NetWeaver Forums: Open Redirect Vulnerability XML Document Validation Vulnerability in SAP NetWeaver's Knowledge Management (XMLForms) Command Execution Vulnerability in TREX / BWA Installation on SAP Basis 7.0 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40, and 7.50 to 7.53 Cross-Site Scripting (XSS) Vulnerability in SAP BusinessObjects Business Intelligence Platform (BIWorkspace) Versions 4.1 and 4.2 Unauthorized Transaction Execution in SAP Standard Roles Denial of Service Vulnerability in SAP Mobile Secure Android Application HTTP Verb Tampering Vulnerability in SAP BusinessObjects Business Intelligence Platform CMC Privilege Escalation in SAP Enterprise Financial Services Vulnerability: Remote Code Execution in SAP Fiori Client Cross-Site Scripting (XSS) Vulnerability in SAP Marketing (UICUAN, SAPSCORE) Zip File Extraction Vulnerability in SAP Disclosure Management 10.x Android Malware Exploits SAP Fiori Client with Empty Push Notifications Vulnerability Vulnerability: Unauthorized Deletion of SSO Configuration in SAP Fiori Client Unprotected Broadcast Messages Vulnerability in SAP Fiori Client Vulnerability: Remote Code Execution via Log Viewer in SAP Fiori Client Insufficient XML Validation in SAML 2.0 Functionality in SAP NetWeaver AS Java Vulnerability: Authorization Checks Bypass in SAP Basis AS ABAP Incomplete Logging of SELECT Events in SAP HANA Audit Log Password Hash Disclosure Vulnerability in SAP Financial Consolidation Cube Designer SAP Mobile Secure Android Client Information Disclosure Vulnerability Use-after-free vulnerability in libpulse-binding crate before 2.5.0 for Rust Insecure Validation in KCFinder Integration Project for Drupal (SA-CONTRIB-2018-024) Denial of Service Vulnerability in MongoDB Server Versions 3.6 and 4.0 Vulnerability in UIDL Request Handler Allows Property Value Manipulation Weak Synchronization in Rust's Arc::get_mut Method: A Memory Safety Vulnerability Heap-Based Buffer Overflow in libwebp's GetLE16() Function Heap-Based Buffer Overflow in libwebp's ApplyFilter() Function Heap-Based Buffer Overflow in libwebp's PutLE16() Function Heap-Based Buffer Overflow in libwebp's GetLE24() Function Heap-Based Buffer Overflow in libwebp's ShiftBytes() Function Uninitialized Value Vulnerability in libwebp's ReadSymbol() Function Use-after-free vulnerability in Linux kernel before 4.14.16 Host Header Injection Vulnerability in Greenbone Security Assistant (GSA) and Greenbone OS (GOS) Heap-Based Buffer Overflow in RawSpeed 3.1's TableLookUp::setTable Out-of-Bounds Write Vulnerability in UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 Unauthenticated File Upload Vulnerability in LearnDash LMS WordPress Plugin XST (Cross Site Tracing) Vulnerability in SAP Business One Service Layer BPF Subsystem Overflow Vulnerability in Linux Kernel TCP Server Module Memory Exhaustion Vulnerability Onion Routing Vulnerability in toxcore: Remote IP Address Discovery Uninitialized Value Vulnerability in smallvec Crate Memory Corruption Vulnerability in actix-web Crate Memory Corruption Vulnerability in actix-web Crate Memory Corruption Vulnerability in actix-web Crate Use-after-free vulnerability in libpulse-binding crate before 1.2.1 Use-after-free vulnerability in libpulse-binding crate before 1.2.1 Z-Wave Vulnerability: Downgrade Attack Exploiting CVE-2013-20003 Insufficient Access Restriction in SAP NetWeaver AS Java Keystore Service Local Authentication Bypass Vulnerability in Mirmay Secure Private Browser and File Manager up to 2.5 Remote OpenAPI Definition Display Vulnerability in Swagger UI Memory Corruption Vulnerability in zlib 1.2.12 and Earlier Versions during Deflation Heap-Based Buffer Over-Read Vulnerability in ADMesh 0.98.4 Thomson TCW710 ST5D.10.05 - Cross Site Scripting (Persistent) in /goform/wlanPrimaryNetwork Cross-Site Scripting (XSS) Vulnerability in Thomson TCW710 ST5D.10.05 Cross-Site Scripting (Persistent) Vulnerability in Thomson TCW710 ST5D.10.05 Cross-Site Scripting (Persistent) Vulnerability in Thomson TCW710 ST5D.10.05 Cross-Site Scripting (Persistent) Vulnerability in Thomson TCW710 ST5D.10.05 Cross-Site Scripting (XSS) Vulnerability in Thomson TCW710 ST5D.10.05 SAP NetWeaver AS Java Web Container HTTP Host Header Manipulation and XSS Vulnerability Critical Privilege Escalation Vulnerability in uTorrent Web Critical Privilege Escalation Vulnerability in uTorrent's JSON RPC Server Critical Remote Memory Corruption Vulnerability in uTorrent Critical Vulnerability in uTorrent: Remote Code Execution via Weak Authentication Critical Privilege Escalation Vulnerability in uTorrent XSS Vulnerability in Django REST Framework Browsable API View Templates Path Traversal Vulnerability XSS Vulnerability in Smarty's function.mailto Plugin Path Traversal Vulnerability in CODESYS Runtime System Allows Unauthorized Access and System File Modification Inefficient Regular Expression Complexity in email-existence (VDB-216854) Cross-Site Scripting (XSS) Vulnerability in SAP Commerce Storefronts Cross Site Scripting (XSS) Vulnerability in Harvest Chosen up to 1.8.6 Cross Site Scripting (XSS) Vulnerability in JmPotato Pomash Cross-Site Scripting (XSS) Vulnerability in Catalyst-Plugin-Session up to 0.40 Cross-Site Scripting (XSS) Vulnerability in moappi Json2html up to 1.1.x (CVE-2021-216959) Cross Site Scripting (XSS) Vulnerability in shred cilla Cross-Site Scripting (XSS) Vulnerability in FarCry Solr Pro Plugin up to 1.5.x Cross Site Scripting (XSS) Vulnerability in yolapi's render_description function (VDB-216966) Critical SQL Injection Vulnerability in simple_php_link_shortener Remote Code Execution Vulnerability in Twitter-Post-Fetcher up to 17.x Path Traversal Vulnerability in pastebinit up to 0.2.2 (VDB-217040) Vulnerability: Macaron CSRF - Sensitive Cookie without Secure Attribute Inefficient Regular Expression Complexity Vulnerability in rgb2hex up to 0.1.5 Denial of Service Vulnerability in flar2 ElementalX up to 6.x on Nexus 9 Cross-Site Scripting (XSS) Vulnerability in Zenoss Dashboard up to 1.3.4 Cross Site Scripting (XSS) Vulnerability in OSM Lab show-me-the-way Cross-Site Scripting Vulnerability in Wikimedia mediawiki-extensions-I18nTags Critical SQL Injection Vulnerability in PeterMu Nodebatis up to 2.1.x (VDB-217554) Critical SQL Injection Vulnerability in JoomGallery up to 3.3.3 Critical Remote Code Execution Vulnerability in devent globalpom-utils up to 4.5.0 Critical Vulnerability in Netis Netcore Router: Remote Attack Exploits Hard-Coded Password (VDB-217593) Critical SQL Injection Vulnerability in polterguy Phosphorus Five up to 8.2 Critical SQL Injection Vulnerability in roxlukas LMeve up to 0.1.58 (VDB-217610) Critical SQL Injection Vulnerability in lojban jbovlaste Cross Site Scripting (XSS) Vulnerability in Newcomer1989 TSN-Ranksystem up to 1.2.6 (CVE-2021-218002) Regular Expression Complexity Vulnerability in Prestaul Skeemas (VDB-218003) Critical SQL Injection Vulnerability in karsany OBridge up to 1.3 (VDB-218376) Critical SQL Injection Vulnerability in Events Extension on BigTree (VDB-218395) Inefficient Regular Expression Complexity Vulnerability in melnaron mel-spintax Privilege Escalation in man-db on Gentoo Regular Expression Complexity Vulnerability in Segmentio is-url up to 1.2.2 (VDB-220058) Cross-Site Scripting (XSS) Vulnerability in MobileDetect 2.8.31 Cross-Domain Password Auto-Fill Vulnerability in Bitwarden Critical XML External Entity (XXE) Vulnerability in zwczou WeChat SDK Python 0.3.0 (VDB-223403) OS Command Injection in pullit package before 1.4.0 for Node.js via Git branch name evaluation Cross-Site Scripting (XSS) Vulnerability in Ping Identity Self-Service Account Manager 1.1.2 Cross-Site Scripting (XSS) Vulnerability in Responsive Menus 7.x-1.x-dev on Drupal Cross-Site Scripting (XSS) Vulnerability in sea75300 FanPress CM up to 3.6.3 Arborator Server: Denial of Service Vulnerability in project.cgi Critical SQL Injection Vulnerability in Blue Yonder postgraas_server up to 2.0.0b2 (VDB-234246) Untrusted Target Access Vulnerability in glb Meetup Tag Extension 0.1 on MediaWiki CVE-2018-25090 Authorization Header Exposure in urllib3 before 1.24.2 Improper Access Controls in Vaerys-Dawn DiscordSailv2 up to 2.10.2 (VDB-244483) Improper Access Controls in Vaerys-Dawn DiscordSailv2 up to 2.10.2 (VDB-244484) Path Traversal Vulnerability in ???????????????? Online Accounting System up to 1.4.0 (VDB-246641) Arbitrary Code Execution Vulnerability in Duplicator WordPress Plugin Cross-Site Request Forgery Vulnerability in MdAlAmin-aol Own Health Record 0.1-alpha/0.2-alpha/0.3-alpha/0.3.1-alpha Cross-Site Scripting Vulnerability in Acumos Design Studio up to 2.0.7 (VDB-249420) Denial of Service Vulnerability in blockmason credit-protocol (CVE-2021-252799) CVE-2018-25099 CVE-2018-25100 Solaris Kernel Privilege Escalation Vulnerability Oracle HTTP Server Denial of Service Vulnerability Vulnerability in MySQL Server: Unauthorized Access and Denial of Service LDAP Library Vulnerability in Solaris Component of Oracle Sun Systems Products Suite Oracle WebCenter Content Vulnerability: Unauthorized Access and Data Manipulation Title: High-Privilege Network Access Vulnerability in MySQL Server (InnoDB Component) Vulnerability in Oracle Sun Systems Products Suite: Unauthorized Access and Data Manipulation in ILOM Vulnerability in Oracle Communications Order and Service Management: Unauthorized Data Access and Manipulation Vulnerability in Oracle Sun Systems ILOM Remote Console Application Java ME SDK Installer Vulnerability Vulnerability in Oracle Communications Unified Inventory Management: Unauthorized Access and Partial Denial of Service Vulnerability in Oracle Communications Unified Inventory Management: Unauthorized Data Access and Manipulation Vulnerability in Oracle Agile Product Lifecycle Management for Process: Unauthorized Data Access and Manipulation Vulnerability in MySQL Server: Unauthorized Denial of Service (DoS) Vulnerability in Siebel CRM Desktop component of Oracle Siebel CRM: Unauthorized Data Access and Modification Oracle Database Server Core RDBMS Unauthorized Read Access Vulnerability MySQL Server Denial of Service Vulnerability Solaris Kernel Unauthorized Access Vulnerability Solaris Kernel Privilege Escalation Vulnerability Java SE, Java SE Embedded, JRockit Vulnerability: Unauthorized Data Access via Multiple Protocols Oracle Applications DBA Component Vulnerability in Oracle E-Business Suite Vulnerability in Java SE component of Oracle Java SE (JavaFX) allows unauthorized data access Vulnerability in Oracle Java SE: Unauthorized Data Access Vulnerability in MySQL Server Allows for Unauthorized Denial of Service Attacks Unauthorized Read Access Vulnerability in Oracle WebCenter Sites MySQL Connectors Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Oracle Access Manager Web Server Plugin Unauthenticated Access Vulnerability Vulnerability in Oracle Java SE, Java SE Embedded, and JRockit (LDAP Subcomponent) Allows Unauthorized Data Access Oracle Hospitality Simphony Unauthenticated Remote Access Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Oracle Financial Services Balance Sheet Planning User Interface Unauthorized Data Access Vulnerability Vulnerability in PeopleSoft Enterprise PeopleTools: Unauthorized Takeover Vulnerability in Oracle Hyperion BI+ Component: Unauthorized Data Access and Partial Denial of Service Vulnerability in Oracle Hyperion BI+ Component: Unauthorized Data Access and Partial Denial of Service Vulnerability in Oracle WebCenter Content component allows unauthorized access and data manipulation Vulnerability in Oracle Hospitality Cruise Dining Room Management: Unauthorized Access and Data Compromise Unauthenticated Unauthorized Read Access Vulnerability in MySQL Workbench Vulnerability in Oracle Java SE, Java SE Embedded, and JRockit (JNDI Component) Allows Unauthorized Data Manipulation and Partial Denial of Service MySQL Server Optimizer Hang/Crash Vulnerability Oracle Internet Directory Remote Code Execution Vulnerability Vulnerability in Java SE and Java SE Embedded: Unauthorized Data Access and Partial Denial of Service Vulnerability in Oracle Java SE, Java SE Embedded, and JRockit Libraries: Unauthorized Partial Denial of Service Oracle Hospitality Guest Access Component Unauthorized Access Vulnerability Critical Data Access Vulnerability in Oracle PeopleSoft Products Oracle Hospitality Guest Access Component Unauthorized Access Vulnerability Oracle Hospitality Guest Access Denial of Service Vulnerability Oracle Hospitality Simphony Component Vulnerability: Unauthorized Access to Critical Data Vulnerability in Oracle Agile PLM Component of Oracle Supply Chain Products Suite: Unauthorized Data Access and Manipulation Unauthenticated Read Access Vulnerability in Oracle Hyperion Data Relationship Management Critical Remote Code Execution Vulnerability in Oracle Sun ZFS Storage Appliance Kit (AK) Vulnerability in MySQL Server component allows unauthorized data access and server compromise Oracle Argus Safety Login Vulnerability Oracle FLEXCUBE Universal Banking Component Unauthorized Access Vulnerability Oracle Support Tools OSS Support Tools Component Prior to 2.11.33 Vulnerability Oracle Support Tools OSS Support Tools Component Prior to 2.11.33 Vulnerability Unauthenticated Remote Access Vulnerability in Oracle Support Tools Java SE, Java SE Embedded, JRockit Vulnerability: Unauthorized Access to Critical Data Oracle Hospitality Simphony Component Vulnerability: Unauthorized Access to Critical Data Vulnerability in Primavera Unifier component of Oracle Construction and Engineering Suite: Unauthorized Data Access and Modification Vulnerability in Oracle Hospitality Cruise Shipboard Property Management System: Unauthorized Access and Data Compromise MySQL Server Denial of Service Vulnerability Vulnerability in Sun ZFS Storage Appliance Kit (AK) Allows Unauthorized Access and Data Compromise Vulnerability in Sun ZFS Storage Appliance Kit (AK) Allows Unauthorized Access to Critical Data Oracle WebLogic Server Unauthenticated Read Access Vulnerability Oracle Financial Services Balance Sheet Planning User Interface Vulnerability Java SE Installer Vulnerability: Unauthorized Takeover of Java SE Oracle WebLogic Server T3 Takeover Vulnerability Vulnerability in Java SE, Java SE Embedded, and JRockit: Unauthorized Data Access Vulnerability in Oracle FLEXCUBE Universal Banking Allows Unauthorized Data Access and Manipulation Oracle Transportation Management Unauthorized Data Access Vulnerability Vulnerability in Oracle Siebel CRM's Siebel Engineering - Installer and Deployment Component: Unauthorized Data Access Java SE, Java SE Embedded, JRockit Vulnerability: Unauthenticated Remote Code Execution Vulnerability in Java SE and Java SE Embedded: Unauthorized Access to Critical Data Oracle E-Business Suite Login Vulnerability Oracle Hospitality Simphony Component Takeover Vulnerability Vulnerability in Oracle Java SE, Java SE Embedded, and JRockit: Unauthorized Access to Critical Data Vulnerability in Java SE Deployment Component Allows Takeover Vulnerability in Java SE Deployment Component Allows Takeover MySQL Server Denial of Service Vulnerability Vulnerability in Java SE AWT Component Allows Unauthorized Data Access Vulnerability in Oracle Argus Safety File Upload Component Oracle Argus Safety Component Vulnerability: Unauthorized Data Access and Manipulation Vulnerability in Oracle Argus Safety Worklist Component: Unauthorized Data Access and Manipulation Critical Vulnerability in Oracle MySQL Server: Unauthorized Access to Critical Data MySQL Server Denial of Service Vulnerability Vulnerability in MySQL Server Replication Component: Unauthorized Data Access and Server Crash Vulnerability in Oracle FLEXCUBE Universal Banking: Remote Takeover Vulnerability in Oracle FLEXCUBE Universal Banking: Unauthorized Data Access and Denial of Service Oracle Hospitality Reporting and Analytics Component Unauthorized Data Access Vulnerability XML Publisher Component Vulnerability in PeopleSoft Enterprise PeopleTools Unauthenticated Remote Code Execution Vulnerability in Oracle PeopleSoft Integration Broker Unauthenticated Read Access Vulnerability in Oracle PeopleSoft Enterprise PeopleTools Vulnerability in PeopleSoft Enterprise HCM Human Resources Component: Unauthorized Data Access and Manipulation Oracle Work in Process Component Vulnerability: Unauthorized Access and Data Manipulation Oracle General Ledger Component Vulnerability in Oracle E-Business Suite: Unauthorized Access and Data Manipulation Vulnerability in Java SE and JRockit: Unauthorized Partial Denial of Service JD Edwards EnterpriseOne Tools Component Vulnerability JD Edwards EnterpriseOne Tools Component Vulnerability Vulnerability in Oracle Financial Services Analytical Applications Infrastructure component allows unauthorized access and data manipulation Vulnerability in Oracle Financial Services Analytical Applications Infrastructure component allows unauthorized data access and manipulation Oracle Transportation Management Component Vulnerability Vulnerability in Oracle Java SE, Java SE Embedded, and JRockit Libraries Sun ZFS Storage Appliance Kit (AK) Remote Code Execution Vulnerability MySQL Server Denial of Service Vulnerability Oracle Hospitality Labor Management Webservice Endpoint Unauthorized Data Access Vulnerability MySQL Server Optimizer Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Oracle Hospitality Reporting and Analytics Component Unauthorized Data Access Vulnerability Vulnerability in Oracle Financial Services Profitability Management: Unauthorized Data Access and Manipulation Critical Data Access Vulnerability in Oracle PeopleSoft SCM Purchasing Component (Supplier Registration) Oracle Hospitality Simphony Component Vulnerability Oracle Hospitality Simphony Unauthenticated Access Vulnerability Vulnerability in Oracle FLEXCUBE Direct Banking Logoff Component Java Advanced Management Console Server Vulnerability: Unauthorized Data Access Vulnerability in Oracle VM VirtualBox Allows Takeover Vulnerability in Java SE AWT Component Allows Partial Denial of Service Unauthenticated Remote Denial of Service Vulnerability in Oracle Java SE, Java SE Embedded, and JRockit (CVE-2018-2638) Vulnerability in Oracle Financial Services Profitability Management User Interface Vulnerability in Java VM component of Oracle Database Server allows for unauthorized takeover Vulnerability in Oracle PeopleSoft Products: Unauthorized Data Access and Manipulation in PeopleSoft Enterprise HCM Human Resources Vulnerability in Oracle Financial Services Liquidity Risk Management User Interface (Version 8.0.x) Allows Unauthorized Data Access Oracle Hospitality Simphony Denial of Service Vulnerability Oracle E-Business Suite User Management Registration Process Unauthorized Access Vulnerability Vulnerability in Oracle VM VirtualBox Allows Unauthorized Takeover Vulnerability in Oracle VM VirtualBox Allows Unauthorized Takeover Vulnerability in Oracle VM VirtualBox Allows Unauthorized Takeover Vulnerability in Oracle VM VirtualBox Allows Unauthorized Takeover Vulnerability in Oracle VM VirtualBox Allows Unauthorized Takeover Vulnerability in Oracle VM VirtualBox Allows Unauthorized Takeover Oracle E-Business Suite User Management Proxy User Delegation Vulnerability Vulnerability in Oracle Financial Services Asset Liability Management User Interface Vulnerability in Oracle VM VirtualBox Guest Additions Prior to 5.1.32 and Prior to 5.2.6 Vulnerability in Oracle VM VirtualBox Allows Takeover Critical Data Access Vulnerability in Oracle PeopleSoft Products MySQL Server Denial of Service Vulnerability Oracle Hospitality Cruise Fleet Management Component Unauthorized Data Access Vulnerability Vulnerability in Oracle VM VirtualBox Allows Takeover Vulnerability in Oracle Database Server's Application Express Component (Prior to 5.1.4.00.08) Allows Unauthorized Data Access and Manipulation Oracle Hospitality Cruise Fleet Management Emergency Response System Unauthorized Access Vulnerability Vulnerability in Oracle Hospitality Cruise Fleet Management: Unauthorized Access and Data Compromise Critical Data Access Vulnerability in PeopleSoft Enterprise FSCM Component (Strategic Sourcing) MySQL Server Privilege Escalation Vulnerability Oracle Banking Payments Component Vulnerability Oracle Banking Payments Component Takeover Vulnerability Oracle Banking Corporate Lending Takeover Vulnerability Oracle Banking Corporate Lending Component Unauthorized Data Access and Denial of Service Vulnerability Oracle Banking Payments Component Unauthorized Access Vulnerability Oracle Banking Corporate Lending Component Unauthorized Access Vulnerability Solaris Kernel Denial of Service Vulnerability Oracle JDeveloper Security Framework Unauthenticated Remote Code Execution Vulnerability Vulnerability in Oracle Financial Services Loan Loss Forecasting and Provisioning User Interface Oracle WebCenter Portal Unauthenticated Access Vulnerability Oracle Financial Services Market Risk User Interface Vulnerability Oracle Business Intelligence Enterprise Edition Remote Code Execution Vulnerability Oracle Financial Services Market Risk Measurement and Management User Interface Unauthenticated Remote Code Execution Vulnerability Solaris Solaris Component Vulnerability in Oracle Sun Systems Products Suite Solaris RPC Vulnerability: Unauthorized Access and Denial of Service Oracle Financial Services Hedge Management and IFRS Valuations User Interface Unauthorized Data Access Vulnerability Vulnerability in Oracle Financial Services Liquidity Risk Management User Interface (Version 8.0.x) Allows Unauthorized Data Access and Modification Oracle Financial Services Price Creation and Discovery User Interface Unauthorized Data Access Vulnerability Vulnerability in Oracle Financial Services Price Creation and Discovery Component Oracle Financial Services Asset Liability Management User Interface Vulnerability Vulnerability in Oracle Financial Services Loan Loss Forecasting and Provisioning User Interface Vulnerability in Oracle Financial Services Hedge Management and IFRS Valuations User Interface Oracle Financial Services Market Risk User Interface Unauthorized Data Access Vulnerability Vulnerability in Oracle Financial Services Market Risk Measurement and Management User Interface (Version 8.0.5) Allows Unauthorized Data Access and Modification Vulnerability in Oracle Financial Services Funds Transfer Pricing User Interface Oracle Financial Services Funds Transfer Pricing User Interface Vulnerability Vulnerability in Oracle Retail Merchandising System Allows Unauthorized Data Access and Manipulation Vulnerability in PeopleSoft Enterprise SCM eProcurement Component: Unauthorized Data Access and Manipulation Oracle Financial Services Analytical Applications Reconciliation Framework User Interface Unauthorized Access Vulnerability Oracle Hyperion Planning Vulnerability: Unauthorized Takeover of System Oracle Retail Returns Management Component Vulnerability Oracle Retail Central Office Unauthenticated Access Vulnerability Oracle Access Manager Web Server Plugin Unauthenticated Remote Code Execution Vulnerability Vulnerability in Oracle Enterprise Manager Ops Center: Unauthorized Access and Data Manipulation Oracle Banking Corporate Lending Component Unauthorized Access Vulnerability Oracle Banking Corporate Lending Component Unauthorized Access Vulnerability Vulnerability in Oracle Banking Corporate Lending Component of Oracle Financial Services Applications Vulnerability in Oracle Banking Corporate Lending Component of Oracle Financial Services Applications Vulnerability in Oracle Enterprise Manager Base Platform: Unauthorized Data Access and Partial Denial of Service Vulnerability in PeopleSoft Enterprise HCM Component of Oracle PeopleSoft Products (9.2) Solaris Python Modules Unauthorized Data Access Vulnerability Solaris ZVNET Driver Unauthorized Access and Denial of Service Vulnerability Vulnerability in MySQL Server Replication Component: Unauthenticated Takeover Vulnerability in Oracle Communications Order and Service Management WebUI Component MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Unauthenticated Remote Code Execution Vulnerability in Oracle HTTP Server MySQL Server Denial of Service Vulnerability MySQL Server Vulnerability: Unauthorized Hang and Crash Solaris NTPD Unauthorized Data Access Vulnerability Solaris NFS Denial of Service Vulnerability Oracle Fusion Middleware Oracle SSL API Unauthenticated Access Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Encryption Vulnerability Oracle Outside In Technology Component Vulnerability MySQL Server Pluggable Auth Vulnerability Vulnerability in Oracle Adaptive Access Manager component of Oracle Fusion Middleware: Unauthorized Access and Data Compromise MySQL Server Locking Vulnerability Critical Vulnerability in PeopleSoft Enterprise PeopleTools: Rich Text Editor Component Vulnerability in MySQL Server Allows for Denial of Service Attacks Vulnerability in PeopleSoft Enterprise PT PeopleTools component allows unauthorized access and data manipulation MySQL Server Vulnerability: Unauthorized Hang or Crash Vulnerability in MySQL Server's Group Replication GCS Component Allows for DOS Attacks MySQL Server Denial of Service Vulnerability MySQL Server Optimizer Denial of Service Vulnerability MySQL Server Optimizer Denial of Service Vulnerability MySQL Server Vulnerability: Unauthorized Hang or Crash MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Java SE, Java SE Embedded, JRockit Vulnerability: Unauthorized Access and Data Manipulation MySQL Server Denial of Service Vulnerability Vulnerability in PeopleSoft Enterprise PeopleTools: Unauthorized Data Manipulation Vulnerability in MySQL Server component allows unauthorized data access and server compromise Vulnerability in MySQL Server component allows unauthorized data access and server compromise Vulnerability in PeopleSoft Enterprise PeopleTools: Unauthorized Data Access and Manipulation Vulnerability in Oracle Siebel CRM 17.0 Allows Unauthorized Read Access Java SE and Java SE Embedded Vulnerability: Unauthorized Access and Data Manipulation Vulnerability in Oracle WebCenter Sites component of Oracle Fusion Middleware: Unauthorized Access and Data Compromise Vulnerability in Oracle Sun Systems Hardware Management Pack: Unauthorized Data Access and Manipulation Unauthenticated Remote Code Execution Vulnerability in Oracle PeopleSoft Products Java SE, JRockit Vulnerability: Unauthenticated Takeover of Java SE, JRockit Vulnerability in Oracle Java SE Allows Partial Denial of Service Java SE, Java SE Embedded, JRockit Concurrency Vulnerability Unauthenticated Remote Denial of Service Vulnerability in Oracle Java SE Java SE, Java SE Embedded, JRockit AWT Component Denial of Service Vulnerability Unauthenticated Remote Denial of Service Vulnerability in Oracle Java SE Java SE, JRockit RMI Unauthenticated Remote Code Execution Vulnerability Oracle Outside In Technology Image Export SDK Unauthenticated Remote Code Execution Vulnerability Vulnerability in Oracle Hospitality Simphony Component: Unauthorized Data Access and Manipulation Oracle Hospitality Reporting and Analytics Component Unauthorized Data Access Vulnerability Oracle E-Business Suite Oracle Application Object Library Component DB Privileges Vulnerability MySQL Server GIS Extension Denial of Service Vulnerability Oracle Outside In Technology Component Vulnerability Vulnerability in Oracle FLEXCUBE Core Banking Allows Unauthorized Data Access and Manipulation Solaris Kernel Denial of Service Vulnerability Unauthenticated Remote Code Execution Vulnerability in PeopleSoft Enterprise PeopleTools MySQL Server Denial of Service Vulnerability Java SE Install Vulnerability: Unauthorized Takeover of Java SE Vulnerability in MySQL Server: Unauthorized Data Access and Denial of Service MySQL Server DDL Vulnerability Vulnerability in Oracle Java SE: Unauthenticated Takeover via Multiple Protocols Java SE, Java SE Embedded, JRockit Serialization Vulnerability MySQL Server Optimizer Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Privilege Escalation Vulnerability MySQL Server Denial of Service Vulnerability Unauthorized Read Access Vulnerability in PeopleSoft Enterprise PeopleTools Vulnerability in PeopleSoft Enterprise PeopleTools Rich Text Editor Component Solaris Cluster Geo Vulnerability: Unauthorized Access and Data Compromise Critical Data Manipulation Vulnerability in Oracle Transportation Management 6.4.3 Oracle Hospitality Simphony Component Vulnerability Java SE Libraries Vulnerability: Unauthenticated Takeover of Java SE Java SE Libraries Vulnerability: Unauthenticated Takeover of Java SE Vulnerability in Oracle Hospitality Suite8: Unauthorized Access and Data Compromise Vulnerability in Oracle WebCenter Content component allows unauthorized access and data manipulation Oracle Hospitality Simphony Component Vulnerability Vulnerability in Oracle VM VirtualBox allows for takeover Vulnerability in Oracle VM VirtualBox Allows Unauthorized Data Access Oracle GoldenGate Unauthenticated Remote Code Execution Vulnerability Oracle Hospitality Simphony Component Vulnerability Vulnerability in Oracle Data Visualization Desktop: Unauthorized Access and Data Manipulation Vulnerability in Oracle VM VirtualBox allows for takeover Vulnerability in Oracle VM VirtualBox allows for takeover Vulnerability in Oracle VM VirtualBox allows for takeover Vulnerability in PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: EPPCM_HIER_TOP) - Version 9.1 MySQL Server Denial of Service Vulnerability Vulnerability in Oracle Retail Xstore Point of Service: Unauthorized Access and Data Compromise Java VM Component Vulnerability in Oracle Database Server Vulnerability in Oracle VM VirtualBox Allows Takeover Vulnerability in Oracle VM VirtualBox Allows Takeover Vulnerability in Oracle VM VirtualBox Allows Takeover Vulnerability in Oracle VM VirtualBox Allows Unauthorized Access and Denial of Service MySQL Server Performance Schema Denial of Service Vulnerability Oracle Hospitality Simphony First Edition Component Vulnerability Oracle Hospitality Simphony First Edition Client Application Loader Vulnerability Vulnerability in Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite: Unauthorized Access to Critical Data Oracle Hospitality Cruise Fleet Management System Vulnerability Oracle Hospitality Simphony First Edition: Unauthorized Data Access and Modification Vulnerability Vulnerability in Oracle Hospitality Guest Access component allows unauthorized data access and manipulation Vulnerability in Oracle Hospitality Simphony First Edition: Unauthorized Data Access and Manipulation Vulnerability in Oracle Financial Services Basel Regulatory Capital Basic: Unauthorized Data Access and Manipulation Oracle Financial Services Basel Regulatory Capital Basic Vulnerability Vulnerability in Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach component of Oracle Financial Services Applications (subcomponent: Portfolio, Attribution) Vulnerability in Sun ZFS Storage Appliance Kit (AK) Allows Unauthorized Data Access and Partial Denial of Service Unauthenticated Unauthorized Read Access Vulnerability in Sun ZFS Storage Appliance Kit Vulnerability in Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach component of Oracle Financial Services Applications Oracle VM VirtualBox Vulnerability: High Privileged Takeover (CVE-2018-2698) Oracle Retail Back Office Unauthenticated Access and Data Disclosure Vulnerability Oracle Retail Point-of-Service User Interface Unauthorized Access Vulnerability Vulnerability in Sun ZFS Storage Appliance Kit (AK) Allows Unauthorized Data Access Oracle E-Business Suite Application Object Library Unauthorized Read Access Vulnerability Oracle General Ledger Consolidation Hierarchy Viewer Unauthorized Data Access Vulnerability Oracle General Ledger Consolidation Hierarchy Viewer Unauthorized Data Access Vulnerability Oracle E-Business Suite Application Object Library Unauthorized Read Access Vulnerability Oracle Human Resources Component Unauthorized Data Access Vulnerability Oracle Human Resources Component Unauthorized Data Access Vulnerability Oracle Human Resources Component Vulnerability in Oracle E-Business Suite: Unauthorized Access and Data Manipulation Oracle Human Resources Component Vulnerability in Oracle E-Business Suite: Unauthorized Access and Data Manipulation Oracle General Ledger Account Hierarchy Manager Unauthorized Read Access Vulnerability Oracle General Ledger Account Hierarchy Manager Unauthorized Read Access Vulnerability Vulnerability in Oracle Application Object Library Allows Unauthorized Access to Critical Data Vulnerability in Oracle Database Server: Unauthorized Read Access to Core RDBMS Data Vulnerability in Oracle Retail Integration Bus component of Oracle Retail Applications (RIB Kernal) allows unauthorized access and partial denial of service MySQL Cluster Vulnerability: Unauthorized Hang and Crash Vulnerability in PeopleSoft Enterprise HCM Shared Components: Unauthorized Data Access and Manipulation Oracle Access Manager Vulnerability: Unauthorized Takeover via HTTP Critical Unauthorized Access Vulnerability in MICROS Retail-J Component of Oracle Retail Applications Vulnerability in MICROS Retail-J component of Oracle Retail Applications: Unauthorized Data Access and Partial Denial of Service Vulnerability in MICROS Retail-J component of Oracle Retail Applications: Unauthorized Data Access and Modification Vulnerability in Oracle Retail Xstore Office component allows unauthorized data access and partial denial of service Vulnerability in MICROS Retail-J component of Oracle Retail Applications: Unauthorized Data Access and Manipulation Vulnerability in MICROS Retail-J component of Oracle Retail Applications: Unauthorized Access and Data Manipulation Critical Vulnerability in MICROS Retail-J Component of Oracle Retail Applications (Version 12.1.2) Oracle Retail Bulk Data Integration Component Vulnerability Solaris Availability Suite Service Takeover Vulnerability Oracle WebLogic Server T3 Takeover Vulnerability Oracle WebLogic Server Remote Code Execution Vulnerability Vulnerability in Oracle Banking Corporate Lending component of Oracle Financial Services Applications: Unauthorized Data Access and Manipulation Vulnerability in Oracle Banking Payments component of Oracle Financial Services Applications: Unauthorized Data Access and Manipulation Oracle FLEXCUBE Enterprise Limits and Collateral Management Unauthorized Data Access Vulnerability Vulnerability in Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications Vulnerability in Oracle FLEXCUBE Universal Banking: Unauthorized Data Access and Manipulation Vulnerability in Oracle BI Publisher Layout Tools Allows Unauthorized Data Access and Modification Solaris DHCP Vulnerability: Unauthorized Partial Denial of Service Oracle WebLogic Server Console Unauthorized Read Access Vulnerability Solaris Kernel Privilege Escalation Vulnerability Vulnerability in Oracle Communications EAGLE LNP Application Processor component allows unauthorized data access and manipulation Unauthenticated Read Access Vulnerability in Sun ZFS Storage Appliance Kit Unauthorized Read Access Vulnerability in Oracle Sun Systems Hardware Management Pack (Ipmitool) Critical Vulnerability in Oracle Hyperion Financial Reporting Allows Unauthorized Access to Critical Data Solaris Kernel Denial of Service Vulnerability Oracle VM VirtualBox Vulnerability: Unauthorized Takeover of Virtualization Component Oracle GlassFish Server Vulnerability: Unauthorized Access and Data Manipulation Oracle GoldenGate Manager Denial of Service Vulnerability Oracle GoldenGate Monitoring Manager Unauthenticated Remote Code Execution Vulnerability Oracle GoldenGate Manager Denial of Service Vulnerability Unauthenticated Remote Access Vulnerability in Oracle Hyperion Data Relationship Management (CVE-2021-12345) Vulnerability in Sun ZFS Storage Appliance Kit (AK) Allows Partial Denial of Service Unauthenticated Remote Denial of Service Vulnerability in Sun ZFS Storage Appliance Kit (AK) Sun ZFS Storage Appliance Kit (AK) Takeover Vulnerability Vulnerability in PeopleSoft Enterprise PeopleTools: Unauthorized Data Access Vulnerability in Sun ZFS Storage Appliance Kit (AK) Allows Unauthorized Data Access and Partial Denial of Service Unauthenticated Unauthorized Read Access Vulnerability in Sun ZFS Storage Appliance Kit Solaris Kernel Unauthorized Read Access Vulnerability Unauthorized Read Access Vulnerability in Oracle Sun ZFS Storage Appliance Kit (AK) Vulnerability in Sun ZFS Storage Appliance Kit (AK) Allows Unauthorized Data Access and Partial Denial of Service Critical Vulnerability in Oracle BI Publisher Component of Fusion Middleware (Web Server Subcomponent) Solaris NVIDIA-GFX Kernel Driver Vulnerability Unauthorized Read Access Vulnerability in Sun ZFS Storage Appliance Kit (AK) Component Solaris RAD Vulnerability: Unauthorized Access to Critical Data Vulnerability in PeopleSoft Enterprise PeopleTools: Unauthorized Data Access and Manipulation Solaris Cluster NAS Device Addition Vulnerability Oracle SuperCluster Specific Software Vulnerability: Unauthorized Access and Data Compromise Critical Vulnerability in Oracle WebLogic Server: Unauthorized Access and Data Manipulation Vulnerability in Oracle E-Business Suite: Unauthorized Data Manipulation in Application Object Library Oracle WebLogic Server JSF Component Vulnerability Vulnerability in Oracle Communications Messaging Server: Unauthorized Data Access Unauthenticated Access Vulnerability in Sun ZFS Storage Appliance Kit (AK) Java SE Component Vulnerability: Remote Takeover of Java SE (CVE-2018-2938) Vulnerability in Core RDBMS component of Oracle Database Server: Unauthorized Data Access and Denial of Service Java SE and Java SE Embedded Vulnerability: Unauthorized Read Access Java SE JavaFX Vulnerability: Unauthenticated Network Access Compromising Java SE Vulnerability in Oracle Java SE Allows Takeover Oracle Fusion Middleware MapViewer Remote Code Execution Vulnerability Critical Vulnerability in JD Edwards EnterpriseOne Tools Allows Unauthorized Access to Critical Data JD Edwards EnterpriseOne Tools Web Runtime Unauthenticated Access Vulnerability JD Edwards EnterpriseOne Tools Web Runtime Unauthenticated Access Vulnerability Critical Vulnerability in JD Edwards EnterpriseOne Tools Allows Unauthorized Access to Critical Data JD Edwards EnterpriseOne Tools Web Runtime Unauthenticated Access Vulnerability JD Edwards EnterpriseOne Tools Web Runtime Unauthenticated Access Vulnerability JD Edwards EnterpriseOne Tools Web Runtime Unauthenticated Access Vulnerability Unauthenticated Remote Code Execution Vulnerability in PeopleSoft Enterprise PeopleTools Java SE, Java SE Embedded, JRockit Concurrency Vulnerability Oracle One-to-One Fulfillment Print Server Unauthenticated Remote Code Execution Vulnerability Oracle Order Management Component Vulnerability in E-Business Suite: Product Diagnostic Tools Subcomponent Oracle Hospitality OPERA 5 Property Services Unauthorized Data Access Vulnerability Vulnerability in Oracle Hospitality OPERA 5 Property Services component allows for unauthorized takeover Oracle Hospitality OPERA 5 Property Services Logging Vulnerability Vulnerability in Oracle BI Publisher component allows unauthorized access and data manipulation Vulnerability in Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI) allows unauthorized data manipulation Vulnerability in Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite: Unauthorized Data Access and Manipulation Vulnerability in Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite: Unauthorized Data Access and Manipulation Vulnerability in Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite: Unauthorized Data Access and Manipulation Vulnerability in Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite: Unauthorized Data Access Vulnerability in Java SE Deployment Component Allows for Takeover Vulnerability in Primavera Unifier component of Oracle Construction and Engineering Suite (16.x) Vulnerability in Primavera Unifier component of Oracle Construction and Engineering Suite: Unauthorized Data Access and Modification Physical Access Vulnerability in Oracle Primavera Unifier Component of Construction and Engineering Suite Unauthenticated Remote Code Execution Vulnerability in Primavera Unifier Unauthorized Read Access Vulnerability in Primavera Unifier Component of Oracle Construction and Engineering Suite (Core) Unauthorized Read Access Vulnerability in PeopleSoft Enterprise PeopleTools (PIA Search Functionality) Oracle E-Business Suite Oracle Applications Framework REST Services Unauthorized Read Access Vulnerability Java SE Security Vulnerability: Unauthorized Access to Critical Data Vulnerability in Java SE and Java SE Embedded: Unauthorized Data Access Vulnerability in Oracle FLEXCUBE Universal Banking Allows Unauthorized Data Access and Partial Denial of Service Oracle FLEXCUBE Universal Banking Unauthorized Read Access Vulnerability Vulnerability in Oracle Enterprise Manager Ops Center Allows Unauthorized Access and Data Manipulation Unauthenticated Remote Code Execution Vulnerability in PeopleSoft Enterprise PeopleTools Oracle Hospitality Simphony Import/Export Vulnerability Oracle FLEXCUBE Universal Banking Infrastructure Component Denial of Service Vulnerability Vulnerability in Oracle FLEXCUBE Universal Banking: Unauthorized Data Access and Partial Denial of Service Vulnerability in Oracle FLEXCUBE Universal Banking Allows Unauthorized Data Access and Manipulation Oracle FLEXCUBE Universal Banking Component Unauthorized Access Vulnerability Vulnerability in Oracle Hospitality Cruise Fleet Management System: Unauthorized Data Access and Modification Vulnerability in PeopleSoft Enterprise PeopleTools Workflow Component Vulnerability in PeopleSoft Enterprise PeopleTools Workflow Component Vulnerability in Oracle WebLogic Server Console component allows unauthorized data access and manipulation Oracle E-Business Suite Oracle Marketing Component Vulnerability Oracle iLearning Vulnerability: Unauthorized Access and Data Compromise Unauthenticated Remote Code Execution Vulnerability in PeopleSoft Enterprise PeopleTools Oracle Trade Management User Interface Vulnerability Oracle Outside In Technology Component Vulnerability Oracle E-Business Suite CRM Technical Foundation Preferences Unauthenticated Remote Code Execution Vulnerability Oracle iStore Shopping Cart Unauthorized Data Access Vulnerability Oracle iStore Component Vulnerability: Unauthorized Access and Data Compromise Oracle Applications Manager Unauthenticated Access Vulnerability Oracle E-Business Suite Script Author Component Vulnerability Oracle WebLogic Server SAML Vulnerability JD Edwards EnterpriseOne Tools Web Runtime Unauthenticated Access Vulnerability Oracle Hospitality Cruise Shipboard Property Management System Vulnerability Oracle Hospitality Cruise Shipboard Property Management System Vulnerability Oracle Hospitality Cruise Fleet Management System Vulnerability Oracle Hospitality Cruise Fleet Management System Vulnerability Java VM Component Vulnerability in Oracle Database Server Oracle VM VirtualBox Core Vulnerability: Unauthorized Partial Denial of Service JD Edwards EnterpriseOne Tools Web Runtime Unauthenticated Access Vulnerability Oracle Tuxedo Jolt Vulnerability Oracle E-Business Suite Oracle Marketing User Interface Unauthenticated Remote Code Execution Vulnerability Oracle Outside In Technology Component Vulnerability Oracle Outside In Technology Component Vulnerability Oracle Trade Management User Interface Vulnerability Oracle Trade Management User Interface Vulnerability Critical Data Access Vulnerability in Oracle Hospitality OPERA 5 Property Services Critical Data Access Vulnerability in Oracle Hospitality OPERA 5 Property Services Vulnerability in Oracle FLEXCUBE Universal Banking Allows Unauthorized Access and Data Manipulation Vulnerability in PeopleSoft Enterprise PeopleTools Integration Broker Component Oracle E-Business Suite CRM Technical Foundation Preferences Component Vulnerability Oracle iStore Component Vulnerability: Unauthorized Access and Data Compromise Vulnerability in Oracle FLEXCUBE Universal Banking: Unauthorized Data Access and Manipulation Vulnerability in Oracle Banking Payments component of Oracle Financial Services Applications: Unauthorized Data Access and Partial Denial of Service Oracle Banking Payments Unauthorized Read Access Vulnerability Oracle Banking Payments Component Denial of Service Vulnerability Vulnerability in Oracle Banking Payments component of Oracle Financial Services Applications: Unauthorized Data Access and Partial Denial of Service Vulnerability in Oracle Banking Payments Component of Oracle Financial Services Applications: Unauthorized Data Access and Manipulation Oracle Banking Payments Component Unauthorized Access Vulnerability Vulnerability in Oracle Banking Payments component of Oracle Financial Services Applications: Unauthorized Data Access and Manipulation Oracle Banking Payments Component Vulnerability Vulnerability in Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications: Unauthorized Data Access and Partial Denial of Service Oracle FLEXCUBE Investor Servicing Unauthorized Data Access Vulnerability Oracle FLEXCUBE Investor Servicing Denial of Service Vulnerability Vulnerability in Oracle FLEXCUBE Investor Servicing component allows unauthorized data access and partial denial of service Vulnerability in Oracle FLEXCUBE Investor Servicing component allows unauthorized data access and manipulation Oracle FLEXCUBE Investor Servicing Component Unauthorized Access Vulnerability Vulnerability in Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications Vulnerability in Oracle FLEXCUBE Investor Servicing component allows unauthorized access and data manipulation Vulnerability in Oracle Banking Corporate Lending component of Oracle Financial Services Applications: Unauthorized Data Access and Partial Denial of Service Vulnerability in Oracle FLEXCUBE Enterprise Limits and Collateral Management: Unauthorized Data Access and Partial Denial of Service Oracle Banking Corporate Lending Unauthorized Data Access Vulnerability Oracle FLEXCUBE Enterprise Limits and Collateral Management Unauthorized Read Access Vulnerability Oracle Banking Corporate Lending Component Denial of Service Vulnerability Oracle FLEXCUBE Enterprise Limits and Collateral Management Denial of Service Vulnerability Vulnerability in Oracle Banking Corporate Lending component of Oracle Financial Services Applications: Unauthorized Data Manipulation and Partial Denial of Service Vulnerability in Oracle FLEXCUBE Enterprise Limits and Collateral Management: Unauthorized Data Manipulation and Partial Denial of Service Vulnerability in Oracle Banking Corporate Lending component allows unauthorized data access and manipulation Vulnerability in Oracle FLEXCUBE Enterprise Limits and Collateral Management: Unauthorized Data Access and Manipulation Vulnerability in Oracle Banking Corporate Lending component of Oracle Financial Services Applications: Unauthorized Access to Critical Data Oracle FLEXCUBE Enterprise Limits and Collateral Management Unauthorized Access Vulnerability Vulnerability in Oracle Banking Corporate Lending component of Oracle Financial Services Applications: Unauthorized Data Access and Manipulation Vulnerability in Oracle FLEXCUBE Enterprise Limits and Collateral Management: Unauthorized Data Access and Manipulation Vulnerability in Oracle Banking Corporate Lending component of Oracle Financial Services Applications: Unauthorized Data Access and Modification Vulnerability in Oracle FLEXCUBE Enterprise Limits and Collateral Management: Unauthorized Data Access and Modification Vulnerability in MICROS Relate CRM Software: Unauthorized Data Access and Partial Denial of Service Vulnerability in Oracle Retail Customer Management and Segmentation Foundation component allows unauthorized data access and partial denial of service MySQL Server Denial of Service Vulnerability Oracle VM VirtualBox Core Vulnerability: Unauthorized Access and Denial of Service MySQL Server Privilege Escalation Vulnerability Vulnerability in Sun ZFS Storage Appliance Kit (AK) Allows Takeover Vulnerability in MySQL Server component allows unauthorized data manipulation Vulnerability in Siebel UI Framework component of Oracle Siebel CRM: Unauthorized Data Access and Manipulation Vulnerability in MySQL Server component allows unauthorized data access and server compromise High Privilege Network Access Vulnerability in MySQL Server (CVE-XXXX) MySQL Server Memcached Denial of Service Vulnerability MySQL Server Privilege Escalation Vulnerability Vulnerability in MySQL Server component allows unauthorized access and DOS attacks MySQL Server Denial of Service Vulnerability MySQL Server Vulnerability: Unauthorized Data Access and Manipulation Vulnerability in MySQL Server Replication Component: Unauthorized Server Crash Vulnerability in PeopleSoft Enterprise HCM Human Resources Component: Unauthorized Data Access and Manipulation Unauthorized Read Access Vulnerability in Oracle Agile Product Lifecycle Management for Process MySQL Server Denial of Service Vulnerability MySQL Server Audit Log Denial of Service Vulnerability Unauthenticated Access Vulnerability in PeopleSoft HRMS Component Vulnerability in MySQL Server: Unauthorized Server Hang or Crash Vulnerability in MySQL Server component allows for Denial of Service (DoS) attacks MySQL Server Privilege Escalation Vulnerability Vulnerability in PeopleSoft Enterprise CS Financial Aid Component Allows Unauthorized Data Access MySQL Server Denial of Service Vulnerability Vulnerability in MySQL Server component allows for Denial of Service (DoS) attacks MySQL Server InnoDB Component Denial of Service Vulnerability Vulnerability in MySQL Server component allows for Denial of Service (DoS) attacks Vulnerability in MySQL Client component allows unauthorized data access and denial of service MySQL Server Vulnerability: Unauthorized Data Access via Multiple Protocols Vulnerability in MySQL Server Allows Partial Denial of Service Vulnerability in Oracle VM VirtualBox Prior to 5.2.16: Unauthorized Data Access and System Compromise Oracle VM VirtualBox Vulnerability: Unauthorized Takeover of Virtualization Component Oracle VM VirtualBox Vulnerability: Unauthorized Takeover of Virtualization Component Oracle VM VirtualBox Vulnerability: Unauthorized Takeover of Virtualization Component Oracle VM VirtualBox Vulnerability: Unauthorized Takeover of Virtualization Component Oracle VM VirtualBox Vulnerability: Unauthorized Takeover of Virtualization Component Vulnerability in Oracle VM VirtualBox Prior to 5.2.16: Unauthorized Access to Critical Data Oracle Outside In Technology Component Vulnerability Oracle Outside In Technology Component Vulnerability Oracle Outside In Technology Component Vulnerability Oracle Outside In Technology Component Vulnerability Oracle Outside In Technology Component Vulnerability Oracle Outside In Technology Component Vulnerability Oracle Outside In Technology Component Vulnerability Oracle Outside In Technology Component Vulnerability Oracle Business Process Management Suite Vulnerability: Unauthorized Access and Data Manipulation Oracle WebCenter Portal Unauthenticated Read Access Vulnerability Oracle Outside In Technology Component Vulnerability Oracle Outside In Technology Component Vulnerability Oracle Outside In Technology Component Vulnerability Vulnerability in Oracle SOA Suite Allows Unauthorized Read Access Critical Vulnerability in Oracle Fusion Middleware: Unauthorized Access to Critical Data Oracle Fusion Middleware MapViewer Component Unauthorized Access Vulnerability Oracle Database Server Java VM Component Vulnerability Vulnerability in Oracle Retail Xstore Office component allows unauthorized access and data manipulation Vulnerability in Oracle Retail Sales Audit component of Oracle Retail Applications: Unauthorized Access and Data Compromise Critical Vulnerability in MICROS Lucas Component of Oracle Retail Applications Allows Takeover Vulnerability in Oracle Retail Open Commerce Platform Allows Unauthorized Access and Data Manipulation Critical Vulnerability in Oracle MySQL Server: Unauthorized Access to Critical Data Oracle Retail Merchandising System SQL Logger Unauthorized Data Access Vulnerability Oracle Retail Xstore Point of Service Takeover Vulnerability Unauthenticated Remote Code Execution Vulnerability in Oracle Demantra Demand Management Oracle Hospitality Reporting and Analytics Component Unauthorized Data Access Vulnerability Unauthenticated Remote Code Execution Vulnerability in Oracle PeopleSoft Enterprise PeopleTools Vulnerability in PeopleSoft Enterprise Interaction Hub component allows unauthorized data access and manipulation Oracle Hospitality Gift and Loyalty Component Unauthorized Access Vulnerability Vulnerability in PeopleSoft Enterprise PeopleTools Rich Text Editor Component MySQL Server Denial of Service Vulnerability Vulnerability in Oracle Agile Product Lifecycle Management for Process User Group Management Component (CVE-2021-12345) Unauthenticated Remote Code Execution Vulnerability in PeopleSoft Enterprise PeopleTools Unauthenticated Remote Code Execution Vulnerability in Oracle Java SE Vulnerability in MySQL Server: Unauthorized Server Hang or Crash Vulnerability in Oracle E-Business Suite's Oracle Application Object Library: Unauthorized Access and Data Compromise Java SE Networking Vulnerability Vulnerability in Hyperion Essbase Administration Services: Unauthorized Data Access and Manipulation Unauthenticated Remote Code Execution Vulnerability in Oracle Hyperion Essbase Administration Services (EAS Console) 11.1.2.4 Critical Vulnerability in Oracle Hyperion Essbase Administration Services (EAS Console) Allows Unauthorized Access to Critical Data MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Parser Vulnerability Oracle iLearning Learner Administration Component Vulnerability Vulnerability in Oracle Outside In Technology Allows Unauthorized Read Access Vulnerability in Primavera Unifier Web Access component of Oracle Construction and Engineering Suite Java SE, Java SE Embedded, JRockit Vulnerability: Unauthenticated Remote Code Execution Java SE Utility Component Unauthenticated Access Vulnerability Oracle iProcurement E-Content Manager Catalog Unauthenticated Access Vulnerability Oracle GlassFish Server 3.1.2 Denial of Service Vulnerability Vulnerability in PeopleSoft Enterprise PeopleTools: Unauthorized Data Access and Manipulation Vulnerability in PeopleSoft Enterprise PeopleTools Portal Component Vulnerability in MySQL Server Component: Unauthorized Server Crash MySQL Server Denial of Service Vulnerability Java SE Sound Component Unauthorized Read Access Vulnerability Oracle Hospitality Cruise Fleet Management Component Unauthorized Access Vulnerability Oracle Hospitality Cruise Fleet Management Component Vulnerability Oracle Hospitality Cruise Shipboard Property Management System Vulnerability MySQL Server Partition Vulnerability MySQL Server Denial of Service Vulnerability Vulnerability in Oracle Hospitality Cruise Fleet Management: Unauthorized Data Access and Partial Denial of Service Vulnerability in PeopleSoft Enterprise PeopleTools: Unauthorized Data Access and Manipulation Critical Vulnerability in Oracle PeopleSoft Products: Compromise of PeopleSoft Enterprise PeopleTools Critical Vulnerability in Oracle Hospitality Cruise Fleet Management: Unauthorized Data Access and Modification Unauthenticated Remote Read Access Vulnerability in Oracle E-Business Suite Application Management Pack Oracle Identity Analytics Component Vulnerability Vulnerability in Oracle Java SE Allows Unauthorized Takeover MySQL Server Denial of Service Vulnerability Vulnerability in MySQL Server: Unauthorized Access and Denial of Service Solaris RPC Portmap v3 Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Component Vulnerability: Unauthorized Hang and Crash Vulnerability in Oracle Hyperion Common Events: Unauthorized Data Access and Manipulation Vulnerability in Oracle Hyperion Common Events: Unauthorized Data Access and Manipulation Vulnerability in Oracle Hyperion Common Events: Unauthorized Data Access and Manipulation Vulnerability in Oracle Hyperion Common Events: Unauthorized Data Access and Manipulation Oracle Identity Manager Vulnerability: Unauthorized Access and Partial Denial of Service Vulnerability in Oracle Java SE: Unauthorized Access and Denial of Service Vulnerability in Oracle Hospitality Cruise Shipboard Property Management System Allows Unauthorized Access to Critical Data Critical Denial of Service Vulnerability in Oracle MySQL Server (Versions 8.0.12 and Prior) Vulnerability in Java SE, Java SE Embedded, JRockit: Scripting Component Vulnerability in Oracle Hyperion BI+ Allows Unauthorized Read Access to Data Vulnerability in MySQL Server component allows unauthorized data access and server compromise Vulnerability in MySQL Server: Optimizer Component (CVE-2018-12345) Vulnerability in MySQL Server: Unauthorized Data Access and Denial of Service Oracle iStore Component Vulnerability in Oracle E-Business Suite Oracle E-Business Suite Customer Interaction History Unauthorized Access Vulnerability Vulnerability in Oracle E-Business Intelligence component allows unauthorized access and data manipulation Oracle WebLogic Server T3 Network Access Vulnerability Critical Vulnerability in Oracle PeopleSoft Products: Compromise of PeopleSoft Enterprise PeopleTools Vulnerability in PeopleSoft Enterprise PeopleTools Activity Guide Component Vulnerability in PeopleSoft Enterprise PeopleTools Activity Guide Component Vulnerability in MySQL Server: Unauthorized Data Access and Server Crash Oracle Partner Management Component Vulnerability in E-Business Suite: Unauthorized Access and Data Compromise Oracle WebLogic Server Remote Code Execution Vulnerability Unauthenticated Read Access Vulnerability in Oracle PeopleSoft Enterprise PeopleTools MySQL Server Denial of Service Vulnerability Oracle WebLogic Server Remote Code Execution Vulnerability Unauthenticated Unauthorized Read Access Vulnerability in PeopleSoft Enterprise PeopleTools Vulnerability in MySQL Server: Unauthorized Server Hang or Crash Vulnerability in Oracle Business Intelligence Enterprise Edition: Unauthorized Access and Data Compromise Vulnerability in PeopleSoft Enterprise PeopleTools Workflow Component Vulnerability in PeopleSoft Enterprise PeopleTools Portal Component Vulnerability in PeopleSoft Enterprise PeopleTools Portal Component Vulnerability in Oracle Hyperion Data Relationship Management Allows Unauthorized Access to Critical Data Java SE Vulnerability: Unauthenticated Takeover via JavaFX Oracle GlassFish Server Vulnerability: Unauthorized Data Access via Java Server Faces Vulnerability in Java SE and Java SE Embedded Allows Unauthorized Data Access and Modification MySQL Server Information Schema Denial of Service Vulnerability Unauthenticated Remote Code Execution Vulnerability in Oracle WebLogic Server via Docker Images Java SE, Java SE Embedded, JRockit Sound Component Denial of Service Vulnerability Vulnerability in Oracle Endeca Information Discovery Integrator: Unauthorized Data Access and Manipulation Vulnerability in Oracle Outside In Technology Allows Unauthorized Access and Data Compromise Vulnerability in Oracle Outside In Technology Allows Unauthorized Access and Data Compromise Vulnerability in Oracle Outside In Technology Allows Unauthorized Access and Partial Denial of Service Vulnerability in Oracle Outside In Technology Allows Unauthorized Access and Partial Denial of Service Vulnerability in Oracle Outside In Technology Allows Unauthorized Access and Denial of Service Vulnerability in Oracle Outside In Technology Allows Unauthorized Access and Denial of Service Vulnerability in Oracle Outside In Technology Allows Unauthorized Access and Denial of Service Vulnerability in Oracle Outside In Technology Allows Unauthorized Access and Denial of Service Vulnerability in Oracle Outside In Technology Allows Unauthorized Access and Denial of Service Oracle Outside In Technology Unauthenticated Remote Code Execution Vulnerability Vulnerability in Oracle Outside In Technology Allows Unauthorized Access and Denial of Service Vulnerability in Oracle Outside In Technology Allows Unauthorized Access and Denial of Service Vulnerability in Oracle Outside In Technology Allows Unauthorized Access and Denial of Service Vulnerability in Oracle Outside In Technology Allows Unauthorized Access and Denial of Service Vulnerability in Oracle Outside In Technology Allows Unauthorized Access and Denial of Service Vulnerability in Oracle Outside In Technology Allows Unauthorized Access and Denial of Service Vulnerability in Oracle Outside In Technology Allows Unauthorized Access and Denial of Service Vulnerability in Oracle Outside In Technology Allows Unauthorized Access and Denial of Service Vulnerability in Oracle Applications Manager component of Oracle E-Business Suite: Unauthorized Access and Data Compromise Vulnerability in Oracle User Management component of Oracle E-Business Suite: Unauthorized Access and Data Manipulation Oracle Applications Manager Unauthenticated Read Access Vulnerability Oracle WebCenter Sites Component Vulnerability: Unauthorized Access and Data Compromise Unauthenticated Read Access Vulnerability in PeopleSoft Enterprise PeopleTools Vulnerability in Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite: Unauthorized Data Access and Manipulation Vulnerability in Oracle Marketing component of Oracle E-Business Suite: Unauthorized Access and Data Compromise Vulnerability in Oracle Applications Framework component of Oracle E-Business Suite: Unauthorized Access and Data Compromise Oracle E-Business Suite Attachment/File Upload Vulnerability Oracle WebLogic Server T3 Vulnerability Oracle WebLogic Server Component Vulnerability Vulnerability in MySQL Server: Unauthorized Access and Denial of Service Oracle WebLogic Server Vulnerability: Unauthorized Access to Critical Data Oracle WebLogic Server Component Vulnerability Oracle WebLogic Server Vulnerability: Unauthorized Access and Data Manipulation MySQL Server Denial of Service Vulnerability Oracle WebLogic Server T3 Vulnerability Oracle Virtual Directory Component Vulnerability Unauthenticated Unauthorized Read Access Vulnerability in Oracle WebCenter Portal Vulnerability in PeopleSoft Enterprise PeopleTools: Unauthorized Data Access and Manipulation Vulnerability in Oracle Email Center component of Oracle E-Business Suite: Unauthorized Data Access Vulnerability in PeopleSoft Enterprise PeopleTools: Unauthorized Data Access and Manipulation MySQL Connectors Component Vulnerability Oracle Database Server Java VM Component Vulnerability Unauthenticated Read Access Vulnerability in PeopleSoft Enterprise PeopleTools Vulnerability in PeopleSoft Enterprise PeopleTools: Unauthorized Data Manipulation Solaris Sudo Vulnerability: Unauthorized Access and Partial Denial of Service Solaris Kernel Unauthorized Access and Partial Denial of Service Vulnerability Solaris Component Vulnerability: Unauthorized Access and Partial Denial of Service Solaris Verified Boot Vulnerability Solaris LFTP FTP Access Vulnerability Solaris SMB Server Denial of Service Vulnerability Solaris SMB Server Denial of Service Vulnerability Solaris Kernel Denial of Service Vulnerability Solaris Kernel Zones Denial of Service Vulnerability Solaris Kernel Zones Virtualized NIC Driver Denial of Service Vulnerability Solaris Remote Administration Daemon (RAD) Vulnerability Solaris SMB Remote Crash Vulnerability Solaris LibKMIP Vulnerability: Unauthorized Access to Critical Data MySQL Server Component Vulnerability: Unauthorized Hang and Crash MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Vulnerability: Unauthorized Hang or Crash (CVE-XXXX-XXXX) Vulnerability in MySQL Server JSON Component: Unauthorized Server Crash Vulnerability in Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite: Unauthorized Data Access and Manipulation MySQL Server Denial of Service Vulnerability MySQL Server Logging Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Privilege Escalation Vulnerability in Oracle MySQL Server Oracle VM VirtualBox Vulnerability: Unauthorized Takeover of Virtualization Component Vulnerability in Oracle VM VirtualBox Prior to 5.2.20 Allows Unauthorized Takeover Vulnerability in Oracle VM VirtualBox Prior to 5.2.20 Allows Unauthorized Takeover Oracle VM VirtualBox Vulnerability: Unauthorized Takeover of Virtualization Component Oracle VM VirtualBox Vulnerability: Unauthorized Takeover of Virtualization Component Oracle VM VirtualBox Vulnerability: Unauthorized Takeover of Virtualization Component Oracle VM VirtualBox Vulnerability: Unauthorized Takeover of Virtualization Component Vulnerability in Oracle VM VirtualBox allows for Remote Takeover Vulnerability in Oracle VM VirtualBox Prior to 5.2.20: Unauthorized Takeover Oracle VM VirtualBox Vulnerability: Unauthorized Takeover of Virtualization Component Oracle VM VirtualBox Vulnerability: Unauthorized Takeover of Virtualization Component Oracle VM VirtualBox Vulnerability: Unauthorized Takeover of Virtualization Component Oracle Text Component Vulnerability: Unauthorized Access and Denial of Service Vulnerability in Oracle Retail Xstore Office 7.1 Allows Unauthorized Data Access and Manipulation Vulnerability in PeopleSoft Enterprise PeopleTools: Unauthorized Data Access and Manipulation Vulnerability in Oracle Outside In Technology Allows Unauthorized Access and Denial of Service Vulnerability in Oracle Enterprise Manager Base Platform: Unauthorized Data Access and Manipulation Oracle Application Testing Suite Component Vulnerability Vulnerability in Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite: Unauthorized Data Access and Partial Denial of Service Oracle VM VirtualBox Vulnerability: High Privileged Takeover (CVE-2018-xxxx) Oracle Retail Xstore Payment Component Vulnerability Vulnerability in Oracle Retail Customer Engagement Component: Unauthorized Data Access and Partial Denial of Service Vulnerability in MICROS Relate CRM Software Allows Unauthorized Access and Data Manipulation Vulnerability in Oracle Retail Customer Management and Segmentation Foundation component allows unauthorized access and data manipulation Vulnerability in Oracle Retail Customer Management and Segmentation Foundation: Unauthorized Access and Data Compromise Double Free Vulnerability in Audio Driver: Exploiting Sound Compression Device in Android for MSM, Firefox OS for MSM, QRD Android, and CAF Android Releases Race Condition in diag_ioctl_lsm_deinit() Leads to Use After Free Vulnerability in Android for MSM, Firefox OS for MSM, QRD Android, and CAF Android Releases Buffer Over-read Vulnerability in Android's FILS Authentication Frame Processing Untrusted Pointer Dereference in apr_cb_func: Arbitrary Code Execution Vulnerability Use After Free Vulnerability in FastRPC Driver in Android Releases from CAF Buffer Overflow Vulnerability in lim_send_sme_probe_req_ind() in Android Releases from CAF Buffer Overwrite Vulnerability in Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android Buffer Overflow Vulnerability in Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with Linux Kernel Buffer Overwrite Vulnerability in Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with Linux Kernel Buffer Over-read Vulnerability in Android Fast Initial Link Setup (FILS) Connection Untrusted Pointer Dereference in Android's cpuidle Driver Use After Free Vulnerability in KGSL Driver on Android Devices Unchecked Buffer Access Vulnerability in Android Audio Driver's Event Handler Out of Bounds Access Vulnerability in Android Releases with CAF Linux Kernel Vulnerability: Unauthorized Cache Maintenance on Insecure ION Buffer in Android Releases Array Out-of-Bounds Access Vulnerability in WiFi Driver Function sapInterferenceRssiCount() in Android Releases from CAF Integer Overflow and Buffer Overflow Vulnerability in Android Releases from CAF Heap Buffer Overflow Vulnerability in Android WLAN Driver due to Type Mismatch for ie_len WLAN Driver Buffer Over-read Vulnerability in Android Releases Stack-based Buffer Overflow in WLAN Driver Due to pmkid_count Value in Android Releases from CAF Buffer Overwrite Vulnerability in Android WLAN Driver Improper Input Validation in WMA Event Handler Functions Leads to Buffer Overflow in Android Releases Buffer Overflow Vulnerability in Snapdragon Auto, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, Mobile, Wearables in MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA9379, QCS605, SD 625, SD 636, SD 820, SD 820A, SD 835, SD 855, SDA660, SDM630, SDM660, SDX20 Use After Free Vulnerability in Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with Linux Kernel Integer Overflow to Buffer Overflow Vulnerability in ADSPRPC Heap Manager Use After Free Vulnerability in Android Firmware Memory Dump Feature Improper Access Control Vulnerability in Snapdragon Processors Buffer Overflow Vulnerability in Qualcomm Snapdragon Mobile Devices Use After Free Vulnerability in Android RIL Handling Requests Vulnerability: Unrestricted Memory Access in Qualcomm Snapdragon Devices Null Pointer Dereference Vulnerability in Android on Qualcomm Snapdragon Mobile and Snapdragon Wear Devices Double Free Vulnerability in Qualcomm Snapdragon Devices Buffer Over-read Vulnerability in Android Qualcomm Snapdragon Devices Improper Error Handling in RPMB Writes Allows Bypass of Anti-Rollback in Snapdragon Devices Legacy Code Vulnerability in Qualcomm Android, Firefox OS, and QRD Android with Linux Kernel Arbitrary Kernel Write Vulnerability in ADSP RPC Driver in Android Releases Insufficient Validation in Qualcomm Android and Firefox OS Camera Driver: Information Leak and Out-of-Bounds Access Vulnerability Use After Free Vulnerability in Qualcomm Android, Firefox OS, and QRD Android Trend Micro Control Manager 6.0 XXE Information Disclosure Vulnerability Authentication Bypass Vulnerability in Trend Micro Control Manager 6.0 AdHocQuery_Processor SQL Injection RCE Vulnerability in Trend Micro Control Manager 6.0 CGGIServlet SQL Injection RCE Vulnerability in Trend Micro Control Manager 6.0 Trend Micro Control Manager 6.0 Remote Code Execution Vulnerability Trend Micro Control Manager 6.0 SQL Injection Remote Code Execution Vulnerabilities Trend Micro Control Manager 6.0 SQL Injection Remote Code Execution Vulnerability Trend Micro Control Manager 6.0 Remote Code Execution Vulnerability User-Mode Hooking (UMH) Driver Vulnerability in Trend Micro Maximum Security 2018 Unauthenticated Access to Sensitive Log File in Trend Micro InterScan Messaging Security Virtual Appliance Memory Status Register Vulnerability in Intel Driver and Support Assistant User Mode Driver Bounds Check Vulnerability in Intel Graphics Driver 15.40.x.4 and 21.20.x.x: Local Denial of Service Exploit Insufficient Input Validation in Intel NUC Firmware Allows Privilege Escalation to SMM Variable Service Module Logic Issue Speculative Execution Side-Channel Vulnerability in Intel SGX Unauthenticated Network-based Key Extraction Vulnerability in Intel Active Management Technology Intel Optane Memory Module Information Disclosure Vulnerability Speculative Execution Side-Channel Vulnerability: Unauthorized Disclosure of L1 Data Cache Information Insufficient Input Validation in Intel Driver & Support Assistant Allows Information Disclosure via Adjacent Access Buffer Overflow Vulnerability in ETWS Processing Module of Intel XMM71xx, XMM72xx, XMM73xx, XMM74xx, and Sofia 3G/R: Remote Code Execution Side Channel Vulnerability in Edger8r Tool in Intel SGX SDK Arbitrary Code Execution Vulnerability in Intel Converged Security Management Engine 11.x Arbitrary Code Execution via Buffer Overflow in Intel Active Management Technology Buffer Overflow Vulnerability in Intel Active Management Technology Event Handler Local Administrator Exploit: Memory Corruption in Intel Active Management Technology Local Denial of Service Vulnerability in Intel Online Connect Access 1.9.22.0 NDIS Filter Driver Insufficient Input Validation in Intel Rapid Store Technology (RST) Installer: Privilege Escalation and Denial of Service Vulnerability Critical Privilege Escalation Vulnerability in Intel Remote Keyboard Speculative Store Bypass (SSB), Variant 4: Unauthorized Information Disclosure Vulnerability Rogue System Register Read (RSRE), Variant 3a: Unauthorized Disclosure of System Parameters via Speculative Execution Critical Vulnerability: Intel Remote Keyboard Allows Network Attackers to Inject Keystrokes as Local Users Power Management Controller Firmware Vulnerability in Intel Systems Critical Vulnerability: Local Attackers Can Inject Keystrokes in Intel Remote Keyboard Sessions Speculative Execution Side-Channel Vulnerability: Unauthorized Information Disclosure via L1 Data Cache DLL Injection Vulnerability in Intel Wireless Drivers: Privilege Escalation via Remote Code Execution Bypassing URI Sanitization in Bleach Module in INTEL Distribution for Python Vulnerability: Unauthorized Access to Platform Secrets via Debug Interfaces in Intel Xeon Processors Physical Access Vulnerability in Intel CSME, Intel Server Platform Services, and Intel Trusted Execution Engine Firmware Buffer Overflow Vulnerabilities in Intel AMT Firmware: Exploiting Privileged Execution Memory Leaks in Intel AMT Firmware: Potential Denial of Service Vulnerability Intel PTT Module Vulnerability: Information Disclosure via Physical Access Buffer Overflow Vulnerability in Intel System Configuration Utilities Selview.exe and Syscfg.exe Critical Privilege Escalation Vulnerability in Intel Saffron MemoryBase Intel Saffron MemoryBase Privilege Escalation Vulnerability Lazy FP State Restore Vulnerability Arbitrary Code Execution via Non-Paged Pool Overflow in Intel Smart Sound Technology Driver Incorrect File Permissions in IPDT Installation Tool: Arbitrary Code Execution and Privilege Escalation Vulnerability Unquoted Service Paths Vulnerability in Intel Processor Diagnostic Tool (IPDT) Remote Code Execution Vulnerability in Intel Centrino Wireless N and Intel Centrino Advanced N Adapters Buffer Overflow Vulnerability in Intel Smart Sound Technology Driver Module Intel Saffron Admin Application: Authenticated User Unauthorized Information Access Vulnerability Arbitrary Code Execution Vulnerability in Intel Smart Sound Technology Driver Remote Code Execution Vulnerability in Intel Data Center Manager SDK 5.0 and Earlier BMC Firmware Vulnerability: Unauthorized SMBUS Read/Write Access Unquoted Service Paths Vulnerability in Intel Quartus Prime (Versions 15.1 - 18.0) Unquoted Service Paths Vulnerability in Intel Quartus II (Versions 11.0 - 15.0) INTEL-SA-00086 Detection Tool Code Injection Vulnerability Unquoted Service Paths Vulnerability in Intel Quartus II Programmer and Tools (Versions 11.0 - 15.0) Unquoted Service Paths Vulnerability in Intel Quartus Prime Programmer and Tools (Versions 15.1 - 18.0) Denial of Service Vulnerability in Intel SGX AESM Daemon Timing Vulnerability in Intel Integrated Performance Primitives Cryptography Library Speculative Execution Vulnerability: Unauthorized Information Disclosure via Speculative Buffer Overflow and Side-Channel Analysis Intel RAID Web Console 3 for Windows Authentication Bypass Vulnerability Privilege Escalation via Improper Directory Permissions in Intel Media Server Studio Installer Privilege Escalation via Improper File Permissions in Intel Ready Mode Technology Installer Cross-Site Scripting Vulnerability in Intel RAID Web Console v3 for Windows Allows Privilege Escalation via Remote Access Privilege Escalation via Code Injection in Intel USB 3.0 eXtensible Host Controller Driver Installer Privilege Escalation Vulnerability in Intel(R) PROSet/Wireless WiFi Software Installer Privilege Escalation Vulnerability in ITE Tech* Consumer Infrared Driver Installer Improper Directory Permissions in Intel(R) SSD Data Center Tool Installer: Local Privilege Escalation Vulnerability Privilege Escalation via Improper Directory Permissions in Intel Parallel Studio Installer Improper Directory Permissions in Intel System Defense Utility Installer: Potential Denial of Service Vulnerability Insecure Temporary File Vulnerability in Gitlab Community and Enterprise Editions 10.3.3 Fastify Node Module Denial-of-Service Vulnerability Path Traversal Vulnerability in Serve Node Module (before 6.4.9) Allows Unauthorized Directory Access Path Traversal Vulnerability in angular-http-server Node Module Allows Unauthorized File Access Path Traversal Vulnerability in node-srv Node Module Allows Unauthorized File Access Path Traversal Vulnerability in Glance Node Module (before 3.0.4) Allows Unauthorized File Access Cross-Site Scripting (XSS) Vulnerability in simplehttpserver Node Module Cross-Site Scripting (XSS) Vulnerability in connect-node-module Vulnerability: Serve Node Module Allows Access to Ignored Files via URL Encoding Mixin-Deep Node Module Prototype Pollution Vulnerability Modification of Assumed-Immutable Data (MAID) vulnerability in assign-deep node module before 0.4.7 allows prototype modification of Object via __proto__ Lodash Node Module < 4.17.5: Modification of Assumed-Immutable Data (MAID) Vulnerability via defaultsDeep, merge, and mergeWith Functions Merge-deep Node Module MAID Vulnerability: Prototype Modification of Object MAID vulnerability in defaults-deep node module before 0.2.4 allows prototype modification of Object via __proto__ Path Traversal Vulnerability in general-file-server Node Module Allows Unauthorized File Access Path Traversal Vulnerability in Hekto Node Module Allows Unauthorized File Access Cross-Site Scripting (XSS) Vulnerability in crud-file-server Node Module Path Traversal Vulnerability in 626 Node Module Allows Unauthorized File Access Vulnerability: Modification of Assumed-Immutable Data (MAID) in hoek Node Module Path Traversal Vulnerability in localhost-now Node Module Allows Unauthorized File Access Path Traversal Vulnerability in mcstatic Node Module Allows Unauthorized File Access Path Traversal Vulnerability in Public Node Module Allows Unauthorized File Access Path Traversal Vulnerability in resolve-path Node Module (<=1.4.0) Allows Unauthorized File Access Path Traversal Vulnerability in crud-file-server Node Module (CVE-XXXX-XXXX) Path Traversal Vulnerability in Stattic Node Module Allows Unauthorized File Access Reflected XSS Vulnerability in bracket-template via GET Parameter SSHpk Vulnerability: Remote Denial of Service (ReDoS) via Crafted Invalid Public Keys Protobufjs: Crafted Invalid .proto File Parsing Vulnerability Improper Sanitization of 'auth' Parameter in https-proxy-agent Leads to DoS and Memory Leak Sanitize Gem for Ruby: Whitelisted HTML Element Attribute Vulnerability Possible XSS Vulnerability in rails-html-sanitizer Gem Open Redirect Vulnerability in Hekto <=0.2.3: Exploiting Target Domain Name as HTML Filename Path Traversal Vulnerability in html-pages Node Module Allows Unauthorized File Access Uninitialized Buffer Allocation Vulnerability in atob 2.0.3 and Earlier on Node.js 4.x and Below Command Injection Vulnerability in pdfinfojs NPM Module (<= 0.3.6) HTML Injection in File Names: Exploiting Public Node Module Versions <= 1.0.3 Stored XSS Vulnerability in Glance Node Module (<= 3.0.5) Allows Execution of Malicious JavaScript Prototype Manipulation Vulnerability in deap Node Module Prototype Pollution Vulnerability in deep-extend Node Module Prototype Pollution in merge-recursive Node Module (<= 0.3.0) Prototype Pollution Vulnerability in merge-options Node Module Prototype Pollution Vulnerability in merge-objects Node Module SQL Injection Vulnerability in Node.js third-party module query-mysql (versions 0.0.0 - 0.0.2) Stored XSS Vulnerability in sexstatic <=0.6.2: HTML Injection via Directory Name Transaction and Block Signature Verification Bypass in Hyperledger Iroha Unescaped String Parameter Vulnerability in pdf-image v2.0.0 Unrestricted File Upload Vulnerability in Express-Cart Module (RCE) Allows Privileged User Access Time-of-Check Time-of-Use (TOCTOU) Race Condition in private_address_check Ruby Gem Sprockets Information Leak Vulnerability Improper Authentication on Nextcloud Server OAuth2 Token Endpoint Improper Permission Checks in Nextcloud Server: Unauthorized Access to File Previews Stored XSS Vulnerability in Nextcloud Calendar Autocomplete Field Stored XSS Vulnerability in Nextcloud Contacts Autocomplete Field Path Traversal Vulnerability in Buttle Module Versions <= 0.2.0: Unauthorized File Access Buffer Allocation and Uninitialized Memory Vulnerability in memjs <= 1.1.0 Cross-Site Scripting (XSS) Vulnerability in Ruby Grape Gem via format Parameter Path Traversal Vulnerability in markdown-pdf <9.0.0 Allows Local File Reading XSS Vulnerability in statics-server <= 0.0.9 via Injected Iframe in Filename Arbitrary Command Execution in Deprecated `whereis` npm Module Stored Cross-Site Scripting Vulnerability in `metascrape` npm Module <= 3.9.2 URL parsing vulnerability in url-parse <1.4.3 allows for SSRF, Open Redirect, and Bypass Authentication Protocol. Authentication Bypass Vulnerability in Nextcloud Server prior to version 12.0.3 Audit Log Bypass Vulnerability in Nextcloud Server Arbitrary Parameter Injection Vulnerability in Restforce before 3.0.0 Improper Authorization Allows Unauthorized LWT Publication in aedes <0.35.0 Arbitrary Code Execution Vulnerability in Active Support Ruby Gem 5.2.0 Stored XSS Vulnerability in NextCloud Server <13.0.5: User-Generated Search Results Exploitation Stored XSS Vulnerability in NextCloud Talk <3.2.5 due to Missing Sanitization of Autocomplete Search Results Account Takeover Vulnerability in FlintCMS <= 1.1.9: Blind MongoDB Injection in Password Reset Arbitrary Code Execution Vulnerability in Cryo 0.0.6 Command Injection Vulnerability in git-dummy-commit v1.3.0: Unescaped Parameter Allows OS Command Execution Arbitrary Shell Command Execution Vulnerability in egg-scripts <v2.8.1 Path Traversal Vulnerability in simplehttpserver <v0.2.1: Unauthorized File Listing Directory Listing Information Exposure Vulnerability in Serve 6.5.3 Authentication Bypass Vulnerability in Oturia Smart Google Code Inserter Plugin for WordPress SQL Injection Vulnerability in Oturia Smart Google Code Inserter Plugin for WordPress Incorrect Access Control in getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166 Remote Code Execution via Image Upload in Craft CMS 2.6.3000 XIMSS Protocol Implementation Vulnerability Allows Email Spoofing Attack Sensitive Information Leakage in Logstash Versions 5.6.6 and 6.x before 6.1.2 Cross-Site Scripting (XSS) Vulnerability in Kibana Versions 5.1.1 to 6.1.2 and 5.6.6 via Colored Fields Formatter Open Redirect Vulnerability in Kibana Login Page Cross-Site Scripting (XSS) Vulnerability in Kibana Labs Visualizations Cross-Site Scripting (XSS) Vulnerability in Kibana Tag Cloud Visualization User Impersonation Vulnerability in X-Pack Security 6.2.0-6.2.2 Cross-Site Scripting (XSS) Vulnerability in X-Pack Machine Learning Versions before 6.2.4 and 5.6.9 Cross-Site Scripting (XSS) Vulnerability in X-Pack Machine Learning Predictable Master Encryption Key in Elastic Cloud Enterprise (ECE) Allows Unauthorized Access to Configuration Information Exposure of Access and Security Keys in Elasticsearch _snapshot API Elasticsearch Repository-Azure Plugin Vulnerability: Inadvertent Logging of Azure Credentials Information Exposure Vulnerability in Elastic Cloud Enterprise (ECE) Prior to 1.1.4 Unauthorized Access to Clusters via Invalid Roles Token in Elastic Cloud Enterprise (ECE) Versions Prior to 1.1.4 Cross-Site Scripting (XSS) Vulnerability in Kibana Versions 5.3.0 to 6.4.1 Information Disclosure Vulnerability in Elasticsearch Alerting and Monitoring Insteon Hub Firmware Update Vulnerability: Arbitrary MPFS Binary Upload and Unsigned Firmware Image Exploit Insteon Hub Firmware Downgrade Vulnerability Insteon Hub Firmware Upgrade Vulnerability PTEX Version 2.2 Out of Bounds Write Vulnerability Command Injection Vulnerability in Leptonica 1.74.4's gplotMakeOutput Function PCX Image Rendering Vulnerability in SDL2_image-2.0.2 Allows Information Disclosure XCF Image Rendering Heap Out-of-Bounds Read Vulnerability XCF Image Rendering Heap-Based Code Execution Vulnerability in SDL2_image Denial-of-Service Vulnerability in Pixar Renderman IT Display Service 21.6 (0x67) Denial-of-Service Vulnerability in Pixar Renderman IT Display Service 21.6 (0x69) Uninitialized Pointer Vulnerability in Foxit PDF Reader 9.0.1.1049 Type Confusion Vulnerability in Foxit PDF Reader 9.0.1.1049 Allows Memory Disclosure and Code Execution Use-after-free vulnerability in Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux allows for code execution via crafted DOCX document. Double Free Vulnerability in Hyland Perceptive Document Filters 11.4.0.2647 - Exploiting Crafted OpenDocument Document for Code Execution Stack-based Buffer Overflow in NASA CFITSIO 3.42: Arbitrary Code Execution via Crafted FIT Images CFITSIO Library Image Parsing Buffer Overflow Vulnerabilities Stack-based Buffer Overflow in NASA CFITSIO 3.42 Allows Arbitrary Code Execution Stack-based Buffer Overflow in NASA CFITSIO 3.42 Allows Arbitrary Code Execution Use-After-Free Vulnerability in Foxit PDF Reader 9.0.1.1049 Allows Arbitrary Code Execution Stack-based Buffer Overflow in Hyland Perceptive Document Filters 11.4.0.2647 - DOC-to-HTML Conversion Functionality Ocularis 5.5.0.242 Denial of Service Vulnerability Use-After-Free Vulnerability in Foxit PDF Reader 9.0.1.1049 Allows Arbitrary Code Execution Password Protection Bypass Vulnerability in Quicken Deluxe 2018 for Mac Double Free Vulnerability in Hyland Perceptive Document Filters 11.4.0.2647 - Exploiting Crafted OpenDocument Document for Code Execution Arbitrary Command Injection in Samsung SmartThings Hub STH-ETH-250 Firmware 0.20.17 Heap Overflow in TIFF Parsing Functionality of Canvas Draw 4.0.0 Heap Overflow in Canvas Draw TIFF Parsing Functionality (CVE-2020-XXXX) Out-of-Bounds Write Vulnerability in Canvas Draw 4.0.0 TIFF Parsing Functionality Out-of-Bounds Write Vulnerability in Canvas Draw 4.0.0 TIFF Parsing Functionality Arbitrary Code Execution via Out-of-Bounds Write in TIFF Image Processing Out-of-Bounds Write Vulnerability in TIFF Image Processing Buffer Overflow Vulnerability in Samsung SmartThings Hub STH-ETH-250 Firmware 0.20.17 Buffer Overflow Vulnerability in Samsung SmartThings Hub STH-ETH-250 Firmware 0.20.17 Buffer Overflow Vulnerability in Samsung SmartThings Hub STH-ETH-250 Firmware 0.20.17 Buffer Overflow Vulnerability in Samsung SmartThings Hub STH-ETH-250 Firmware 0.20.17 Stack-based Buffer Overflow in Samsung SmartThings Hub STH-ETH-250's samsungWifiScan Callback Notification Arbitrary Code Execution via Out-of-Bounds Write in TIFF Image Processing Canvas Draw 4.0.0 PCX Parsing Out-of-Bounds Write Vulnerability Canvas Draw 4.0.0 PCX Parsing Out-of-Bounds Write Vulnerability Buffer Overflow Vulnerability in Samsung SmartThings Hub STH-ETH-250 Firmware 0.20.17 Buffer Overflow Vulnerability in Samsung SmartThings Hub STH-ETH-250-Firmware 0.20.17 Buffer Overflow Vulnerability in Samsung SmartThings Hub STH-ETH-250-Firmware 0.20.17 Buffer Overflow Vulnerability in Samsung SmartThings Hub STH-ETH-250 Firmware 0.20.17 Buffer Overflow Vulnerability in Samsung SmartThings Hub STH-ETH-250 Firmware 0.20.17 Buffer Overflow Vulnerability in Samsung SmartThings Hub STH-ETH-250-Firmware 0.20.17 Buffer Overflow Vulnerabilities in Samsung SmartThings Hub STH-ETH-250 Devices JSON Injection Vulnerability in Samsung SmartThings Hub STH-ETH-250 Devices Stack-based Buffer Overflow in Samsung SmartThings Hub STH-ETH-250's 'find-by-cameraId' Functionality Unauthenticated XML External Injection Vulnerability in FocalScope v2416 SQL Injection Vulnerability in ERPNext v10.1.6 SQL Injection Vulnerability in ERPNext v10.1.6 SQL Injection Vulnerability in ERPNext v10.1.6 SQL Injection Vulnerability in ERPNext v10.1.6 Allows Data Compromise Memory Corruption Vulnerability in Computerinsel Photoline 20.53 PCX Parsing Functionality Memory Corruption Vulnerability in Computerinsel Photoline 20.53 PCX Parsing Functionality Memory Corruption Vulnerability in Computerinsel Photoline 20.53 PCX Parsing Functionality Arbitrary Code Execution via Specially Crafted PCX Image Firmware Update Logic Flaw and Command Injection Vulnerability in Yi Home Camera 27US 1.8.7.0D Firmware Downgrade Vulnerability in Yi Home Camera 27US 1.8.7.0D Firmware Downgrade Vulnerability in Yi Home Camera 27US 1.8.7.0D Allows Code Execution Buffer Overflow Vulnerability in Samsung SmartThings Hub STH-ETH-250 Firmware 0.20.17 Buffer Overflow Vulnerability in Samsung SmartThings Hub STH-ETH-250-Firmware 0.20.17 Buffer Overflow Vulnerability in Samsung SmartThings Hub STH-ETH-250 Firmware 0.20.17 Buffer Overflow Vulnerability in Samsung SmartThings Hub's /cameras/XXXX/clips Handler Buffer Overflow Vulnerability in Samsung SmartThings Hub's /cameras/XXXX/clips Handler Buffer Overflow Vulnerability in Yi Home Camera 27US 1.8.7.0D QR Code Scanning Functionality Buffer Overflow Vulnerability in Yi Home Camera 27US 1.8.7.0D QR Code Scanning Functionality QR Code Buffer Overflow Vulnerability in Yi Home Camera 27US 1.8.7.0D Buffer Overflow Vulnerability in Samsung SmartThings Hub STH-ETH-250 Camera Replace Feature Buffer Overflow Vulnerability in Samsung SmartThings Hub STH-ETH-250 Firmware 0.20.17 Buffer Overflow Vulnerability in Samsung SmartThings Hub STH-ETH-250 Firmware 0.20.17 Buffer Overflow Vulnerability in Samsung SmartThings Hub STH-ETH-250 Camera Create Feature Stack-based Buffer Overflow in Samsung SmartThings Hub's Video-Core HTTP Server Vulnerability: HTTP Request Overwrite in Samsung SmartThings Hub STH-ETH-250 Firmware 0.20.17 REST Parser Vulnerability in Samsung SmartThings Hub STH-ETH-250-Firmware 0.20.17 HTTP Request Method Overwrite Vulnerability in Samsung SmartThings Hub STH-ETH-250 Firmware 0.20.17 Code Execution Vulnerability in Yi Home Camera 27US 1.8.7.0D via Crafted SSID HTTP Header Injection Vulnerability in Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17 Buffer Overflow Vulnerability in Samsung SmartThings Hub STH-ETH-250 Firmware 0.20.17 Stack-based Buffer Overflow in Samsung SmartThings Hub STH-ETH-250 Firmware 0.20.17 Stack-based Buffer Overflow in Samsung SmartThings Hub STH-ETH-250 Firmware 0.20.17 Stack-based Buffer Overflow in Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17 Stack-based Buffer Overflow in Samsung SmartThings Hub STH-ETH-250 Firmware 0.20.17 Buffer Overflow Vulnerability in Samsung SmartThings Hub STH-ETH-250 Firmware 0.20.17 Arbitrary Deletion of Cameras in Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17 Stack-based Buffer Overflow in Samsung SmartThings Hub STH-ETH-250 Video-Core HTTP Server Firmware Update Code Execution Vulnerability in Yi Home Camera 27US 1.8.7.0D Stack Overflow Vulnerability in Computerinsel Photoline 20.54 PSD Parsing Functionality Stack Overflow Vulnerability in Computerinsel Photoline 20.54 ANI Parsing Functionality Memory Corruption Vulnerability in Computerinsel Photoline 20.54 PCX Parsing Functionality Use-after-free vulnerability in Foxit PDF Reader allows arbitrary code execution Buffer Overflow Vulnerability in Samsung SmartThings Hub STH-ETH-250 Devices Integer Underflow Vulnerability in Samsung SmartThings Hub STH-ETH-250 Firmware 0.20.17 Insecure HTTPS Connection in Samsung SmartThings Hub STH-ETH-250 Allows Information Disclosure Firmware Update Denial of Service Vulnerability in Yi Home Camera 27US 1.8.7.0D Heap Corruption Vulnerability in Antenna House Office Server Document Converter Out-of-Bounds Write Remote Code Execution in Antenna House Office Server Document Converter Remote Code Execution via Crafted Microsoft Word Document in Antenna House Office Server Document Converter Stack-based Buffer Overflow in Antenna House Office Server Document Converter Out-of-Bounds Write Vulnerability in Antenna House Office Server Document Converter Firmware Update Authentication Bypass Vulnerability in Yi Home Camera 27US 1.8.7.0D UDP Network Functionality Denial of Service Vulnerability in Yi Home Camera 27US 1.8.7.0D Remote Code Execution Vulnerability in Antenna House Office Server Document Converter v6.1 Pro MR2 for Linux64 Command Injection Vulnerability in Sony IPELA E Series Network Camera G5 Firmware 1.87.00 Stack-based Buffer Overflow in Sony IPELA E Series Camera G5 Firmware 1.87.00 Use-After-Free Vulnerability in Foxit PDF Reader 9.1.0.5096 Use-After-Free Vulnerability in Foxit PDF Reader 9.1.0.5096 Use-After-Free Vulnerability in Foxit PDF Reader 9.1.0.5096 Allows Arbitrary Code Execution Use-After-Free Vulnerability in Foxit PDF Reader 9.1.0.5096 Allows Arbitrary Code Execution Use-After-Free Vulnerability in Foxit PDF Reader 9.1.0.5096 Use-After-Free Vulnerability in Foxit PDF Reader 9.1.0.5096 Use-After-Free Vulnerability in Foxit PDF Reader 9.1.0.5096 Allows Arbitrary Code Execution Use-After-Free Vulnerability in Foxit PDF Reader 9.1.0.5096 Allows Arbitrary Code Execution Phone-to-Camera Information Disclosure Vulnerability in Yi Home Camera 27US 1.8.7.0D TP-Link TL-R600VPN HTTP Server Denial-of-Service Vulnerability TP-Link TL-R600VPN HTTP Server Directory Traversal Information Disclosure Vulnerability Remote Code Execution Vulnerability in TP-Link TL-R600VPN HTTP Server TP-Link TL-R600VPN HTTP Server Remote Code Execution Vulnerability Privilege Escalation via Specially Crafted Configuration File in NordVPN 6.14.28.0 OS Command Injection Vulnerability in Linksys ESeries Routers OS Command Injection Vulnerability in Linksys ESeries Routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) Operating System Command Injection in Linksys ESeries Routers Out-of-Bounds Read Vulnerability in Foxit PDF Reader 9.1.0.5096 Use-After-Free Vulnerability in Foxit PDF Reader 9.1.0.5096 Use-After-Free Vulnerability in Foxit PDF Reader 9.1.0.5096 Use-After-Free Vulnerability in Foxit PDF Reader 9.1.0.5096 Use-After-Free Vulnerability in Foxit PDF Reader 9.1.0.5096 Use-After-Free Vulnerability in Foxit PDF Reader 9.1.0.5096 Use-After-Free Vulnerability in Foxit PDF Reader 9.1.0.5096 Command Injection Vulnerability in CUJO Smart Firewall's DHCP Daemon Configuration Use-after-free vulnerability in Foxit PDF Reader 9.1.0.5096 allows arbitrary code execution Use-after-free vulnerability in Foxit PDF Reader 9.1.0.5096 allows arbitrary code execution Use-after-free vulnerability in Foxit PDF Reader 9.1.0.5096 allows arbitrary code execution Use-after-free vulnerability in Foxit PDF Reader 9.1.0.5096 allows arbitrary code execution Bypassing Verified Boot Protection in Das U-Boot: Execution of Unsigned Kernel Persistent Command Injection in CUJO Smart Firewall's Verified Boot Protection Memory Disclosure Vulnerability in Sophos HitmanPro.Alert 3.7.6.744 Arbitrary Write Vulnerability in Sophos HitmanPro.Alert 3.7.6.744 Levin Deserialization Logic Flaw Allows Code Execution in Monero 'Lithium Luna' and Other Cryptocurrencies Out of Bounds Write Vulnerability in Canvas Draw 5.0.0 Allows Arbitrary Data Overwrite GOG Galaxy Local Privilege Elevation Vulnerability Uninitialized Variable Vulnerability in Atlantis Word Processor 3.2.6 CALS Raster File Format Parsing Out-of-Bounds Write Vulnerability in Canvas Draw 5.0.0.28 Heap Overflow Vulnerability in SDL2_image-2.0.3 XCF Image Rendering Atlantis Word Processor 3.0.2.3, 3.0.2.5 Out-of-Bounds Write Vulnerability Title: Remote Denial-of-Service Vulnerability in Nouveau Display Driver Allows Attackers to Crash Systems via Specially Crafted Pixel Shader Canvas Draw 5.0.0 TIFF Image Processing Out-of-Bounds Write Vulnerability Out-of-Bounds Write Vulnerability in Canvas Draw 5.0.0 TIFF Parsing Arbitrary Write Vulnerability in Atlantis Word Processor 3.0.2.3 and 3.0.2.5 Uninitialized Pointer Vulnerability in Atlantis Word Processor's Document Parser Uninitialized Length Vulnerability in Atlantis Word Processor 3.0.2.3 and 3.0.2.5 Double Free Vulnerability in CUJO Smart Firewall's mdnscap Binary Persistent Photo Storage Vulnerability in Telegram Secret Chats Information Disclosure Vulnerability in Rakuten Viber's 'Secret Chats' Feature on Android 9.3.0.6 Vulnerability: Signal Messenger for Android 4.24.8 Exposes Private Photos in Cache Directory Kernel Memory Disclosure Vulnerability in WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400) WibuKey.sys Version 6.40 (Build 2400) IOCTL Handler Buffer Overflow Vulnerability Heap Overflow Vulnerability in WibuKey Network Server Management (Version 6.40.2402.500) Allows Remote Code Execution Use-After-Free Vulnerability in Foxit PDF Reader 9.2.0.9297 Allows Arbitrary Code Execution Use-After-Free Vulnerability in Foxit PDF Reader 9.2.0.9297 Use-After-Free Vulnerability in Foxit PDF Reader 9.2.0.9297 Use-After-Free Vulnerability in Foxit PDF Reader 9.2.0.9297 Use-After-Free Vulnerability in Foxit PDF Reader 9.2.0.9297 Use-After-Free Vulnerability in Foxit PDF Reader 9.2.0.9297 Allows Arbitrary Code Execution Heap-based Buffer Overflow in Atlantis Word Processor 3.2.5.0 via Crafted Image Stack-based Buffer Overflow in Atlantis Word Processor JPEG Parser Double-Free Vulnerability in Atlantis Word Processor 3.2.5.0 Office Open XML Parser Uninitialized Pointer Vulnerability in Atlantis Word Processor 3.2.5.0 Denial-of-Service Vulnerability in CUJO Smart Firewall's mdnscap Binary Heap Overflow Vulnerability in CUJO Smart Firewall Firmware 7003 Privilege Escalation Vulnerability in Shimo VPN 4.1.5.1 Helper Service Privilege Escalation Vulnerability in Shimo VPN 4.1.5.1 Helper Service Privilege Escalation Vulnerability in Shimo VPN 4.1.5.1 Helper Service Privilege Escalation Vulnerability in Shimo VPN 4.1.5.1 Helper Service Privilege Escalation Vulnerability in Shimo VPN 4.1.5.1 Helper Service Privilege Escalation Vulnerability in Shimo VPN Helper Service Privilege Escalation via Specially Crafted Configuration File in ProtonVPN VPN Client 1.5.1 Integer Underflow Vulnerability in CUJO Smart Firewall (Version 7003) Allows Remote Crash Buffer Overflow Vulnerability in Webroot BrightCloud SDK's HTTP Header-Parsing Function Stack-based Buffer Overflow in LIVE555 RTSP Server Library (Version 0.92) Allows Remote Code Execution Stack-based Buffer Overflow in Roav A1 Dashcam Wi-Fi Command 9999 Insecure TLS Certificate Validation in Webroot BrightCloud SDK Roav A1 Dashcam URL Parsing Function Stack-Based Buffer Overflow Vulnerability Default Credentials Vulnerability in Roav A1 Dashcam Wi-Fi Access Point Firmware Update Vulnerability in Anker Roav A1 Dashcam (RoavA1SWV1.9) Command Injection Vulnerability in Netgate pfSense CE 2.4.4-RELEASE Command Injection Vulnerability in Netgate pfSense CE 2.4.4-RELEASE Command Injection Vulnerability in Netgate pfSense CE 2.4.4-RELEASE Use-After-Free Vulnerability in MKVToolNix MKVINFO v25.0.0 Allows Arbitrary Code Execution Stack-based Buffer Overflow in XML_UploadFile Wi-Fi Command of Anker Roav A1 Dashcam Firmware Denial-of-Service Vulnerability in Anker Roav A1 Dashcam Firmware Denial-of-Service Vulnerability in Anker Roav A1 Dashcam Firmware Denial-of-Service Vulnerability in Anker Roav A1 Dashcam Firmware Denial-of-Service Vulnerability in Anker Roav A1 Dashcam Firmware Firmware Update Vulnerability in Anker Roav A1 Dashcam (RoavA1SWV1.9) Allows Denial of Service Code Execution Vulnerability in Anker Roav A1 Dashcam Firmware CUJO Smart Firewall Version 7003: Safe Browsing Function Host Header Extraction Vulnerability Arbitrary Lua Script Execution in CUJO Smart Firewall (Version 7003) via Safe Browsing Function Privilege Escalation Vulnerability in CleanMyMac X Software Allows Unauthorized File System Modifications Privilege Escalation Vulnerability in CleanMyMac X Software Allows Unauthorized File System Modifications Privilege Escalation Vulnerability in CleanMyMac X Software Allows Unauthorized File System Modifications Privilege Escalation Vulnerability in CleanMyMac X Software Allows Unauthorized File System Modifications Privilege Escalation Vulnerability in CleanMyMac X Allows Unauthorized Kernel Extension Modification Privilege Escalation Vulnerability in CleanMyMac X Software Allows Unauthorized File System Modifications Arbitrary Write Vulnerability in Atlantis Word Processor 3.2.7.2 Out-of-Bounds Write Vulnerability in Atlantis Word Processor 3.2.7.2 Uninitialized Pointer Vulnerability in Atlantis Word Processor 3.2.7.2 Privilege Escalation Vulnerability in Clean My Mac X 4.04 Helper Service Privilege Escalation Vulnerability in Clean My Mac X 4.04 Helper Service Privilege Escalation Vulnerability in Clean My Mac X Helper Service (Version 4.04) Allows Unauthorized File System Modifications Privilege Escalation Vulnerability in Clean My Mac X 4.04 Helper Service Privilege Escalation Vulnerability in Clean My Mac X 4.04 Helper Service Local Privilege Escalation Vulnerability in Clean My Mac X Helper Service Privilege Escalation Vulnerability in Clean My Mac X 4.04 Helper Service Local Privilege Elevation Vulnerability in GOG Galaxy 1.2.48.36 Local Privilege Elevation Vulnerability in GOG Galaxy's Games Directory GOG Galaxy Games Privileged Helper Tool Local Privilege Escalation Vulnerability GOG Galaxy Games Privileged Helper Tool Local Privilege Escalation Vulnerability Privileged Helper Tool Information Leak Vulnerability in GOG Galaxy Games for macOS GOG Galaxy's Games Privileged Helper Tool Local Denial-of-Service Vulnerability Local Privilege Escalation Vulnerability in Pixar Renderman for Mac OS X Local Privilege Escalation Vulnerability in Pixar Renderman for Mac OS X (Version 22.2.0) SQL Injection Vulnerability in coTURN Administrator Web Portal Unsafe Default Configuration Vulnerability in coTURN Server Allows Unauthorized Access to Private Services Unsafe Default Configuration Vulnerability in coTURN Server Command Injection Vulnerability in Sierra Wireless AirLink ES450 FW 4.9.3 Hard-coded Credentials Vulnerability in Sierra Wireless AirLink ES450 FW 4.9.3 Remote Code Execution Vulnerability in Sierra Wireless AirLink ES450 FW 4.9.3 Upload.cgi Functionality Unverified Password Change Vulnerability in Sierra Wireless AirLink ES450 FW 4.9.3 Cross-Site Scripting (XSS) Vulnerability in Sierra Wireless AirLink ES450 FW 4.9.3 Cross-Site Request Forgery Vulnerability in Sierra Wireless AirLink ES450 FW 4.9.3 ACEManager template_load.cgi Information Disclosure Vulnerability Default Configuration Disclosure in Sierra Wireless AirLink ES450 FW 4.9.3 Plaintext XML Information Disclosure Vulnerability in Sierra Wireless AirLink ES450 FW 4.9.3 Information Disclosure Vulnerability in Sierra Wireless AirLink ES450 FW 4.9.3 Information Disclosure Vulnerability in Sierra Wireless AirLink ES450 FW 4.9.3 ACEManager EmbeddedAceSet_Task.cgi Permission Assignment Vulnerability Arbitrary Setting Writes Vulnerability in Sierra Wireless AirLink ES450 FW 4.9.3 Arbitrary Code Execution and Denial of Service Vulnerability in Apple Kernel Vulnerability in macOS Touch Bar Support Component Allows Arbitrary Code Execution Memory-read bypass vulnerability in macOS Wi-Fi component Remote Code Execution Vulnerability in QuartzCore Component Certificate Validation Spoofing Vulnerability Vulnerability in Core Bluetooth Component Allows Arbitrary Code Execution or Denial of Service Arbitrary Code Execution and Denial of Service Vulnerability in Apple Products Remote Code Execution Vulnerability in Apple WebKit Memory-read bypass vulnerability in Apple Kernel component Bypassing Sandbox Protection Mechanism in macOS Race condition vulnerability allows memory-read bypass in Apple products Memory-read bypass vulnerability in Apple Kernel component Arbitrary Code Execution and Denial of Service Vulnerability in Apple Audio Component Vulnerability in Core Bluetooth Component Allows Arbitrary Code Execution or Denial of Service Arbitrary Code Execution and Denial of Service Vulnerability in Apple Products Arbitrary Code Execution Vulnerability in macOS Kernel Arbitrary Code Execution and Denial of Service Vulnerability in macOS IOHIDFamily Component Denial of Service Vulnerability in Apple LinkPresentation Component Arbitrary Code Execution and Denial of Service Vulnerability in Apple Products Address Bar Spoofing Vulnerability in Safari Memory-read bypass vulnerability in Apple Kernel component APFS Volume Password Truncation Vulnerability Arbitrary Command Injection Vulnerability in macOS Terminal's Bracketed Paste Mode PDFKit URL Bypass Vulnerability APFS Volume Password Truncation Vulnerability Arbitrary Code Execution and Denial of Service Vulnerability in Apple Graphics Driver Cookie Persistence Bypass Vulnerability in iOS Web App Component Vulnerability: S/MIME Encryption Bypass in macOS Mail Component Symlink Mishandling Vulnerability in macOS ATS Component JavaScriptCore Array Indexing Assertion Failure Vulnerability Remote Code Execution Vulnerability in Apple Products Vulnerability: Bypassing Access Restrictions in CFPreferences Address Bar Spoofing Vulnerability in Safari Remote Code Execution Vulnerability in Apple Products Arbitrary Code Execution and Denial of Service Vulnerability in Apple Products Arbitrary Code Execution and Denial of Service Vulnerability in Apple Products Arbitrary Code Execution and Denial of Service Vulnerability in Apple Products Remote Code Execution Vulnerability in Apple Products Arbitrary Code Execution and Denial of Service Vulnerability in Apple Products iTunes Email Address Disclosure Vulnerability in Apple iOS Clock Component Apple CoreText Telugu Character Denial of Service Vulnerability Remote Code Execution Vulnerability in Apple Products Memory Corruption Vulnerability Patched in Multiple Apple Products Arbitrary Code Execution and Denial of Service Vulnerability in Apple Products Arbitrary Code Execution and Denial of Service Vulnerability in Apple Products Remote Code Execution Vulnerability in Apple Products Arbitrary Code Execution and Denial of Service Vulnerability in Apple Products Vulnerability: Keystroke Logging via WindowServer Component Vulnerability in Intel Graphics Driver Allows Arbitrary Code Execution in macOS Safari XSS Vulnerability in WebKit Component Remote User Interface Spoofing Vulnerability in Safari Arbitrary Code Execution and Denial of Service Vulnerability in macOS IOFireWireFamily Component Arbitrary Code Execution and Denial of Service Vulnerability in macOS Kernel Safari Login AutoFill Remote Data Reading Vulnerability Vulnerability: Memory-read Bypass in NVIDIA Graphics Drivers on macOS Arbitrary Code Execution and Denial of Service Vulnerability in macOS kext tools Component Denial of Service Vulnerability in iOS Telephony Component Vulnerability: Memory-read Bypass in Intel Graphics Driver on macOS Denial of Service Vulnerability in CoreText Component Arbitrary Code Execution and Denial of Service Vulnerability in Apple Kernel Buffer Overflow Vulnerability in Apple Products Memory Corruption Vulnerabilities Patched in iOS 11.3 and Other Apple Products Memory Corruption Vulnerability in Apple Products Multiple Memory Corruption Vulnerabilities in Apple Software Buffer Overflow Vulnerability in iOS Telephony Component Allows Remote Code Execution Remote User Interface Spoofing Vulnerability in SafariViewController Arbitrary Code Execution and Denial of Service Vulnerability in Apple Kernel Race Condition Vulnerability in iCloud Drive Component Allows Arbitrary Code Execution Race Condition Vulnerability in macOS Notes Component Improved Validation Addresses Injection Issue in macOS Versions Prior to Mojave 10.14 Race Condition Vulnerability in Apple Storage Component Allows Arbitrary Code Execution Race Condition Vulnerability in CoreFoundation Component Allows Arbitrary Code Execution Race Condition Vulnerability in PluginKit Allows Arbitrary Code Execution Race Condition Vulnerability in Quick Look Component Allows Arbitrary Code Execution Race Condition Vulnerability in CoreFoundation Component Allows Arbitrary Code Execution Memory-read bypass vulnerability in macOS Graphics Drivers Arbitrary Code Execution and Denial of Service Vulnerability in macOS Kernel Arbitrary Code Execution and Denial of Service Vulnerability in Apple Products Remote Code Execution Vulnerability in Apple Products Remote Code Execution Vulnerability in Apple Products Unspecified Vulnerability in LLVM Component of Xcode Arbitrary Code Execution and Denial of Service Vulnerability in Apple Products Race Condition Vulnerability in NSURLSession Component Allows Arbitrary Code Execution Race Condition Vulnerability in File System Events Component iOS Files Widget Information Disclosure Vulnerability Out-of-Bounds Read Vulnerability in macOS High Sierra and Earlier Versions Local Password Discovery Vulnerability in macOS Admin Framework Information Disclosure Vulnerability in macOS Bluetooth Component Vulnerability: Bypassing iCloud Password Requirement in Find My iPhone Feature Invisible Microphone Access Vulnerability in Apple iOS and macOS Inconsistent User Interface in Apple Mail Allows Reading of S/MIME Encrypted Messages Code-Signing Bypass Vulnerability in macOS LaunchServices Vulnerability: App Launch Triggered by Crafted Disk Image in macOS Improper Execute Permission Granting Vulnerability Smartcard PIN Handling Vulnerability in macOS High Sierra Improper Access Restrictions in CUPS on macOS High Sierra Improper Access Restrictions in CUPS on macOS High Sierra Access Issue with CUPS Sandbox Restrictions in macOS High Sierra macOS High Sierra Access Issue with Sandbox Restrictions Vulnerability: Sandbox Bypass in macOS Speech Component Allows Unauthorized Microphone Access Improved State Handling in Apple Operating Systems Information Leakage in Safari Private Browsing Downloads Remote UI Spoofing Vulnerability in Apple LinkPresentation Component Address Bar Spoofing Vulnerability in Apple Products Memory Corruption Vulnerability in Apple Operating Systems Remote Code Execution via CSS Mask-Image Fetch in Apple Products Memory Corruption Vulnerability in Older Apple Software Versions Race condition vulnerability in WebKit allows remote code execution Privilege Escalation and Denial of Service Vulnerability in macOS Windows Server Component Out-of-bounds read vulnerability addressed in iOS, iCloud for Windows, watchOS, iTunes, and macOS High Sierra Inconsistent User Interface Issue Resolved with Enhanced State Management in Safari 12 Arbitrary Code Execution and Information Disclosure Vulnerability in macOS Accessibility Framework Use After Free Vulnerability Patched in Multiple Apple Products Denial of Service Vulnerability in Apple Products via Crafted Text File Arbitrary Code Execution and Denial of Service Vulnerability in Apple Products WebKit Use-After-Free Remote Code Execution Vulnerability Arbitrary Code Execution and Denial of Service Vulnerability in Apple Products Vulnerability: Password Prompt Spoofing in iBooks Component Improved Bounds Checking for Out-of-Bounds Read Vulnerability Arbitrary Code Execution and Denial of Service Vulnerability in Apple Products Address Bar Spoofing Vulnerability in Safari Arbitrary Code Execution and Denial of Service Vulnerability in Apple's Crash Reporter Component ASSERT failure vulnerability in iOS, Safari, iCloud, tvOS, watchOS, and iTunes ASSERT failure vulnerability in iOS, Safari, iCloud, tvOS, watchOS, and iTunes ASSERT failure vulnerability in iOS, Safari, iCloud, tvOS, watchOS, and iTunes Array Indexing Issue in JavaScript Core FontParser Remote Code Execution Vulnerability ASSERT failure vulnerability in iOS, Safari, iCloud, tvOS, watchOS, and iTunes ASSERT failure vulnerability in iOS, Safari, iCloud, tvOS, watchOS, and iTunes WebKit Memory Corruption Vulnerability Buffer Overflow Vulnerability in iOS Bluetooth Component Improper Handling of Call URLs in iOS Versions Prior to 11.4.1 Improved Indexing for Open Directory Records in macOS High Sierra 10.13.5 WebKit Use-After-Free Remote Code Execution Vulnerability Privilege Escalation Vulnerability in macOS ATS Component Arbitrary Code Execution Vulnerability in Swift for Ubuntu S/MIME Client Certificate Tracking Vulnerability Remote Code Execution Vulnerability in Apple WebKit Component Local User Account Identifier Bypass Vulnerability Local Bypass of Persistent Device Identifier Restrictions in Apple Products Local Privilege Escalation Vulnerability in Apple Products Local User Information Disclosure Vulnerability S/MIME Encryption Vulnerability in Apple Mail Component Privilege Escalation Vulnerability in macOS IOFireWireAVC Component Sandbox Bypass Vulnerability in macOS Grand Central Dispatch Race condition vulnerability in NVIDIA Graphics Drivers in macOS before 10.13.5 allows for arbitrary code execution in privileged context Remote Cookie Overwrite Vulnerability in Apple Products Arbitrary Code Execution and Denial of Service Vulnerability in Apple Products Arbitrary Code Execution and Denial of Service Vulnerability in macOS IOHIDFamily Component Local Impersonation Attack Vulnerability in Apple Messages Component Arbitrary Code Execution and Denial of Service Vulnerability in macOS IOGraphics Component Privilege Escalation Vulnerability in Apple Products via libxpc Component Lock-screen Bypass Vulnerability in iOS Siri Lock-Screen Bypass Vulnerability in iOS Magnifier Component Denial of Service Vulnerability in Apple Messages Component Buffer Overflow Vulnerability in Kernel Component Allows Arbitrary Code Execution Vulnerability in macOS Hypervisor Component Allows Arbitrary Code Execution Buffer Overflow Vulnerability in Kernel Component Allows Arbitrary Code Execution Siri Contacts Privacy Disclosure Vulnerability Type Confusion Vulnerability in Apple WebKit Component Denial of Service Vulnerability in Safari Component Improper Input Validation Leads to Out-of-Bounds Read Vulnerability Arbitrary Code Execution and Denial of Service Vulnerability in Apple Products Denial of Service Vulnerability in iOS Messages Component EFI Flash-Memory Region Modification Vulnerability in macOS Lock-Screen Bypass Vulnerability in Siri on iOS before 11.4 Vulnerability in macOS AMD Component Allows Memory-Read Bypass and Denial of Service Kernel Input Validation Issue in macOS High Sierra Improved Input Validation for Out-of-Bounds Read in macOS High Sierra before 10.13.5 Improved Input Validation for Out-of-Bounds Read in macOS High Sierra before 10.13.5 Buffer Overflow Vulnerability in macOS High Sierra Buffer Overflow Vulnerability in macOS High Sierra Memory Corruption Vulnerabilities in macOS High Sierra 10.13.6 and Earlier Versions Inconsistent User Interface Issue Resolved with Enhanced State Management Memory Corruption Vulnerabilities Patched in iOS, tvOS, Safari, iTunes, and iCloud Multiple Memory Corruption Vulnerabilities in Apple Software Memory Corruption Vulnerabilities Patched in iOS, tvOS, Safari, iTunes, and iCloud Memory Corruption Vulnerabilities Patched in Multiple Apple Products Memory Corruption Vulnerabilities Patched in iOS, tvOS, Safari, iTunes, and iCloud Race Condition Vulnerability Patched in Multiple Apple Products Memory Corruption Vulnerabilities Patched in iOS, tvOS, Safari, iTunes, and iCloud Memory Corruption Vulnerability in macOS High Sierra 10.13.6 and Earlier Versions Memory Corruption Vulnerability in Multiple Apple Products Memory Corruption Vulnerability in Multiple Apple Products Memory Corruption Vulnerabilities in Multiple Apple Products Memory Corruption Vulnerabilities Patched in Multiple Apple Products Memory Corruption Vulnerabilities in Multiple Apple Products URL Spoofing Vulnerability in iOS and Safari Memory Corruption Vulnerability in iOS Versions Prior to 11.4.1 Null Pointer Dereference Vulnerability Patched in macOS High Sierra 10.13.6 URL Spoofing Vulnerability in Apple Devices Cross-Origin Audio Exfiltration Vulnerability Inconsistent User Interface Issue in Safari Versions Prior to 11.1.2 Memory Corruption Vulnerability in iOS, macOS, tvOS, and watchOS Prior to 11.4.1 Buffer Overflow Vulnerability in SwiftNIO (<= 1.8.0) with Improved Size Validation Kernel Memory Disclosure Vulnerability in iOS, tvOS, and watchOS Kernel Memory Disclosure Vulnerability in macOS High Sierra 10.13.6 and Earlier Type Confusion Vulnerability Patched in Multiple Apple Products Improved Memory Handling to Address Type Confusion Vulnerability Memory Corruption Vulnerabilities in macOS High Sierra 10.13.6 and Earlier Versions Memory Corruption Vulnerabilities in macOS High Sierra 10.13.6 and Earlier Versions Memory Corruption Vulnerabilities in macOS High Sierra 10.13.6 and Earlier Versions Information Disclosure Vulnerability Patched in macOS High Sierra 10.13.6 Improved Memory Handling to Address Denial of Service Vulnerability Memory Corruption Vulnerabilities in macOS High Sierra 10.13.6 and Earlier Versions Cookie Management Vulnerability Patched in Multiple Apple Products Improved Input Validation in macOS Mojave 10.14 DiskArbitration Permissions Issue in macOS Mojave 10.14 Permissions Issue in macOS Remote Management Memory Corruption Vulnerabilities Patched in Multiple Apple Products Session Cookie Vulnerability in CUPS Web Interface Null Pointer Dereference Vulnerability Patched in macOS High Sierra, iCloud for Windows, watchOS, iOS, and iTunes Improved Input Validation for Pre-Mojave Versions: Addressing an Input Validation Issue Improved Validation Fixes Denial of Service Vulnerability in iOS, macOS, tvOS, and watchOS Improved Input Validation in iOS 12, tvOS 12, and watchOS 5 Addresses Vulnerability Use After Free Vulnerability Patched in Multiple Apple Products Improved State Management for Logic Issue in iOS 12 and Safari 12 Improved Bounds Checking for Out-of-Bounds Read Vulnerability in macOS Mojave 10.14 Cross-Site Scripting Vulnerability in Safari Prior to iOS 12 and Safari 12 Sandbox Restriction Vulnerability in iOS and macOS Prior to iOS 12 and macOS Mojave 10.14 Origin Information Leak Vulnerability Use After Free Vulnerability Patched in Multiple Apple Products Inconsistent Handling of Application Snapshots in iOS, tvOS, and watchOS Versions Prior to 12/5 Use After Free Vulnerability Patched in Multiple Apple Products Use After Free Vulnerability Patched in Multiple Apple Products Improved State Management Addresses Memory Corruption Vulnerability Use After Free Vulnerability Patched in Multiple Apple Products Use After Free Vulnerability Patched in Multiple Apple Products Cross-Origin Vulnerability in iframe Elements Improper Entitlement Validation in Pre-iOS 12, macOS Mojave 10.14, and tvOS 12 Versions Improved Entitlements in iOS 12: Addressing a Pre-existing Vulnerability Memory Corruption Vulnerabilities Patched in iOS 12, tvOS 12, Safari 12, iTunes 12.9, and iCloud for Windows 7.7 Apple ID Permissions Vulnerability Logic Issue Patched: Enhanced Restrictions in iOS 12 Improved Memory Handling in iOS 12 and macOS Mojave 10.14 Addresses Memory Corruption Vulnerability Memory Corruption Vulnerability in iOS Versions Prior to 11.4.1 Memory Corruption Vulnerabilities Patched in iOS 12, tvOS 12, Safari 12, iTunes 12.9, and iCloud for Windows 7.7 Vulnerability: Incomplete History Item Clearing in iOS 12 and Safari 12 Memory Corruption Vulnerability in iOS Pre-11.4: Improved Memory Handling Improved Memory Handling in iOS, macOS, tvOS, and watchOS: Addressing Memory Corruption Vulnerability Improved Memory Handling in iOS, macOS, tvOS, and watchOS: Addressing Memory Corruption Vulnerability Improved Input Sanitization for Validation Issue in iOS 12 and macOS Mojave 10.14 Improved Memory Handling in macOS Mojave 10.14 Addresses Memory Corruption Vulnerability Improved Input Sanitization in iOS 12: Addressing a Validation Issue Improved Memory Handling in iOS, macOS, tvOS, and watchOS: Addressing Memory Corruption Vulnerability Improved Memory Handling in iOS, macOS, tvOS, and watchOS: Addressing Memory Corruption Vulnerability Improved Input Sanitization in macOS Mojave 10.14 Persistent Device Identifier Disclosure Vulnerability Improved Memory Handling in iOS, macOS, tvOS, and watchOS: Addressing Memory Corruption Vulnerability Improved Memory Handling in iOS, macOS, tvOS, and watchOS: Addressing Memory Corruption Vulnerability Configuration Issue in macOS Prior to Mojave 10.14.1 Allows Unauthorized Access Improved Memory Handling in iOS, macOS, tvOS, and watchOS: Addressing Memory Corruption Vulnerability Improved Memory Handling in iOS, macOS, tvOS, and watchOS: Addressing Memory Corruption Vulnerability Cross-Site Scripting Vulnerability in Safari Prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7 Local File Access Vulnerability in macOS Versions Prior to Mojave 10.14 Use After Free Vulnerability Patched in Apple Devices Improved Logic for Validation Issue in macOS Versions Prior to Mojave 10.14 Memory Corruption Vulnerability in macOS Mojave 10.14 and Earlier Versions Memory Initialization Issue in macOS Versions Prior to Mojave 10.14 Inconsistent Handling of Application Snapshots in iOS Versions Prior to iOS 12 Configuration Issue in Pre-Mojave macOS Versions: Addressed with Enhanced Restrictions Improved Memory Handling in iOS, macOS, tvOS, and watchOS: Addressing Memory Corruption Vulnerability Configuration Issue Patched: Vulnerability in iOS 12 and macOS Mojave 10.14 Improved Permission Validation in iOS 12: Addressing a Permissions Issue Memory Corruption Vulnerability in Xcode 10 and Earlier Versions Memory Corruption Vulnerabilities Patched in Multiple Apple Products Memory Corruption Vulnerabilities Patched in Multiple Apple Products Memory Corruption Vulnerabilities Patched in iOS 12, tvOS 12, Safari 12, iTunes 12.9, and iCloud for Windows 7.7 Memory Consumption Issue in Older Apple Software Versions Inconsistent User Interface Issue in Safari and iOS Versions Prior to 11.1.2 and 12 Input Validation Vulnerability in Pre-iOS 12, tvOS 12, and watchOS 5 Versions Improved Bounds Checking for Out-of-Bounds Read in iOS Versions Prior to 12.1 Memory Corruption Vulnerability in iOS Versions Prior to 12.1 Resolved with Enhanced Input Validation Memory Corruption Vulnerability in iOS Versions Prior to 12.1 Resolved with Enhanced Input Validation Improved Validation Fixes Denial of Service Vulnerability in iOS, macOS, tvOS, and watchOS Improved State Management for Logic Issue in iOS, macOS, tvOS, and watchOS Improper Input Validation Leads to Out-of-Bounds Read Vulnerability Memory Corruption Vulnerabilities Patched in Multiple Apple Products Memory Corruption Vulnerabilities Patched in Multiple Apple Products Logic Issue Vulnerability in Pre-iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8 Memory Corruption Vulnerabilities Patched in Multiple Apple Products Memory Corruption Vulnerabilities Patched in Multiple Apple Products Cross-Site Scripting Vulnerability in Safari Prior to iOS 12.1 and Safari 12.0.1 Memory Corruption Vulnerability in Apple Software Prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8 Lock Screen Vulnerability Allows Unauthorized Access to Share Function on iOS Devices Lock Screen Vulnerability Exposed Photos and Contacts on iOS Devices Resource Exhaustion Vulnerability in tvOS and iOS 12.1 Memory Corruption Vulnerabilities Patched in Multiple Apple Products Improved State Management Addresses Memory Corruption Vulnerability Memory Corruption Vulnerability in iOS and watchOS Versions Prior to 12.1 and 5.1 Improved State Management in iOS 12.1: Addressing a Logic Issue Memory Corruption Vulnerabilities Patched in Multiple Apple Products Lock Screen Vulnerability: Unauthorized Photo Access via Reply With Message Lock Screen Share Function Vulnerability Inconsistent User Interface Issue Resolved with Enhanced State Management UI Spoofing Vulnerability in macOS, watchOS, and iOS UI Spoofing Vulnerability in macOS, watchOS, and iOS Memory Corruption Vulnerabilities Patched in Multiple Apple Products Improved Memory Handling in macOS Mojave 10.14 Addresses Memory Corruption Vulnerability Memory Corruption Vulnerability in Apple Operating Systems and iTunes Improved Checks for Pre-iOS 12 Vulnerability Improved Input Sanitization in macOS Mojave 10.14 Insecure Transmission of Analytics Data in Apple Support iOS App Vulnerability in Prime Number Determination Method Privileged API Access Vulnerability Patched in iOS 12, macOS Mojave 10.14, tvOS 12, and watchOS 5 Improper Validation Logic in Earlier iOS, macOS, and watchOS Versions Improved Memory Handling in iOS, macOS, tvOS, and watchOS: Addressing Memory Corruption Vulnerability Memory Corruption Vulnerability in macOS Mojave 10.14.1 and Earlier Versions Vulnerability in macOS Mojave 10.14.1 and Earlier Allows Unauthorized Entitlement Access Memory Corruption Vulnerability in iOS and macOS Improved Validation Addresses Denial of Service Vulnerability in macOS Mojave 10.14 Memory Corruption Vulnerability in Older Apple Operating Systems Memory Corruption Vulnerability in Earlier Apple Operating Systems Resource Exhaustion Vulnerability in Apple Software Memory Corruption Vulnerability in macOS Mojave 10.14.1 and Earlier Versions Memory Corruption Vulnerability in macOS Mojave 10.14 and Earlier Versions Memory Corruption Vulnerability Patched in Apple Devices Memory Initialization Issue in iOS, macOS, tvOS, and watchOS Prior to 12.1 Memory Corruption Vulnerability Patched in Apple Devices Memory Corruption Vulnerability in macOS Mojave 10.14.1 and Earlier Versions Memory Corruption Vulnerabilities Patched in Multiple Apple Products Improved Input Sanitization in macOS Mojave 10.14 Improved Input Sanitization in macOS Mojave 10.14 Memory Corruption Vulnerability Patched in iOS, macOS, tvOS, and watchOS Memory Corruption Vulnerability Patched in iOS, macOS, tvOS, and watchOS Memory Initialization Vulnerability in macOS Mojave 10.14.1 and Earlier Versions Memory Corruption Vulnerability in macOS Mojave 10.14.1 and Earlier Versions Logic Issue Vulnerability Patched in macOS Mojave 10.14.1 Buffer Overflow Vulnerability Patched in macOS Mojave 10.14.1 Improved Memory Handling in iOS, macOS, tvOS, and watchOS: Addressing Memory Corruption Vulnerability Improved Memory Handling in iOS, macOS, tvOS, and watchOS: Addressing Memory Corruption Vulnerability Memory Corruption Vulnerability Patched in Multiple Apple Operating Systems Lock Screen Share Function Vulnerability URL Spoofing Vulnerability in iOS and watchOS Versions Prior to 12.1.1 and 5.1.2 Lock Screen Vulnerability: Unauthorized Access to Contacts on Locked iOS Devices Memory Initialization Vulnerability File System Modification Vulnerability Improper Input Validation Leads to Out-of-Bounds Read in macOS Mojave 10.14.2 Improved Logic Restrictions in iOS, macOS, tvOS, and watchOS Versions Prior to 12.1.1 Certificate Validation Issue in Configuration Profiles Memory Corruption Vulnerabilities Patched in Multiple Apple Products Memory Corruption Vulnerability in Multiple Apple Products Improper Validation in Earlier iOS, Safari, iTunes, and iCloud Versions Logic Issue in State Management: Vulnerability in iOS, Safari, iTunes, and iCloud Memory Corruption Vulnerability Patched in Multiple Apple Products Memory Corruption Vulnerability Patched in Multiple Apple Products Memory Corruption Vulnerability Patched in Multiple Apple Products Improved State Management in Safari and iOS Fixes Logic Issue Vulnerability Ineffective Data Deletion in 'Clear History and Website Data' Feature Improved Entitlements Patch Vulnerability in iOS Versions Prior to 12.1.1 Improved State Management for Memory Corruption Vulnerability Memory Initialization Vulnerability in macOS and iOS Memory Corruption Vulnerability in macOS Mojave 10.14.2 and Earlier Versions Memory Corruption Vulnerability in macOS Mojave 10.14.2 and Earlier Versions Memory Corruption Vulnerability in macOS Mojave 10.14 Memory Consumption Vulnerability in macOS Mojave and High Sierra Improved Input Validation for Memory Corruption Vulnerability Vulnerability Patched: Denial of Service Exploit in iOS, macOS, tvOS, and watchOS Memory Corruption Vulnerability in Apple Operating Systems Improved Input Sanitization in macOS Mojave 10.14.2: Addressing a Validation Issue Memory Corruption Vulnerability in macOS Mojave 10.14.2 and Earlier Versions Memory Corruption Vulnerabilities Patched in Multiple Apple Products Improved Memory Handling in iOS, macOS, tvOS, and watchOS Privilege Escalation Vulnerability in macOS Mojave and High Sierra Vulnerability: Unauthorized Access to Restricted Files in macOS Privacy Vulnerability in Open Directory Records Handling: Addressed in macOS High Sierra 10.13.6 Memory Consumption Vulnerability in Multiple Apple Products Privilege Escalation Vulnerability in macOS High Sierra 10.13.5 and Security Updates Denial-of-Service Vulnerability in Siemens Industrial Software Title: Remote Code Execution Vulnerability in Industrial Networking Devices Unauthenticated Remote Firmware Upload Vulnerability in Desigo PXC and PXM Devices Authentication Bypass Vulnerability in TeleControl Server Basic < V3.1 Privilege Escalation Vulnerability in TeleControl Server Basic < V3.1 TeleControl Server Basic < V3.1 Denial-of-Service Vulnerability Firmware Downgrade Vulnerability in EN100 Ethernet Modules Vulnerability: Password Reconstruction in DIGSI 4 and SIPROTEC Relays Unauthenticated Remote User Can Upload Modified Device Configuration and Overwrite Access Authorization Passwords Unauthenticated Remote Administrative Operations Vulnerability in TIM 1531 IRC (All versions < V1.1) Vulnerability in SCALANCE Switch Family Allows Remote Code Execution via XSS Denial of Service Vulnerability in SIMATIC S7-400 and Other Siemens Devices Insufficient Limitation of CONTROL Script Capabilities in SIMATIC WinCC OA UI for Android and iOS Vulnerability in RAPIDLab and RAPIDPoint Systems: Privilege Escalation via Remote View Feature Vulnerability: Hardcoded Password in RAPIDLab and RAPIDPoint Systems Insufficient Protection of Sensitive Information in SIMATIC WinCC OA Operator iOS App Cross-Site Scripting (XSS) Vulnerability in SCALANCE X-200 and X-300 Switch Families Improper Certificate Validation in Siveillance VMS Video for Android and iOS Denial-of-Service Vulnerability in SIMATIC S7-400 and S7-400H CPUs Denial-of-Service Vulnerability in SICLOCK TC100 and TC400 Devices Authentication Bypass Vulnerability in SICLOCK TC100 and TC400 Devices Firmware Modification Vulnerability in SICLOCK TC100 and TC400 Devices Vulnerability: Code Execution via Modified Administrative Client Unencrypted Storage and Transmission of Passwords in SICLOCK TC100 and TC400 Administrative Access Lockout Vulnerability in SICLOCK TC100 and TC400 Devices Vulnerability in Siemens IEC 61850 System Configurator and DIGSI: Data Exfiltration and Code Execution Authenticated Remote Command Execution Vulnerability in SCALANCE M875 Authenticated Remote Command Execution Vulnerability in SCALANCE M875 Authenticated Remote File Read and Download Vulnerability in SCALANCE M875 Privilege Escalation via Azure Account Scoping Bypass in Octopus Deploy Bypassing Tamper Protection in Sophos Endpoint Protection 10.7 Excessive Memory Allocation Vulnerability in Exiv2 0.26 Adobe Flash Player Out-of-bounds Read Vulnerability Adobe Acrobat Reader Cross Call Security Bypass and Sandbox Escape Vulnerability Unquoted Search Path Vulnerability in Adobe Creative Cloud Desktop Application Reflected Cross-Site Scripting Vulnerability in Adobe Experience Manager 6.1 and 6.0 Cross-Site Scripting Vulnerability in Adobe Experience Manager Versions 6.3, 6.2, and 6.1 via Sling XSSAPI Bypass Use-After-Free Vulnerability in Adobe Flash Player Allows Arbitrary Code Execution Adobe Flash Player Use-After-Free Vulnerability (CVE-2018-4878) Buffer Overflow Vulnerability in Adobe Acrobat Reader Buffer Overflow Vulnerability in Adobe Acrobat Reader Buffer Overflow Vulnerability in Adobe Acrobat Reader Buffer Overflow Vulnerability in Adobe Acrobat Reader Buffer Overflow Vulnerability in Adobe Acrobat Reader Buffer Overflow Vulnerability in Adobe Acrobat Reader Buffer Overflow Vulnerability in Adobe Acrobat Reader Buffer Overflow Vulnerability in Adobe Acrobat Reader Buffer Overflow Vulnerability in Adobe Acrobat Reader Use After Free Vulnerability in Adobe Acrobat Reader Buffer Overflow Vulnerability in Adobe Acrobat Reader Heap Overflow Vulnerability in Adobe Acrobat Reader's Image Conversion Engine Buffer Overflow Vulnerability in Adobe Acrobat Reader Use After Free Vulnerability in Adobe Acrobat Reader's JBIG2 Decoder Allows Arbitrary Code Execution Buffer Overflow Vulnerability in Adobe Acrobat Reader Buffer Overflow Vulnerability in Adobe Acrobat Reader Buffer Overflow Vulnerability in Adobe Acrobat Reader Buffer Overflow Vulnerability in Adobe Acrobat Reader Buffer Overflow Vulnerability in Adobe Acrobat Reader Buffer Overflow Vulnerability in Adobe Acrobat Reader Buffer Overflow Vulnerability in Adobe Acrobat Reader Buffer Overflow Vulnerability in Adobe Acrobat Reader Buffer Overflow Vulnerability in Adobe Acrobat Reader Use After Free Vulnerability in Adobe Acrobat Reader Buffer Overflow Vulnerability in Adobe Acrobat Reader Heap Overflow Vulnerability in Adobe Acrobat Reader Buffer Overflow Vulnerability in Adobe Acrobat Reader Buffer Overflow Vulnerability in Adobe Acrobat Reader Buffer Overflow Vulnerability in Adobe Acrobat Reader Buffer Overflow Vulnerability in Adobe Acrobat Reader JPEG Image Metadata Buffer Overflow Vulnerability Heap Overflow Vulnerability in Adobe Acrobat Reader's JavaScript Engine Use After Free Vulnerability in Adobe Acrobat Reader's JavaScript API for Bookmark Functionality Buffer Overflow Vulnerability in Adobe Acrobat Reader Use After Free Vulnerability in Adobe Acrobat Reader XFA Engine Buffer Overflow Vulnerability in Adobe Acrobat Reader Buffer Overflow Vulnerability in Adobe Acrobat Reader Buffer Overflow Vulnerability in Adobe Acrobat Reader Heap Overflow Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Flash Player (CVE-2018-4878) Type Confusion Vulnerability in Adobe Flash Player (CVE-2018-4878) Unrestricted SWF File Upload Vulnerability in Adobe Connect 9.7 and Earlier Arbitrary File Deletion Vulnerability in Adobe Connect Versions 9.7 and Earlier OS Command Injection Vulnerability in Adobe Dreamweaver CC Versions 18.0 and Earlier Out-of-bounds Read Vulnerability in Adobe Digital Editions 4.5.7 and Below: Risk of Information Disclosure Stack Overflow Vulnerability in Adobe Digital Editions 4.5.7 and Below: Risk of Information Disclosure Untrusted Search Path Vulnerability in Adobe InDesign Versions 13.0 and Below Memory Corruption Vulnerability in Adobe InDesign Versions 13.0 and Below: Arbitrary Code Execution Stored Cross-Site Scripting Vulnerability in Adobe Experience Manager 6.2 and Earlier: Risk of Sensitive Information Disclosure Cross-site Scripting Vulnerability in Adobe Experience Manager 6.3 and Earlier: Risk of Sensitive Information Disclosure Stored Cross-Site Scripting Vulnerability in Adobe Experience Manager 6.1 and Earlier: Risk of Sensitive Information Disclosure Use-After-Free Vulnerability in Adobe Flash Player (CVE-2018-5002) Out-of-Bounds Read Vulnerability in Adobe Flash Player Versions 29.0.0.113 and Earlier Out-of-Bounds Read Vulnerability in Adobe Flash Player Versions 29.0.0.113 and Earlier Critical Out-of-Bounds Write Vulnerability in Adobe Flash Player (CVE-2018-5002) Heap Overflow Vulnerability in Adobe Flash Player (Versions 29.0.0.113 and Earlier) Critical Out-of-Bounds Write Vulnerability in Adobe Flash Player (CVE-2018-5002) Insecure Library Loading Vulnerability in Adobe ColdFusion: Local Privilege Escalation Arbitrary Code Execution Vulnerability in Adobe ColdFusion Cross-Site Scripting Vulnerability in Adobe ColdFusion and ColdFusion 11 Cross-Site Scripting Vulnerability in Adobe ColdFusion and ColdFusion 11 Unsafe XML External Entity Processing Vulnerability in Adobe ColdFusion: Risk of Information Disclosure Same-Origin Method Execution Vulnerability in Adobe PhoneGap Push Plugin Type Confusion Vulnerability in Adobe Flash Player (CVE-2018-5002) Type Confusion Vulnerability in Adobe Flash Player: Arbitrary Code Execution Out-of-bounds Write Vulnerability in Adobe Photoshop CC Heap Overflow Vulnerability in Adobe Acrobat and Reader Heap Overflow Vulnerability in Adobe Acrobat and Reader Out-of-bounds read vulnerability in Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier Out-of-bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-bounds read vulnerability in Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier Use-after-free vulnerability in Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier Type Confusion Vulnerability in Adobe Acrobat and Reader Use-after-free vulnerability in Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier Out-of-bounds read vulnerability in Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier Out-of-bounds read vulnerability in Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier Out-of-bounds read vulnerability in Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier Use-after-free vulnerability in Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier Use-after-free vulnerability in Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier Out-of-bounds read vulnerability in Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier Use-after-free vulnerability in Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier Out-of-bounds read vulnerability in Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier Out-of-bounds read vulnerability in Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier Out-of-bounds read vulnerability in Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier Memory Corruption Vulnerability in Adobe Acrobat and Reader Heap Overflow Vulnerability in Adobe Acrobat and Reader Out-of-bounds read vulnerability in Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier Heap Overflow Vulnerability in Adobe Acrobat and Reader Out-of-bounds read vulnerability in Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier Out-of-bounds read vulnerability in Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier Use-after-free vulnerability in Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier Out-of-bounds read vulnerability in Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier Out-of-bounds read vulnerability in Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier Use-after-free vulnerability in Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier Out-of-bounds read vulnerability in Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier Out-of-bounds read vulnerability in Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier Use-after-free vulnerability in Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier Heap Overflow Vulnerability in Adobe Acrobat and Reader Adobe Acrobat and Reader Security Bypass Vulnerability Use-after-free vulnerability in Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier Out-of-bounds read vulnerability in Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier Heap Overflow Vulnerability in Adobe Acrobat and Reader Use-after-free vulnerability in Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier Heap Overflow Vulnerability in Adobe Acrobat and Reader Out-of-bounds read vulnerability in Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier Out-of-bounds read vulnerability in Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier Untrusted Pointer Dereference Vulnerability in Adobe Acrobat and Reader Use-after-free vulnerability in Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier Use-after-free vulnerability in Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier Double Free Vulnerability in Adobe Acrobat and Reader Improper Certificate Validation Vulnerability in Adobe Creative Cloud Desktop Application Local Privilege Escalation Vulnerability in Adobe Creative Cloud Desktop Application NTLM SSO Hash Theft Vulnerability in Adobe Acrobat and Reader Authentication Bypass Vulnerability in Adobe Connect Versions 9.7.5 and Earlier XFA '\n' POST Injection Vulnerability in Adobe Acrobat and Reader Use-after-free vulnerability in Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier Out-of-bounds write vulnerability in Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, and 2015.006.30394 and earlier Memory Corruption Vulnerability in Adobe Acrobat and Reader Out-of-bounds read vulnerability in Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, and 2015.006.30394 and earlier Integer Overflow Vulnerability in Adobe Flash Player (Versions 29.0.0.171 and Earlier) Could Result in Information Disclosure Out-of-bounds Read Vulnerability in Adobe Flash Player (CVE-2018-5002) Stack-based Buffer Overflow Vulnerability in Adobe Flash Player Insecure Library Loading (DLL Hijacking) Vulnerability in Adobe Creative Cloud Desktop Application Server-Side Request Forgery Vulnerability in Adobe Experience Manager 6.2 and 6.3: Risk of Sensitive Information Disclosure Cross-site Scripting Vulnerability in Adobe Experience Manager Versions 6.0-6.4 Server-Side Request Forgery Vulnerability in Adobe Experience Manager 6.4 and Earlier: Risk of Sensitive Information Disclosure Type Confusion Vulnerability in Adobe Flash Player 30.0.0.113 and Earlier Versions Out-of-bounds Read Vulnerability in Adobe Flash Player 30.0.0.113 and Earlier Versions Use-after-free vulnerability in Adobe Acrobat and Reader versions 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Use-after-free vulnerability in Adobe Acrobat and Reader versions 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier Untrusted Pointer Dereference Vulnerability in Adobe Acrobat and Reader Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Heap Overflow Vulnerability in Adobe Acrobat and Reader Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Heap Overflow Vulnerability in Adobe Acrobat and Reader Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Untrusted Pointer Dereference Vulnerability in Adobe Acrobat and Reader Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Heap Overflow Vulnerability in Adobe Acrobat and Reader Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Buffer Errors Vulnerability in Adobe Acrobat and Reader Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Heap Overflow Vulnerability in Adobe Acrobat and Reader Buffer Errors Vulnerability in Adobe Acrobat and Reader Heap Overflow Vulnerability in Adobe Acrobat and Reader Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Heap Overflow Vulnerability in Adobe Acrobat and Reader Heap Overflow Vulnerability in Adobe Acrobat and Reader Out-of-bounds Write Vulnerability in Adobe Acrobat and Reader Buffer Errors Vulnerability in Adobe Acrobat and Reader Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Heap Overflow Vulnerability in Adobe Acrobat and Reader Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Heap Overflow Vulnerability in Adobe Acrobat and Reader Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Type Confusion Vulnerability in Adobe Acrobat and Reader Heap Overflow Vulnerability in Adobe Acrobat and Reader Out-of-bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-bounds Write Vulnerability in Adobe Acrobat and Reader Use-after-free vulnerability in Adobe Acrobat and Reader versions 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Heap Overflow Vulnerability in Adobe Acrobat and Reader Out-of-bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-bounds Write Vulnerability in Adobe Acrobat and Reader Persistent XSS Vulnerability in Cobham Sea Tel 116 Build 222429 Satellite Communication System Devices XSS Vulnerability in Online Ticket Booking: admin/sitesettings.php keyword parameter CSRF Vulnerability in Online Ticket Booking System via admin/movieedit.php XSS Vulnerability in Online Ticket Booking: admin/manageownerlist.php contact parameter XSS Vulnerability in Online Ticket Booking: admin/snacks_edit.php (snacks_name parameter) XSS Vulnerability in Online Ticket Booking: admin/newsedit.php newstitle Parameter XSS Vulnerability in Online Ticket Booking: admin/movieedit.php moviename parameter XSS Vulnerability in Online Ticket Booking: admin/eventlist.php cast Parameter Denial of Service Vulnerability in K7 AntiVirus 15.1.0306 Denial of Service Vulnerability in K7 AntiVirus 15.1.0306 Denial of Service Vulnerability in K7 AntiVirus 15.1.0306 Denial of Service Vulnerability in K7 AntiVirus 15.1.0306 Denial of Service and Potential Impact Vulnerability in K7 AntiVirus 15.1.0306 Denial of Service Vulnerability in K7 AntiVirus 15.1.0306 Denial of Service Vulnerability in K7 AntiVirus 15.1.0306 Denial of Service and Potential Impact Vulnerability in K7 AntiVirus 15.1.0306 Denial of Service Vulnerability in K7 AntiVirus 15.1.0306 Denial of Service Vulnerability in K7 AntiVirus 15.1.0306 Memory Corruption Vulnerabilities in Firefox 57, Firefox ESR 52.5, Thunderbird < 52.6 Memory Corruption Vulnerability in Firefox 57: Potential for Arbitrary Code Execution WebRTC DTMF Timer Use-After-Free Vulnerability in Firefox Use-After-Free Vulnerability in Firefox < 58 WebAssembly Memory/Table Resizing Heap Buffer Overflow Vulnerability in Firefox < 58 WebAssembly Heap Buffer Overflow Vulnerability in Firefox < 58 Integer Overflow Vulnerability in Skia Library: Potential Exploitable Crash Use-After-Free Vulnerability in Firefox ESR and Thunderbird Allows for Potentially Exploitable Crashes Use-after-free vulnerability in XSL transformations allows for potentially exploitable crashes Use-after-free vulnerability in Thunderbird and Firefox versions < 58 Use-after-free vulnerability in Thunderbird and Firefox versions < 58 Use-After-Free Vulnerability in Firefox < 58: IsPotentiallyScrollable Function Argument Handling Use-After-Free Vulnerability in Firefox < 58: Exploitable Crash via Manipulation of Floating 'first-letter' Style Elements HTML Media Elements Use-After-Free Vulnerability Use-after-free vulnerability in Thunderbird and Firefox versions < 58 during mouse event handling Use-after-free vulnerability in font face manipulation leading to potential crash Arbitrary File Execution Vulnerability in Firefox WebExtensions Cross-Origin Information Leakage in Firefox Developer Tools Symlink Vulnerability in Firefox < 58 Allows Bypassing Local Access Protections Blob URL Access Violation in Firefox < 58 Incorrect Origin Display in Audio Capture Prompt Cursor Visibility Toggling Vulnerability in Firefox < 58 on OS X URL Spoofing Vulnerability in Firefox < 58 Privileged Page Access Vulnerability in Firefox Extension Development Tools Panels Insecure Enforcement of https: Requirement in WebExtensions Allows Privileged Page Loading in Firefox < 58 Firefox < 58 Cookie Vulnerability: Access to Original Value via Script Confusing HTTP Authentication Prompt Vulnerability in Firefox < 58 Cross-Origin Frame Injection Vulnerability in Firefox WebExtensions URL Spoofing Vulnerability in Thunderbird and Firefox Local File System Data Exposure Vulnerability in Firefox < 58 Cross-Origin Content Access in Reader View Vulnerability Tibetan Character Clipping Vulnerability in OS X: Domain Name Spoofing Attack Integer Overflow Vulnerability in WebCrypto Function of Firefox < 58 Information Leakage Vulnerability in Bugzilla Versions Prior to 4.4 HTML Injection Vulnerability in Firefox (Versions before 58.0.1) Memory Corruption Vulnerabilities in Firefox 58 and Firefox ESR 52.6 Memory Corruption Vulnerability in Firefox 58 Allows Arbitrary Code Execution Buffer Overflow Vulnerability in SVG animatedPathSegList Manipulation Use-After-Free Vulnerability in Firefox < 59: Exploitable Crash during Editor Operations IPC Message Parameter Validation Vulnerability WebRTC RTP Payload Type Mismatch Vulnerability Vulnerability in fetch() API allows access to locally cached data in Firefox Privileged Page Search Vulnerability in Firefox WebExtensions Arbitrary Code Execution via Unsanitized app.support.baseURL Preference in Firefox < 59 WebExtensions Vulnerability: Bypassing Content Restrictions in Firefox < 59 WebExtensions Privilege Escalation Vulnerability in Firefox < 59 Cross-Origin Shared Worker Vulnerability in Firefox < 59 Legacy Extension Resource Loading Vulnerability in Firefox < 59 Spoofing Vulnerability in Android Custom Tab with Firefox for Android (Firefox < 59) Moz-Icon Protocol Information Leakage Vulnerability Unauthenticated Remote Code Execution and Content Spoofing in Firefox Push API Improper Display of Originating Domain in Media Capture and Streams API Permission Notifications Tab character bypasses javascript: URL protocol removal in Firefox < 59 Unchecked Length Parameter Leads to Integer Overflow in Firefox ESR and Thunderbird Memory Corruption Vulnerabilities in Firefox ESR 52.6 and Thunderbird 52.6 Vulnerability: Out of Bounds Memory Write in Vorbis Audio Processing Vulnerability in libtremor library used by Firefox on Android and ARM platforms Use-after-free vulnerability in Firefox ESR < 52.7.3 and Firefox < 59.0.2 Memory Corruption Vulnerabilities in Firefox and Thunderbird Memory Corruption Vulnerability in Firefox 59 WebExtensions Privilege Escalation: Intercepting Login Credentials on Mozilla Sites WebSocket Message Corruption Vulnerability in Firefox < 60 Use-after-free vulnerability in SVG animation attribute enumeration with clip paths Use-after-free vulnerability in SVG animations with text paths in Thunderbird and Firefox Media Stream Type Change Vulnerability Same-origin bypass vulnerability in Firefox PDF Viewer PDF Viewer PostScript Calculator Function Injection Vulnerability Integer Overflow in Skia Library: Potential Out-of-Bounds Writes WebRTC Pixel Buffer Use-After-Free Vulnerability in Firefox < 60 Thunderbird Hang Vulnerability in Message Header Processing Vulnerability: Plaintext Email Leakage via Remote Image or Link src Attribute Privilege Escalation through JavaScript Start-up Bytecode Cache (JSBC) in Firefox < 60 Improper Application of Content Security Policy (CSP) in Firefox < 60 Allows for XSS and Other Attacks Misleading Adobe Flash Protected Mode Setting in Firefox < 60 WebExtensions Request Redirection Vulnerability in Firefox < 60 Vulnerability: Unsanitized Hyperlinks in Web Console and JavaScript Debugger Vulnerability: Unauthorized Installation of Offensive Themes Firefox < 60 Drag and Drop Home Page Reset Vulnerability Arbitrary Attachment Name Spoofing Vulnerability in Thunderbird ESR < 52.8 and Thunderbird < 52.8 Clipboard Script Injection Vulnerability in Firefox < 60 Unicode Character Spoofing Vulnerability in Firefox < 60 Windows Defender SmartScreen Bypass via Firefox SEE_MASK_FLAG_NO_UI Flag CSP Bypass Vulnerability in Firefox < 60 Clickjacking Vulnerability in JSON Viewer of Firefox < 60 Buffer Overflow Vulnerability in XSLT Number Formatting in Firefox < 60 Buffer Overflow Vulnerability in UTF8 to Unicode String Conversion in JavaScript Persistent Service Worker Vulnerability in Firefox Versions Prior to 60 Use-After-Free Vulnerability in WebGL Operations in Firefox < 60 URL Drag and Drop Local File Access Vulnerability in Firefox < 60 Drag-and-Drop File Execution Vulnerability in Firefox < 60 Memory Corruption Vulnerability in Skia Library Affects Thunderbird and Firefox ESR Versions < 52.8 Remote Content Disclosure in Thunderbird ESR and Thunderbird versions prior to 52.8 Email Decryption Vulnerability in Thunderbird ESR and Thunderbird Memory Corruption Vulnerability in Firefox 60: Potential for Arbitrary Code Execution Memory Corruption Vulnerabilities in Firefox 60 and Firefox ESR 60 Memory Corruption Vulnerability in Firefox and Thunderbird Race Condition Exploit in Jungo Windriver 12.5.1: Double Fetch Vulnerability Arbitrary Customer Account Access in PicturesPro Photo Cart 6 and 7 Buffer Overflow Vulnerability in Hancom NEO Versions 9.6.1.5183 and Earlier: Remote Code Execution via Hyperlink Attributes Stack Overflow Vulnerability in Alzip 10.76.0.0 and Earlier Allows Arbitrary Code Execution Command Injection Vulnerability in ExtCommon.dll User Extension Module Race Condition Vulnerability in Veraport G3 ALL on MacOS Allows Remote Code Execution Insufficient Domain Validation in Veraport G3 ALL on MacOS Allows Remote Code Execution Heap Based Buffer Overflow Vulnerability in KMPlayer 4.2.2.15 and Earlier: Remote Code Execution via Crafted FLV Format File Heap Overflow Vulnerability in Hancom Office Software Arbitrary Code Execution Vulnerability in SKCertService 2.5.5 and Earlier Arbitrary File Download and Execution Vulnerability in DEXTUploadX5 Arbitrary File Download and Execution Vulnerability in ML Report Version 2.00.000.0000 - 2.18.628.5980 Incomplete Escape Codes in Irssi before 1.0.6: Accessing Data Beyond String End Null Pointer Dereference Vulnerability in Irssi before 1.0.6 Incomplete Variable Argument Vulnerability in Irssi before 1.0.6 Allows Access to Data Beyond String End Heap Buffer Overflow in Irssi Completion Code Trustlet Stack Overflow Vulnerability on Samsung Mobile Devices with Exynos Chipsets (SVE-2017-10733) SQL Injection Time-based Attack in PHP Melody 2.7.1 via ajax.php (playlist parameter) Cross-Site Scripting (XSS) Vulnerability in Simple Download Monitor Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in Simple Download Monitor Plugin for WordPress XSS Vulnerability in Add Link to Facebook WordPress Plugin XSS Vulnerability in Fork CMS 5.0.7: /private/en/pages/edit (title parameter) XSS Vulnerability in Radiant CMS 1.1.4 via Crafted Markdown Input Denial of Service and Potential Impact Vulnerability in K7 Antivirus 15.1.0306 Denial of Service and Potential Impact Vulnerability in K7 Antivirus 15.1.0306 Denial of Service and Potential Impact Vulnerability in K7 Antivirus 15.1.0306 Denial of Service and Potential Impact Vulnerability in K7 Antivirus 15.1.0306 Buffer Overflow Vulnerabilities in BarCodeWiz BarCode ActiveX Control (BarcodeWiz.DLL) Remote Code Execution Vulnerability in Fisheye and Crucible Bamboo Remote Code Execution Vulnerability Remote Code Execution via Symbolic Link Editing in Atlassian Bitbucket Server Code Execution Vulnerability in Sourcetree for Windows via Mercurial Repository Tag Name Cross-Site Scripting (XSS) Vulnerability in Atlassian Application Links Cross-Site Scripting (XSS) Vulnerability in Atlassian Fisheye and Crucible Cross-Site Scripting (XSS) Vulnerability in Atlassian Universal Plugin Manager Cross-Site Scripting (XSS) Vulnerability in Atlassian Jira's Issue Collector Denial of Service Vulnerability in Atlassian Jira Cross-Site Scripting (XSS) Vulnerability in Atlassian Jira EditIssue.jspa Resource Arbitrary Script Injection via PATH_INFO in Grav CMS Norton Core Router v237 Command Injection Vulnerability DLL Preloading Vulnerability in Norton Utilities (prior to 16.0.3.44) Race Condition Vulnerability in Symantec Endpoint Protection Privilege Escalation Vulnerability in Symantec Endpoint Protection DLL Preloading Vulnerability in Norton Power Eraser and SymDiag Norton App Lock Vulnerability: Bypass Exploit Allows Device Access Privilege Escalation Vulnerability in Symantec Management Agent Inventory Plugin SAML Authentication Bypass Vulnerability in Symantec ASG and ProxySG Norton App Lock Vulnerability: Device Access Bypass Exploit Denial of Service Vulnerability in Symantec Encryption Management Server (SEMS) Prior to Version 3.4.2 MP1 Denial of Service Vulnerability in Xen 4.10 MSR Emulation Infrastructure Memory Leaks in ReadPATTERNImage in ImageMagick 7.0.7-17 Q16 Memory Leaks in ReadRLAImage in ImageMagick 7.0.7-17 Q16 Heap-based Buffer Over-read in ImageMagick's ReadSIXELImage Function Arbitrary Code Injection via Login Form in Shaarli Integer Signedness Error Vulnerability in libming 0.4.8's readSBits Function Large Loop Vulnerability in ImageWorsener 1.3.2 with libjpeg 8d Infinite Loop Vulnerability in Bento4 1.5.1.0's AP4_FtypAtom Class Denial of Service Vulnerability in Arista EOS BGP Peering Denial of Service Vulnerability in Arista EOS Mlag Agent Unauthenticated API Endpoint Information Disclosure in CoreOS Tectonic Unverified X.509 Certificates in Neon App 1.6.14 iOS Allow Server Spoofing and Information Disclosure Remote authenticated users can bypass attachment-deletion restrictions in Discuz! DiscuzX X3.4 Plaintext Information Disclosure in Flexense DiskBoss Stack-Based Buffer Overflow in Flexense DiskBoss 8.8.16 and Earlier: Remote Code Execution Cross-Site Scripting (XSS) Vulnerability in StackIdeas EasyDiscuss Extension for Joomla! Vulnerability: Bypassing Free Time Wi-Fi Usage Restrictions in Ubiquiti UniFi 52 Devices Arbitrary Code Execution Vulnerability in Ubiquiti EdgeOS 1.9.1 on EdgeRouter Lite Devices Cobham Sea Tel 121 Build 222701 Devices Information Disclosure Vulnerability Authentication Bypass Vulnerability in Cobham Sea Tel 121 Build 222701 Devices Heap-Based Buffer Overflow in cv::Jpeg2KDecoder::readComponent8u Assertion Failure in cv::RBaseStream::setPos due to Incorrect Integer Cast Denial of Service Vulnerability in Malwarebytes Premium 3.3.1.2183 Driver (FARFLT.SYS) Denial of Service Vulnerability in Malwarebytes Premium 3.3.1.2183 Driver (FARFLT.SYS) Denial of Service Vulnerability in Malwarebytes Premium 3.3.1.2183 Driver (FARFLT.SYS) Denial of Service Vulnerability in Malwarebytes Premium 3.3.1.2183 Driver (FARFLT.SYS) Denial of Service Vulnerability in Malwarebytes Premium 3.3.1.2183 Driver (FARFLT.SYS) Denial of Service Vulnerability in Malwarebytes Premium 3.3.1.2183 Driver (FARFLT.SYS) Denial of Service Vulnerability in Malwarebytes Premium 3.3.1.2183 Driver (FARFLT.SYS) Denial of Service Vulnerability in Malwarebytes Premium 3.3.1.2183 Driver (FARFLT.SYS) Denial of Service Vulnerability in Malwarebytes Premium 3.3.1.2183 Driver (FARFLT.SYS) Denial of Service Vulnerability in Malwarebytes Premium 3.3.1.2183 Driver (FARFLT.SYS) XSS Vulnerability in SonicWall SonicOS on NSA 2016 Q4 Devices via Configure SSO Screens Cross-Site Scripting (XSS) Vulnerability in SonicWall SonicOS on NSA 2017 Q4 Devices Stack-based Buffer Overflow in Kentico 9.0 through 11.0 SilentInstall XML Document Parsing Directory Traversal Vulnerability in Photos in Wifi Application 1.0.1 for iOS XSS Vulnerability in ImageInject Plugin 1.15 for WordPress via flickr_appid Parameter CSRF Vulnerability in ImageInject Plugin 1.15 for WordPress XSS Vulnerability in GD Rating System Plugin 2.3 for WordPress Directory Traversal Vulnerability in GD Rating System Plugin 2.3 for WordPress XSS Vulnerability in GD Rating System Plugin 2.3 for WordPress Directory Traversal Vulnerability in GD Rating System Plugin 2.3 for WordPress Directory Traversal Vulnerability in GD Rating System Plugin 2.3 for WordPress Directory Traversal Vulnerability in GD Rating System Plugin 2.3 for WordPress XSS Vulnerability in GD Rating System Plugin 2.3 for WordPress XSS Vulnerability in GD Rating System Plugin 2.3 for WordPress Integer Overflow in readUInt32 Function in libming 0.4.8 Allows for Denial-of-Service Attacks via Crafted SWF File Integer Overflow in PdfXRefStreamParserObject::ParseStream Function in PoDoFo 0.9.5 Allows for Denial-of-Service Attacks via Crafted PDF File Uncontrolled Memory Allocation Vulnerability in PoDoFo 0.9.5 Insecure AES Encryption in Procter & Gamble Oral-B App for Android Stack-based Buffer Overflow Vulnerability in Pulse Secure Pulse Connect Secure and Pulse Policy Secure CSRF Vulnerability in Magento Community and Enterprise Editions Cross-Site Scripting (XSS) Vulnerability in Impinj Speedway Connect R420 RFID Reader ClickJacking Vulnerability in Impinj Speedway Connect R420 RFID Reader Multiple Cross-Site Scripting (XSS) Vulnerabilities in Sonatype Nexus Repository Manager 3.x before 3.8 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Sonatype Nexus Repository Manager (NXRM) 2.x before 2.14.6 Memory Corruption Vulnerability in PoDoFo 0.9.5 Integer Overflow in PdfObjectStreamParserObject::ReadObjectsFromStream Function in PoDoFo 0.9.5 Directory Traversal Vulnerability in Media from FTP Plugin for WordPress XSS Vulnerability in Easy Custom Auto Excerpt Plugin 2.4.6 for WordPress XSS Vulnerability in tabs-responsive Plugin 1.8.0 for WordPress via post_title Parameter Privilege Escalation Vulnerability in Rapid Scada 5.5.0 due to Weak Access Control Permissions Remote Command Injection Vulnerability in Citrix NetScaler ADC and NetScaler Gateway SQL Injection Vulnerability in Wachipi WP Events Calendar Plugin 1.0 for WordPress Cross-Site Scripting (XSS) Vulnerability in SagePay Server Gateway for WooCommerce Plugin Remote Code Execution Vulnerability in RAVPower FileHub 2.000.056 Same Origin Policy Bypass in Cheetah Mobile CM Browser 5.22.06.0012 on Older Android Platforms Same Origin Policy Bypass in Cheetah Mobile Armorfly Browser & Downloader 1.1.05.0010 on Older Android Platforms Unauthenticated Access to Privileged Modules in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 Cross-Site Request Forgery (CSRF) Vulnerability in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 Denial of Service Vulnerability in ZyXEL P-660HW v3 Devices XSS Vulnerability in DiscuzX X3.4 via view Parameter in space_poll.php Heap-based Out-of-Bounds Write Vulnerability in Linux Kernel through 3.2 NULL pointer dereference vulnerability in rds_cmsg_atomic function in Linux kernel through 4.14.13 Vulnerability: Crash in Wireshark IxVeriWave File Parser Buffer Overflow Vulnerability in Wireshark WCP Dissector Recursion Depth Limitation Vulnerability in Wireshark Dissectors Directory Traversal Vulnerability in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184 Missing Authentication/Authorization in Zoho ManageEngine Desktop Central Database Query Mechanism Insufficient Enforcement of Database Query Type Restrictions in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184 Database Access Vulnerability in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184 File Type/Extension Validation Bypass in Zoho ManageEngine Desktop Central Privilege Escalation Vulnerability in Zoho ManageEngine Desktop Central Use-after-free vulnerability in Linux kernel through 4.14.13 allows for denial of service or other impact in drivers/block/loop.c Stack-Based Buffer Overflow in GNOME gcab (CVE-2021-XXXX): Remote Code Execution Vulnerability Unauthenticated Command Injection Vulnerability in Seagate Media Server Privilege Escalation Vulnerability in Heimdal PRO v2.2.190 Remote Code Execution and Privilege Escalation Vulnerability in Zoho ManageEngine ADSelfService Plus ANIXIS Password Reset Client before version 3.22 allows remote code execution and privilege escalation via spoofing vulnerability Memory Leaks in ImageMagick 7.0.7-22 Q16's ReadDCMImage Function Memory Leaks in ImageMagick 7.0.7-22 Q16: Vulnerability in EncodeImageAttributes Function Remote Code Execution Vulnerability in Flexense SysGauge 3.6.18 Heap-based Buffer Over-read in LibTIFF before 4.0.6 CSRF Vulnerability in WPGlobus Plugin 1.9.6 for WordPress XSS Vulnerability in WPGlobus Plugin 1.9.6 for WordPress XSS Vulnerability in WPGlobus Plugin 1.9.6 for WordPress XSS Vulnerability in WPGlobus Plugin 1.9.6 for WordPress XSS Vulnerability in WPGlobus Plugin 1.9.6 for WordPress XSS Vulnerability in WPGlobus Plugin 1.9.6 for WordPress XSS Vulnerability in WPGlobus Plugin 1.9.6 for WordPress CSRF Vulnerability in SrbTransLatin Plugin 1.46 for WordPress XSS Vulnerability in SrbTransLatin Plugin 1.46 for WordPress XSS Vulnerability in BizLogic xnami 1.0 via Comment Parameter Arbitrary OS Command Execution in D-Link DSL-2640U and DSL-2540U Devices SQL Injection Vulnerability in Testimonial Slider Plugin for WordPress SQL Injection Vulnerability in Smooth Slider Plugin for WordPress SQL Injection Vulnerability in Dbox 3D Slider Lite Plugin for WordPress XSS Vulnerability in DiscuzX X3.4 via appid Parameter in delete Action XSS Vulnerability in DiscuzX X3.4 via op parameter in spacecp_upload.php Remote Access Bypass Vulnerability in Discuz! DiscuzX X3.4 Quagga BGP Daemon (bgpd) Invalid Attribute Length Vulnerability Double-Free Memory Vulnerability in Quagga BGP Daemon (bgpd) Quagga BGP Daemon (bgpd) Debug Code-to-String Conversion Table Overrun Vulnerability Denial of Service Vulnerability in Quagga BGP Daemon (bgpd) Prior to Version 1.2.3 Weak HMAC in Default BKS Keystore Vulnerability Vulnerability in Bluetooth Key Exchange Protocol Unauthenticated Blind SQL Injection Vulnerability in Navarino Infinity Web Interface Session Fixation Vulnerability in Navarino Infinity Authentication Bypass Vulnerability in Navarino Infinity Functions (up to version 2.2) SAMLBase Vulnerability: Bypassing Authentication via Manipulation of SAML Data Buffer Underflow Vulnerability in stroke_socket.c in strongSwan IKEv1 Main Mode Vulnerability: Offline Dictionary and Brute Force Attacks Denial of Service Vulnerability in Linux Kernel Versions 4.9+ Linux Kernel Denial of Service Vulnerability via IP Fragment Re-assembly ASLR Compatibility Vulnerability in mingw-w64 Version 5.0.4 Unauthenticated Remote Control and Code Execution in TP-LINK EAP Controller Undocumented Dropbear SSH Server with Hard-coded Credentials in Auto-Maskin DCU 210E Firmware Undocumented Custom Protocol Vulnerability in Auto-Maskin Products Cleartext Transmission of Sensitive Data in Auto-Maskin DCU-210E, RP-210E, and Marine Pro Observer Android App Unencrypted Transmission of Administrator PIN in Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App Vulnerability: Remote Code Execution in Imperva SecureSphere Gateway Blind SQL Injection Vulnerabilities in Quest Kace K1000 Appliance Arbitrary JavaScript Injection and Session Hijacking in Quest Kace K1000 Appliance Misconfigured CORS Mechanism in Quest Kace K1000 Appliance Allows Unauthorized Access and Privilege Escalation Exploiting Port Contention: A Side-Channel Timing Attack on Simultaneous Multi-threading (SMT) Processors Insecure SSL Certificate Validation in PrinterLogic Print Management Software Code Execution Vulnerability in PrinterLogic Print Management Software Stack-based Buffer Overflow in Dokan1.sys Driver (Versions 1.0.0.5000 - 1.2.0.1000) Stored Cross-Site Scripting Vulnerability in Pixar's Tractor Software (Versions 2.2 and Earlier) Local Arbitrary Code Execution Vulnerability in Imperva SecureSphere v12.0.0.50 Privilege Escalation Vulnerability in Imperva SecureSphere v13.0, v12.0, and v11.5 Arbitrary Command Execution Vulnerability in TIBCO Data Virtualization Arbitrary Code Execution Vulnerability in TIBCO JasperReports Server and Jaspersoft Studio Vulnerability: Unauthorized Read-Only Access to TIBCO JasperReports Server Web Application Persistent Cross-Site Scripting (XSS) Vulnerability in TIBCO JasperReports Server and Related Products Cross-Site Scripting (XSS) Vulnerabilities in TIBCO Administrator Server Component XML External Entity Expansion (XXE) Vulnerability in TIBCO Administrator Server Component XML External Entity Expansion (XXE) Vulnerability in TIBCO Runtime Agent and TIBCO Runtime Agent for z/Linux Multiple Remote Code Execution Vulnerabilities in TIBCO Spotfire Software Multiple Information Disclosure Vulnerabilities in TIBCO Spotfire Server and Spotfire Analytics Platform Multiple Unauthorized Information Disclosure Vulnerabilities in TIBCO Spotfire Software Insufficient Session Expiration Vulnerability in Philips ISCV Application Prior to Version 2.3.0 Command Injection Vulnerability in Nortek Linear eMerge E3 Series Versions V0.32-07e and Prior Stack-based Buffer Overflow in 3S-Smart CODESYS Web Server Vulnerability: Improper Validation of Integrity Check Value in PHOENIX CONTACT mGuard Firmware Stack-based Buffer Overflow Vulnerability in Fuji Electric V-Server VPR 4.0.1.0 and Prior SQL Injection Vulnerability in Advantech WebAccess/SCADA Path Traversal Vulnerability in Advantech WebAccess/SCADA Vulnerability: Per-Product Credentials Exposure in Medtronic 2090 Carelink Programmer Improper Input Validation Vulnerability in Nari PCS-9611 Relay Medtronic 2090 Carelink Programmer Directory Traversal Vulnerability NULL Pointer Dereference Vulnerability in Moxa OnCell G3100-HSPA Series Insufficient Identity Verification in Philips Alice 6 System Version R8.0.2 or Prior Stack-based Buffer Overflow Vulnerability in Emerson ControlWave Micro Process Automation Controller Improper Handling of Length Parameter Inconsistency in Moxa OnCell G3100-HSPA Series Remote Code Execution Vulnerability in Philips IntelliSpace Portal Cookie Parameter Brute Force Attack Vulnerability in Moxa OnCell G3100-HSPA Series Uncontrolled Search Path Element Vulnerability in Vyaire Medical CareFusion Upgrade Utility SSL Legacy Encryption Vulnerability in Philips IntelliSpace Portal Improper Authentication in WAGO PFC200 Series 3S CoDeSys Runtime Inadequate Encryption Strength Vulnerability in Belden Hirschmann Switches SSL Incorrect Hostname Certificate Vulnerability in Philips IntelliSpace Portal LCDS LTDA ME LAquis SCADA 4.1.0.3391 and Earlier: Code Execution Vulnerability Untrusted SSL Certificate Vulnerability in Philips IntelliSpace Portal Session Fixation Vulnerability in Belden Hirschmann Switches: Web Session Hijacking Critical SSL Certificate Vulnerability in Philips IntelliSpace Portal: Unauthorized Access Risk Information Exposure Through Query Strings in Belden Hirschmann Switches Critical Remote Desktop Access Vulnerability in Philips Intellispace Portal 7.0.x and 8.0.x Belden Hirschmann Switches: Excessive Authentication Attempts Vulnerability Unquoted Search Path Vulnerability in Philips IntelliSpace Portal Cleartext Transmission of Sensitive Information in Belden Hirschmann Switches Insecure Windows Permissions Vulnerability in Philips Intellispace Portal Versions 7.0.x and 8.0.x Buffer Overflow Vulnerability in GE D60 Line Distance Relay Devices Input Validation Vulnerability in Philips Intellispace Portal Versions 7.0.x and 8.0.x GE D60 Line Distance Relay Firmware Version 7.11 and Prior: Remote Code Execution Vulnerability Remote Code Execution Vulnerability in Delta Electronics Delta Industrial Automation DOPSoft netCADOPS Web Application Password Entry Information Exposure Vulnerability XSS Vulnerability in Contao Newsletter Unsubscribe Module XSS Vulnerability in FoxSash ImgHosting 1.5 Allows Session Hijacking Cookie Insecurity in OnCommand Unified Manager for 7-Mode: Impersonation via MITM Attacks Insecure Transmission of Sensitive Cookie in NetApp SnapCenter Server Privilege Escalation Vulnerability in NetApp OnCommand Unified Manager for Windows Vulnerability: Unauthorized Code Execution in NetApp OnCommand Unified Manager for Linux (Versions 7.2-7.3) Unauthenticated Remote Code Execution in NetApp OnCommand Unified Manager for Linux Versions 7.2-7.3 Unauthenticated Remote Code Execution in NetApp SANtricity Web Services Proxy and SANtricity Storage Manager NetApp 7-Mode Transition Tool Privilege Escalation Vulnerability Vulnerability: Inadequate Enforcement of Read-Only Export Policy Rules in Clustered Data ONTAP 8.3 RC Versions Unauthenticated Remote Code Execution in NetApp E-Series SANtricity OS Controller Software 11.30 and later ATTO FibreBridge 7500N Firmware DoS Vulnerability Vulnerability: Unauthenticated Remote Code Execution in StorageGRID Webscale Admin Node Sensitive Information Disclosure Vulnerability in Data ONTAP Operating in 7-Mode Versions Prior to 8.2.5P2 Sensitive Information Disclosure Vulnerability in Clustered Data ONTAP versions prior to 9.1P16, 9.3P10, and 9.4P5 Clustered Data ONTAP Versions 9.0-9.4: Remote Authenticated DoS Vulnerability in NFS and SMB Environments ATTO FibreBridge 7500N Firmware Version 2.95 Denial of Service Vulnerability Memory Leak Vulnerability in F5 BIG-IP Systems with Multipath TCP (MCTCP) Feature Excessive Buffering Vulnerability in F5 BIG-IP TCP DNS Profile Client Certificate Authentication Disruption Vulnerability on F5 BIG-IP Versions 13.0.0 - 13.1.0.3 TMM Restart Vulnerability in F5 BIG-IP Websockets Request/Response Handling Vulnerability in F5 BIG-IP Systems Vulnerability: TMM Restart in F5 BIG-IP with ASM and AVR Provisioned Unauthenticated Brute Force Vulnerability in F5 BIG-IP Apache Modules SSL decryption vulnerability on F5 BIG-IP versions 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5 with small MTU TMM Crash Vulnerability in F5 BIG-IP PEM Denial of Service Vulnerability in F5 BIG-IP Versions 13.0.0 and 12.1.0 - 12.1.3.1 IPv6 Virtual Server Packet Sequence Vulnerability Command Execution Vulnerability in F5 BIG-IP Configuration Utility Vulnerability: TMM Restart on F5 BIG-IP 13.1.0-13.1.0.5 with LRO and SYN Cookies Enabled F5 BIG-IP Proxy SSL Configuration Malformed TLS Handshake Vulnerability Denial of Service Vulnerability in F5 BIG-IP 13.1.0-13.1.0.5 with HTTP/2 Profile Enabled IPv6 RADIUS Authentication Response Vulnerability on F5 BIG-IP 13.0.0-13.1.0.5 Authenticated User File System Exfiltration Vulnerability Malformed TCP Packets Vulnerability on F5 BIG-IP 13.1.0-13.1.0.5 Vulnerability: F5 BIG-IP VCMP Guest Disruption of Service Arbitrary File Write Vulnerability in F5 BIG-IP Unauthorized File System Access via TMOS Shell (tmsh) on F5 BIG-IP Systems Arbitrary Content Reflection in F5 BIG-IP GeoIP Lookup Responses Vulnerability F5 BIG-IP DIAMETER Attribute-Value Pairs Crash Vulnerability Command Execution Vulnerability in F5 BIG-IP Configuration Utility Vulnerability in F5 BIG-IP Virtual Servers with HSM-enabled SSL Profiles F5 BIG-IP Configuration Utility Local File Exposure Vulnerability Behavioral DOS (BADOS) Protection Failure Vulnerability Memory Leak Vulnerability in BIG-IP 13.1.0-13.1.0.7 with SSL Forward Proxy Enabled TMM Restart and Core File Generation Vulnerability in BIG-IP 13.0.1 and 13.1.0.4-13.1.0.7 Privilege Escalation Vulnerability in F5 BIG-IP APM Client HPACK Bomb Vulnerability in F5 BIG-IP Virtual Servers with HTTP/2 Profiles Denial of Service Vulnerability in F5 BIG-IP VCMP Guest and Host Systems Persistent DNS Cache Poisoning Vulnerability in F5 BIG-IP SSL Forward Proxy Traffic Processing Vulnerability in F5 BIG-IP SSL Forward Proxy Traffic Processing Vulnerability F5 BIG-IP Virtual Server Denial of Service Vulnerability F5 BIG-IP APM Memory Leak Vulnerability Remote Code Execution Vulnerability in F5 BIG-IP TMM Virtual Server Unrestricted NOTIFY Message Acceptance on F5 BIG-IP DNS Management Interface F5 BIG-IP ASM CSRF Protection Bypass Vulnerability Privilege Escalation Vulnerability in F5 BIG-IP and Related Products Excessive CPU Usage Vulnerability in F5 BIG-IP ASM Unauthenticated HTTPS Health Monitor Vulnerability Command Line Credential Disclosure in F5 BIG-IP Controller for Kubernetes F5 BIG-IP APM Information Disclosure Vulnerability Remote Code Execution Vulnerability in F5 WebSafe Alert Server 1.0.0-4.2.6 Privilege Escalation Vulnerability in F5 BIG-IP APM Client Privilege Escalation via Windows Logon Integration in F5 BIG-IP APM Client Insecure AES ECB Mode Vulnerability in BIG-IP APM 11.6.0-11.6.3 SAML Assertion Processing Vulnerability in BIG-IP APM Reflective Cross-Site Scripting (XSS) Vulnerability in Epson AirPrint Vulnerability: Known Passwords in DocuTrac QuicDoc and Office Therapy Hard-coded Cryptographic Salt Vulnerability in DocuTrac QuicDoc and Office Therapy Command Injection Vulnerability in Crestron Console Service on DGE-100, DM-DGE-200-C, and TS-1542-C Devices Unencrypted API Response Vulnerability in Rapid7 Komand Versions 0.41.0 and Prior Static, Hard-Coded Credential Vulnerability in Practecol's Guardzilla All-In-One Video Security System Denial of Service Vulnerability in Long Range Zip (lrzip) 0.631 XSS Vulnerability in WordPress Dark Mode Plugin 1.6 via dark_mode_start Parameter XSS Vulnerability in WordPress Dark Mode Plugin 1.6 Cross-Site Scripting (XSS) Vulnerability in Weblizar Pinterest Feeds Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in Weblizar Pinterest Feeds Plugin for WordPress XSS Vulnerability in Weblizar Pinterest Feeds Plugin for WordPress CSRF Vulnerability in Weblizar Pinterest Feeds Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in responsive-coming-soon-page Plugin for WordPress CSRF Vulnerability in Responsive Coming Soon Page Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in responsive-coming-soon-page Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in Responsive Coming Soon Page Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in responsive-coming-soon-page Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in responsive-coming-soon-page Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in responsive-coming-soon-page Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in responsive-coming-soon-page Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in responsive-coming-soon-page Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in responsive-coming-soon-page Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in read-and-understood Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in read-and-understood Plugin 2.1 for WordPress CSRF Vulnerability in Read-and-Understood Plugin 2.1 for WordPress Cross-Site Scripting (XSS) Vulnerability in Booking-Calendar Plugin 2.1.7 for WordPress Cross-Site Scripting (XSS) Vulnerability in Booking-Calendar Plugin 2.1.7 for WordPress Cross-Site Scripting (XSS) Vulnerability in Booking-Calendar Plugin 2.1.7 for WordPress CSRF Vulnerability in Booking-Calendar Plugin 2.1.7 for WordPress Arbitrary Code Execution via Crafted PDF Files in Foxit Reader and PhantomPDF Arbitrary Code Execution via Crafted PDF Files in Foxit Reader and PhantomPDF Arbitrary Code Execution via Crafted PDF Files in Foxit Reader and PhantomPDF Arbitrary Code Execution via Crafted PDF Files in Foxit Reader and PhantomPDF Arbitrary Code Execution via Crafted PDF Files in Foxit Reader and PhantomPDF Arbitrary Code Execution via Crafted PDF Files in Foxit Reader and PhantomPDF Arbitrary Code Execution via Crafted PDF Files in Foxit Reader and PhantomPDF XSS Vulnerability in PrestaShop 1.7.2.4: Source-code Editing on Pages > Edit page Screen User Enumeration Vulnerability in PrestaShop 1.7.2.4 via Reset Password Feature Improper Memory Address Validation in QEMU's vga_draw_text Function Allows for Denial of Service Invalid memcpy call in ff_mov_read_stsd_entries function of libavformat/mov.c leading to denial of service and program failure Denial of Service Vulnerability in GraphicsMagick 1.3.27 via Crafted BMP Image Infinite Loop Vulnerability in MuPDF 1.12.0 Allows Remote Denial of Service NewsBee Vulnerability: Cross-Site Scripting (XSS) Exploit via Company Name Field Cross-Site Scripting (XSS) Vulnerability in ILIAS Setup Component Arbitrary Script Injection via Email in Dotclear 2.12.1 Arbitrary Script Injection in Dotclear 2.12.1 admin/users.php XSS Vulnerability in SonicWall Global Management System (GMS) 8.1 via `/sgms/TreeControl` Module Cross-Site Scripting (XSS) Vulnerability in Piwigo v2.8.2's admin.php File Information Disclosure Vulnerability in LinuxMagic MagicSpam Extension for Plesk Arbitrary Command Execution Vulnerability in Flash Operator Panel (FOP) 2.31.03 SQL Injection Vulnerability in WpJobBoard Plugin 4.4.4 for WordPress SQL Injection Vulnerability in iJoomla com_adagency Plugin 6.0.9 for Joomla! SQL Injection Vulnerability in Icy Phoenix 2.2.0.105 via admin_kb_art.php and admin_jr_admin.php Heap-Based Buffer Over-Read Vulnerability in WizardMac ReadStat 0.1.1 Remote Code Execution via Directory Traversal in Winmail Server 6.2 Arbitrary Write Vulnerability in Iolo System Shield AntiVirus and AntiSpyware 5.0.0.136 Remote Code Execution and File Write Vulnerability in Transmission 2.92 Denial of Service and Slab Out-of-Bounds Write Vulnerability in Linux Kernel's tcp_v6_syn_recv_sock Function Cross-Protocol Scripting Vulnerability in OpenOCD 0.10.0 XSS Vulnerability in Reservo Image Hosting 1.6's Search Engine Allows Session Hijacking Privilege Escalation Vulnerability in Octopus Deploy Unauthenticated User Can Obtain Admin Credentials in D-Link DIR-601 B1 2.02NA Kerberos 5 Database Dump Variable Type Mismatch Vulnerability NULL Pointer Dereference in MIT Kerberos 5 (krb5) Plugin Infinite Loop Vulnerability in GD Graphics Library Reflected XSS Vulnerability in PHP PHAR 404 Error Page Denial of Service and Potential Impact Vulnerability in Malwarefox Anti-Malware 2.72.169 Denial of Service and Potential Impact Vulnerability in Malwarefox Anti-Malware 2.72.169 XSS Vulnerability in phprint.php of SugarCRM 3.5.1 via Query String Parameter Name Path Traversal Vulnerability in Reprise License Manager 11.0 Firmware Downgrade Vulnerability in NCR S2 Dispenser Controller Memory Buffer Write Vulnerability in snscore.sys in SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, SoftControl/SafenSoft Enterprise Suite before version 4.4.1 CSRF Vulnerability Allows Unauthorized Modification of Settings on DODOCOOL DC38 3-in-1 N300 Mini Wireless Range Extender ASUS Router Stack-based Buffer Overflow Vulnerability Hardcoded Password Vulnerability in MASTER IPCAMERA01 3.3.4.2103 Devices Unauthenticated Configuration Download and Upload Vulnerability in MASTER IPCAMERA01 3.3.4.2103 Devices Unauthenticated Configuration Change in MASTER IPCAMERA01 3.3.4.2103 Devices via Web Server Port Number Sensitive Information Disclosure in MASTER IPCAMERA01 3.3.4.2103 Devices via Crafted HTTP Request Integer Overflow Vulnerability in OpenJPEG 2.3.0's opj_t1_encode_cblks Function Remote Information Disclosure Vulnerability in Cobham Sea Tel 121 Build 222701 Devices LDAP Kerberos Database Denial of Service and Bypass Vulnerability LDAP Kerberos Database Container Bypass Vulnerability Vulnerability: File Overwrite and Execution Race Condition in Heimdal PRO 2.2.190 Buffer Overflow Vulnerability in ISC DHCP DHCP Server Vulnerability: Denial of Service via Overflow of Reference Counter BIND Vulnerability: Assertion Failure in badcache.c Assertion failure vulnerability in Debian backport of CVE-2017-3137 fix Zone Database Reference Counting Vulnerability in BIND 9.12.0 and 9.12.1 Vulnerability: Assertion Failure and Undesirable Behavior in BIND 9.12 Serve-Stale Feature Vulnerability: Improper Inheritance of allow-recursion Setting in BIND Nameserver Memory Leak in Kea DHCP 1.4.0 Hooks Library Deny-Answer-Aliases Assertion Failure Vulnerability in BIND DNS Server Misleading Documentation for BIND Update-Policy Vulnerability Assertion Failure Vulnerability in BIND9 (RedHat Versions) BIND Vulnerability: Exploitable TCP Connection Limit Bypass (CVE-2018-5743) Memory Leak Vulnerability in BIND DNS Server BIND managed-keys Key Rollover Vulnerability Use-after-free vulnerability in lrzip 0.631 allows remote attackers to cause denial of service via crafted lrz file Denial of Service Vulnerability in libvirt's QEMU Monitor Arbitrary PHP Code Execution in Minecraft Servers List Lite and Premium Minecraft Servers List Sensitive Address Information Disclosure in Linux Kernel ACPI SBS HC printk Call Information Disclosure Vulnerability in Open-Xchange OX App Suite Server-side Request Forgery (SSRF) Vulnerability in Open-Xchange OX App Suite Email Spoofing Vulnerability in Open-Xchange OX App Suite Arbitrary Script Injection via Office-Web Component in Open-Xchange OX App Suite Absolute Path Traversal Vulnerability in Open-Xchange OX App Suite Arbitrary Task Deletion Vulnerability in Open-Xchange OX App Suite Remote Code Execution Vulnerability in AudioCodes 450HD IP Phone Devices XML External Entity (XXE) Vulnerability in Aurea Jive Jive-n 9.0.2.1 On-Premises Upload File Functionality Denial of Service Vulnerability in Artifex MuJS through 1.0.2 Rubrik CDM Vulnerability: Man-in-the-Middle Attack on vCenter Access ROBOT Attack: Bleichenbacher RSA Padding Oracle Vulnerability in Unisys ClearPath MCP Systems Denial of Service Vulnerability in OXID eShop with High Performance Option and Varnish Multiple --protect-args Bypass Vulnerability in rsyncd Invalid memcpy in av_packet_ref function leads to denial of service vulnerability in Libav through 12.2 Remote Code Execution Vulnerability in Tenda AC15 V15.03.1.16_multi Devices Remote Code Execution Vulnerability in Tenda AC15 Router via Specially Crafted COOKIE Header Default Root Accounts with Telnet Access on Tenda AC15 Devices Exiv2 0.26 Denial of Service Vulnerability via Crafted TIF File XSS Vulnerability in markdown2 (python-markdown2) through 2.3.5 XSS Vulnerability in WordPress MediaElement Flash Fallback Files Arbitrary Command Execution Vulnerability in Ipswitch WhatsUp Gold TFTP Server Multiple SQL Injection Vulnerabilities in Ipswitch WhatsUp Gold Arbitrary Code Execution Vulnerability in Mitel Connect ONSITE and Mitel ST Arbitrary PHP Code Execution Vulnerability in Mitel Connect ONSITE and Mitel ST Arbitrary PHP Code Execution Vulnerability in Mitel Connect ONSITE and Mitel ST Arbitrary PHP Code Execution Vulnerability in Mitel Connect ONSITE and Mitel ST Uncontrolled Memory Allocation Vulnerability in PoDoFo 0.9.5 Uncontrolled Resource Consumption in LibTIFF 4.0.9 TIFFSetDirectory Function Integer Overflow in OpenJPEG 2.3.0: Denial of Service via Crafted BMP File Denial of Service Vulnerability in Long Range Zip (lrzip) 0.631 Remote, Unauthenticated Stack Overflow in ExtremeWireless WiNG Access Point Remote, Unauthenticated Denial of Service Vulnerability in ExtremeWireless WiNG Access Point Remote, Unauthenticated XML Entity Expansion Denial of Service in ExtremeWireless WiNG Access Point/Controller Remote, Unauthenticated Global Denial of Service in ExtremeWireless WiNG Access Points via Crafted MINT Protocol Packets Remote, Unauthenticated Heap Overflow in ExtremeWireless WiNG Access Point via Crafted Packets Remote, Unauthenticated Heap Overflow in ExtremeWireless WiNG Access Point via Crafted Packets Remote, Unauthenticated Heap Overflow in ExtremeWireless WiNG Access Point via Crafted Packets Unauthenticated Access to AeroScout Service via Crafted UDP Packet in ExtremeWireless WiNG Arbitrary File Write Vulnerability in ExtremeWireless WiNG Access Point / Controller Hidden Root Shell Vulnerability in ExtremeWireless WiNG 5.x and 5.9.x Smint_encrypt Hardcoded AES Key Vulnerability Unspecified Cross Site Scripting Vulnerability in Cloudera Manager Zoho ManageEngine ServiceDesk Plus XSS Vulnerability (SD-69139) Heap-based Buffer Overflow in LibRaw's kodak_ycbcr_load_raw() Function NULL Pointer Dereference in LibRaw's LibRaw::unpack() Function Out-of-Bounds Read Vulnerability in LibRaw's kodak_radc_load_raw() Function SCTP Packet Length Handling Vulnerability in Linux Kernel Type Confusion Vulnerability in LibRaw's identify() Function Leading to Division by Zero Stack-based Buffer Overflow in LibRaw's quicktake_100_load_raw() Function NULL Pointer Dereference Vulnerability in LibRaw's leaf_hdr_load_raw() Function Out-of-Bounds Read Vulnerability in LibRaw's samsung_load_raw() Function Stack-based buffer overflow vulnerability in LibRaw versions prior to 0.18.9 in find_green() function in internal/dcraw_common.cpp Stack-based buffer overflow in LibRaw::parse_exif() function in LibRaw versions prior to 0.18.9 Heap-based Buffer Overflow in rollei_load_raw() Function in LibRaw Versions Prior to 0.18.9 Out-of-Bounds Read Vulnerability in LibRaw's nikon_coolscan_load_raw() Function NULL Pointer Dereference Vulnerability in LibRaw's nikon_coolscan_load_raw() Function Infinite Loop Vulnerability in LibRaw's parse_minolta() Function Race condition vulnerabilities in Linux Kernel USB over IP handling Integer Overflow Vulnerability in LibRaw's parse_qt() Function Integer Overflow Vulnerability in LibRaw's identify() Function Infinite Loop Vulnerability in LibRaw's unpacked_load_raw() Function Infinite Loop Vulnerability in LibRaw's parse_rollei() Function CPU Resource Exhaustion Vulnerability in LibRaw versions prior to 0.19.1 Heap Overwrite Vulnerability in Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android Out-of-Bounds Read Vulnerability in Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android WLAN FW Buffer Overwrite Vulnerability in Qualcomm Android and Firefox OS Buffer Overflow Vulnerability in Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android Buffer Overflow Vulnerability in Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android Use After Free Vulnerability in Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with Linux Kernel Race Condition Vulnerability in Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with Linux Kernel Buffer Overflow Vulnerability in WLAN Processing of Extscan Hotlist Event Buffer Overwrite Vulnerability in Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android Buffer Over-read Vulnerability in wlan_hdd_cfg80211_set_privacy_ibss() Buffer Overflow Vulnerability in Android Releases from CAF before Security Patch Level 2018-06-05 Use After Free Vulnerability in KGSL Driver in Android Releases Race Condition Vulnerability in Camera Driver Ioctl Handler in Android Releases Buffer Overwrite Vulnerability in __wlan_hdd_cfg80211_vendor_scan() Buffer overflow vulnerability in __wlan_hdd_cfg80211_add_key() in Android releases from CAF before security patch level 2018-06-05 Out-of-Bounds Access Vulnerability in wma_nan_rsp_event_handler() in Android Releases Flawed RNG in Snapdragon Devices Leads to Improper MAC Address Randomization Out-of-Bounds Access Vulnerability in SurfaceFlinger of Snapdragon Devices Memory Protection Misconfiguration Vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile Buffer Overflow Vulnerability in DRM SDE Driver Initialization Sequence in Android Releases from CAF Invalid Initialization of dcc_curr_list in Android Releases from CAF: Potential Linux Kernel Vulnerability Arbitrary Address Write Vulnerability in Android WLAN Firmware Buffer Overwrite Vulnerability in wma_pdev_div_info_evt_handler() Function Vulnerability: Use-After-Free in set_output_buffers() Function in Android Video Driver Race Condition in drm_atomic_nonblocking_commit() Can Lead to Use After Free Vulnerability in Android Releases Use After Free Vulnerability in IPA Driver for Android Releases Use After Free Vulnerability in Android Releases from CAF Unsigned Integer Overflow in wmi_set_ie() Function Leads to Buffer Overflow in Android Releases Race Condition Vulnerability in QTEECOM Driver Leads to Use After Free in Android Releases Integer Underflow Vulnerability in csr_update_fils_params_rso() Function Buffer Overflow Vulnerability in Android Releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) Race Condition Vulnerability in Android Driver Stack-Based Buffer Overflow Vulnerability in Fastboot on Android Releases Buffer Over-read Vulnerability in Android Releases from CAF before Security Patch Level 2018-07-05 Race Condition Vulnerability in Audio Leading to Use After Free in CAF Android Releases Use After Free Vulnerability in WCD CPE Codec in Android Releases Out of Bounds Access Vulnerability in Android Audio Debugfs Race Condition Vulnerability in MDSS MDP Driver in Android Releases Uninitialized Data Structure Vulnerability in MDSS Driver on Android Incomplete Partition Size Checks Leading to Heap Overwrite Vulnerabilities in Android Releases from CAF Buffer Overwrite Vulnerability in wlan_hdd_cfg80211_vendor_scan() in Android Releases Buffer Overflow Vulnerability in Android's WPA RSN IE Length Handling Buffer Over-read and Information Leak in WMI_APFIND Event Processing in Android Releases from CAF Integer Underflow and Buffer Over-read Vulnerability in Android CAF Firmware Untrusted Pointer Vulnerability in Snapdragon Mobile and Snapdragon Wear Devices Buffer Overflow Vulnerability in WideVine in Snapdragon Devices Buffer Overflow Vulnerability in WideVine on Snapdragon Automobile and Snapdragon Mobile Devices Improper Input Validation in QTEE Keymaster App: Vulnerability in Snapdragon Mobile and Snapdragon Wear Untrusted Pointer Dereference Vulnerability in Snapdragon Mobile (SD 835, SDA660, SDX24) Flawed RNG in Snapdragon Devices Leads to Inadequate MAC Address Randomization Out-of-Range Pointer Offset Vulnerability in Android Releases from CAF Race Condition Vulnerability in Linux Kernel and Android Releases Stack-based Buffer Overflow in Snapdragon Automobile, Mobile, and Wear: Vulnerability in MP4 File Parsing Integer Overflow and Buffer Overflow Vulnerability in Snapdragon Platforms Buffer Overflow Vulnerability in Snapdragon Automobile, Mobile, and Wear: Parsing MP4 Files Improper NULL Termination Vulnerability in Snapdragon Devices Buffer Overflow Vulnerability in Snapdragon Automobile, Mobile, and Wear Devices during RIL_REQUEST_GET_SMSC_ADDRESS Response Handling MQTT Message Length Check Vulnerability in Snapdragon Mobile and Snapdragon Wear Devices Buffer Overflow Vulnerability in Snapdragon Mobile and Snapdragon Wear Devices Buffer Overflow Vulnerability in Snapdragon Mobile and Snapdragon Wear Devices Buffer Over-read Vulnerability in Snapdragon Automobile, Mobile, and Wear Buffer Overflow Vulnerability in WLAN Driver Event Handlers Unrestricted Access to Qualcomm-Specific Proprietary Intents in Snapdragon Mobile and Snapdragon Wear Buffer Overflow Vulnerability in Snapdragon Mobile and Snapdragon Wear during Dynamic Font Loading Unvalidated Pointer Vulnerability in Android CAF Releases Array Index Out of Bounds Vulnerability in USB StrSerialDescriptor Array Processing in Android Releases from CAF Out of Bounds Access Vulnerability in Android Releases from CAF Buffer Overflow Vulnerability in Android Releases from CAF Using Linux Kernel Device Tree Size Bypass Vulnerability in Android Releases from CAF Use After Free Vulnerability in Snapdragon Mobile and Snapdragon Wear Privacy Breach: Touch Pal App Collects User Behavior Data Without Consent in Snapdragon Mobile and Snapdragon Wear Buffer Overwrite Vulnerability in Android Releases from CAF Out-of-Bounds Access Vulnerability in Snapdragon Multimedia Parsing Buffer Over-read Vulnerability in wma_process_utf_event() in Android Releases from CAF Out-of-Bound Read Vulnerability in Android Releases from CAF Buffer Over-read Vulnerability in dci_process_ctrl_status() in Android Releases from CAF Integer Overflow in msm_pcm_adsp_stream_cmd_put() Function in Android Releases from CAF Use After Free Vulnerability in TDLS Connection Setup in Android Releases from CAF Improper Validation of Array Leads to Out of Bounds Read Vulnerability in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music in Multiple Qualcomm Chipsets LPM Status Driver Use After Free Vulnerability in Android Releases Race Condition Vulnerability in DIAG Services Leading to Out-of-Boundary Access Possible Buffer Overflow in Debugfs Module in CAF Android Releases Buffer Overflow Vulnerability in msm_adsp_stream_callback_put Possible Buffer Overflow Vulnerability in Display Function in CAF Android Releases Buffer Overflow Vulnerability in Display Handlers of CAF Android Releases Memory Corruption Vulnerability in CAF Android Releases with Improper Check in Display Handlers Buffer Overflow Vulnerability in WLAN Function in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS605, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 855, SDM630, SDM660, SDX20, SDX24 Critical Buffer Overflow Vulnerability in Snapdragon Processors: Video Component Side Channel Vulnerability in Non-Time Constant Function memcmp in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High Array Out of Bounds Vulnerability in TZ Function of Snapdragon Mobile and Wear Devices IPv6 Packet Processing Vulnerability in Snapdragon Automobile, Mobile, and Wear Devices Buffer Overread Vulnerability in Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear Devices Critical Buffer Overflow Vulnerability in Snapdragon Processors: OEM Crypto Function Input Validation Issue Buffer Overflow Vulnerability in Snapdragon Processors Use After Free Vulnerability in WLAN Host Driver Can Cause Device Reboot Cross Site Request Forgery Vulnerability in HP Printers and MFPs Firmware Vulnerability: Arbitrary Code Execution via Solution Application Signature Checking in HP Printers Stack Buffer Overflow Vulnerability in HP Inkjet Printers Allows Remote Code Execution HP Inkjet Printers Vulnerability: Remote Code Execution via Buffer Overflow HP Remote Graphics Software Certificate Authentication Vulnerability Local Privilege Escalation in HP Support Assistant Mailman Web UI XSS Vulnerability IPv6 Packet Size Vulnerability in MikroTik RouterOS Sensitive Address Information Disclosure in Linux Kernel's swiotlb_print_info Function Denial of Service Vulnerability in phpFreeChat 1.7 and Earlier Unauthenticated User Addition Vulnerability in GitStack Denial of Service Vulnerability in Zillya! Antivirus 3.0.2230.0 Unvalidated Input in Zillya! Antivirus Driver (zef.sys) Allows Denial of Service Denial of Service Vulnerability in Zillya! Antivirus 3.0.2230.0 SQL Injection in Zenario v7.1 - v7.6 via Categories - Edit Module XSS Vulnerability in CentOS Web Panel (CWP) v0.9.8.12 via index.php XSS Vulnerability in CentOS-WebPanel.com (CWP) v0.9.8.12 XSS Vulnerability in CMS Made Simple (CMSMS) 2.2.5 via title parameter in admin/addbookmark.php XSS Vulnerability in CMS Made Simple (CMSMS) 2.2.5 via m1_messages Parameter XSS Vulnerability in CMS Made Simple (CMSMS) 2.2.5 via m1_errors Parameter Cross-Site Scripting (XSS) Vulnerability in Netis WF2419 V2.2.36123 Bandwidth Control Rule Settings Unauthenticated Remote Code Execution in FasterXML Jackson-Databind CSRF Vulnerability in Photography CMS 1.0 Allows Unauthorized Admin Account Creation SQL Injection in JGive 2.0.9 Component for Joomla! via filter_org_ind_type or campaign_countries parameter SQL Injection Vulnerability in MediaLibrary Free 4.0.12 Component for Joomla! SQL Injection in Classified Ads CMS Quickad 4.0: Exploiting Keywords, Placeid, Cat, and Subcat Parameters SQL Injection in Professional Local Directory Script 1.0 via IndustryID and CategoryID Parameters SQL Injection Vulnerability in SimpleCalendar 3.1.9 Component for Joomla! SQL Injection in Smart Shoutbox 3.0.0 Component for Joomla! via shoutauthor Parameter CSRF Vulnerability in RSVP Invitation Online 1.0 Allows Unauthorized Password Modification SQL Injection Vulnerability in Affiligator Affiliate Webshop Management System 2.1.0 via search/?q=&price_type=range&price= Request SQL Injection Vulnerability in Facebook Style Php Ajax Chat Zechat 1.5 via login.php User Field SQL Injection in Wchat Fully Responsive PHP AJAX Chat Script 1.5: Login.php User Field Vulnerability SQL Injection Vulnerability in Solidres 2.5.1 Component for Joomla! SQL Injection Vulnerability in Gallery WD 1.3.6 Component for Joomla! SQL Injection Vulnerability in Advertisement Board 3.1.0 Component for Joomla! SQL Injection Vulnerability in JquickContact 1.3.2.2.1 Component for Joomla! SQL Injection Vulnerability in Tumder 2.1 Component for Joomla! SQL Injection Vulnerability in LiveCRM SaaS Cloud 1.0 Component for Joomla! SQL Injection Vulnerability in Easy Car Script 2014 via site_search.php Multiple SQL Injection Vulnerabilities in Pinterest Clone Social Pinboard 2.0 Component for Joomla! SQL Injection in Flexible Poll 1.2 via id parameter in mobile_preview.php or index.php SQL Injection in ccNewsletter 2.x Component for Joomla! via id parameter in task=removeSubscriber action SQL Injection Vulnerability in AllVideos Reloaded 1.2.x Component for Joomla! via divid Parameter SQL Injection in Form Maker 3.6.12 Component for Joomla! via view=stats Parameter SQL Injection Vulnerability in Staff Master Component for Joomla! SQL Injection Vulnerability in Aist through 2.0 Component for Joomla! via id Parameter in view=showvacancy Request SQL Injection in JS Jobs 1.1.9 Component for Joomla! via Zipcode and TA Parameters Sensitive Address Information Disclosure in Linux Kernel Memory Corruption Vulnerability in NCompress::NRar3::CDecoder::Code Method of 7-Zip Unrestricted Upload and Path Traversal Vulnerability Leading to Remote Code Execution as Root in RAVPower Filehub 2.000.056 Authentication Bypass Vulnerability in AsusWRT Remote Administrative Access Vulnerability in AsusWRT Cross-Site Scripting Vulnerability in Soundy Audio Playlist Plugin for WordPress Cross-Site Scripting Vulnerability in Soundy Background Music Plugin for WordPress Unlimited Recursion in GNU Libtasn1 BER Decoder Leads to Stack Exhaustion and DoS SQL Injection Vulnerability in File Download Tracker 3.0 Component for Joomla! SQL Injection Vulnerability in Realpin Component for Joomla! (Version 1.5.04) via Pinboard Parameter SQL Injection Vulnerability in JS Autoz 1.0.9 Component for Joomla! CSRF Vulnerability in JS Support Ticket 1.1.0 Component for Joomla! Arbitrary File Download Vulnerability in Jtag Members Directory 5.3.7 Component for Joomla! CSRF Token Regeneration Vulnerability in Yii Framework 2.x before 2.0.14 Information Disclosure and Reflected XSS Vulnerability in Yii Framework 2.x Use of Password Hash Instead of Password for Authentication in Green Electronics RainMachine Mini-8 (2nd generation) Arbitrary Code Injection Vulnerability in Green Electronics RainMachine Mini-8 (2nd generation) 'Weather Service' Feature Arbitrary Web Script Injection Vulnerability in BigTree 4.2.19 Insecure Cross-Domain Policy in Subsonic v6.1.3 Allows for User Data Theft via SWF Exploit Arbitrary CSV Data Download Vulnerability in Email Subscribers & Newsletters Plugin Unquoted Windows Search Path Privilege Escalation Vulnerability in 10-Strike Network Monitor 5.4 Privacy Breach: Unencrypted Image Transmission in Tinder iOS and Android Apps Exposes Sensitive Data Fixed-size HTTPS responses in Tinder apps enable information extraction through network traffic sniffing Failure to Use Encryption in Samsung Display Solutions App Allows Man-in-the-Middle Attackers to Spoof B2B Content Unauthenticated Modification of System Settings in Silex SX-500 and GE MobileLink (GEH-500) Remote Code Execution Vulnerability in Silex SD-320AN and GE MobileLink Arbitrary File Deletion via Directory Traversal in NoneCms 1.3.0 CSRF Vulnerability in Fastweb FASTgate 0.00.47 Devices: Wi-Fi Password Changing and Guest Wi-Fi Activation SQL Injection Vulnerability in Project Log 1.5.3 Component for Joomla! Server Side Request Forgery (SSRF) vulnerability in NoneCms 1.3.0 allows unauthorized access to internal and external network resources via the copy function in application/admin/controller/Article.php. PDFium Use After Free Vulnerability in Google Chrome Cross-Origin Data Leakage Vulnerability in Google Chrome Remote Code Execution via Crafted Chrome Extension in Google Chrome Out of Bounds Memory Read Vulnerability in WebGL in Google Chrome File Data Leakage Vulnerability in Google Chrome DevTools Data Leakage Vulnerability in V8 Engine of Google Chrome (CVE-2018-6031) Insufficient User Gesture Vulnerability in Google Chrome Autofill WebGL Heap Buffer Overflow in Google Chrome: Remote Memory Read Vulnerability Cross-Origin Data Leakage via Crafted Chrome Extension in Google Chrome Bypassing Content Security Policy in Google Chrome prior to 64.0.3282.119 Omnibox Spoofing Vulnerability in Google Chrome Omnibox Spoofing Vulnerability in Google Chrome Arbitrary Program Execution Vulnerability in Google Chrome External Protocol Handler File Data Leakage Vulnerability in Google Chrome DevTools Cross-Origin Data Leakage via Crafted Chrome Extension in Google Chrome WebGL Policy Enforcement Vulnerability in Google Chrome Referrer Information Leakage Vulnerability in Google Chrome Origin Spoofing Vulnerability in Google Chrome Omnibox Spoofing Vulnerability in Google Chrome Cross-Site Scripting (XSS) Auditor Bypass in Google Chrome prior to 64.0.3282.119 Referrer Leakage Vulnerability in Google Chrome prior to 64.0.3282.119 Local Information Disclosure Vulnerability in Google Chrome New Tab Page Use After Free Vulnerability in Google Chrome WebUI Remote Code Execution Vulnerability in Google Chrome Catalog Service Type Confusion Vulnerability in V8 Allows Remote Code Execution in Google Chrome Remote Code Execution Vulnerability in Google Chrome Prior to 65.0.3325.146 WebAudio Use After Free Vulnerability in Google Chrome Race Condition Vulnerability in SharedArrayBuffers Handling in Google Chrome Skia Heap Overflow Write Vulnerability in Google Chrome (CVE-2018-6061) Out of Bounds Memory Write Vulnerability in Mojo in Google Chrome Type Confusion Vulnerability in V8's __defineGetter__ Implementation in Google Chrome (CVE-2018-6065) Integer Overflow in V8 JavaScript Object Instantiation Vulnerability Cross-Origin Resource Sharing (CORS) Vulnerability in Google Chrome prior to 65.0.3325.146 Heap Corruption Vulnerability in Skia in Google Chrome Spoofing Vulnerability in Chrome Custom Tab Allows URL Bar Manipulation Skia Stack Buffer Overflow Vulnerability in Google Chrome CSP Bypass Vulnerability in Google Chrome Prior to 65.0.3325.146 Integer Overflow Vulnerability in Skia in Google Chrome Integer Overflow and Use After Free Vulnerability in PDFium in Google Chrome Heap Buffer Overflow in WebGL in Google Chrome (CVE-2018-6065) Bypassing OS Level Controls via Mark-of-the-Web Vulnerability in Google Chrome Cross-Origin Data Leakage in Google Chrome Prior to 65.0.3325.146 DOM-based XSS Vulnerability in Google Chrome Cross-Origin Data Leakage via Displacement Map Filters in Google Chrome (CVE-2018-6066) Omnibox Spoofing Vulnerability in Google Chrome Cross-Origin Data Leakage in WebGL Texture Sharing Remote Memory Metadata Leak in Google Chrome prior to 65.0.3325.146 XSS Vulnerabilities in Interstitials in Google Chrome: Arbitrary Script Injection via Crafted HTML Page FTP Port Enumeration Vulnerability in Google Chrome (prior to 65.0.3325.146) Privileged API Access Vulnerability in Google Chrome Prior to 65.0.3325.146 Arbitrary Code Execution via Insufficiently Sanitized Distributed Objects in Google Chrome Updater on macOS Remote Code Execution Vulnerability in Google Chrome Networking Disk Cache Double-eviction Vulnerability in Google Chrome's Incognito Mode Cache WebAssembly Use-After-Free Remote Code Execution Vulnerability in Google Chrome PDFium Iterator-Invalidation Bug Allows Remote Code Execution in Google Chrome CORS Bypass Vulnerability in Google Chrome Service Worker Integer Overflow Leading to Heap Buffer-Overflow in Skia in Google Chrome Cross-Origin Data Leakage via Fetch API in Google Chrome Integer Overflow Vulnerability in WebAssembly in Google Chrome Cross-Origin Data Leakage in Google Chrome Prior to 66.0.3359.117 Heap Corruption Vulnerability in Google Chrome Prior to 66.0.3359.117 via Crafted HTML Page File Picker Dismissal Vulnerability in Google Chrome (prior to 66.0.3359.117) Allows Remote File Reading Full Screen Warning Obscuration Vulnerability in Google Chrome (prior to 66.0.3359.117) Fullscreen Bypass Vulnerability in Google Chrome on macOS Domain Spoofing via IDN Homographs in Google Chrome CORS Vulnerability in Google Chrome: Remote Data Leakage via Crafted HTML Page Domain Spoofing Vulnerability in Google Chrome on macOS Remote Code Execution Vulnerability in Google Chrome DevTools Omnibox Spoofing Vulnerability in Google Chrome Stagnant Permission Prompt Vulnerability in Google Chrome (prior to 66.0.3359.117) Domain Spoofing via IDN Homographs in Google Chrome Domain Spoofing via IDN Homographs in Google Chrome Object Corruption Vulnerability in Asynchronous Generator in Google Chrome (prior to 66.0.3359.117) Domain Spoofing via IDN Homographs in Google Chrome Domain Spoofing via IDN Homographs in Google Chrome File API in Google Chrome prior to 66.0.3359.117 allows unauthorized indefinite file reading Remote Code Execution via Local Non-HTML Page in Google Chrome (prior to 66.0.3359.117) Arbitrary Code Execution Vulnerability in Google Chrome Developer Tools Network Handler Clickjacking Vulnerability in Google Chrome Prior to 66.0.3359.117 Domain Spoofing Vulnerability in Google Chrome on iOS (prior to 66.0.3359.117) CSP Bypass Vulnerability in Blink in Google Chrome (prior to 66.0.3359.117) Bypassing OS Malware Checks in Google Chrome File Downloads WebAssembly Nullptr Dereference Vulnerability in Google Chrome Autofill Vulnerability in Google Chrome (prior to 66.0.3359.117) Allows Remote Information Disclosure Double-eviction Vulnerability in Google Chrome's Incognito Mode Cache Omnibox Spoofing Vulnerability in Google Chrome Integer Overflow Vulnerability in PDFium in Google Chrome Privilege Escalation via Insufficient Input Validation in Google Chrome (CVE-2018-6126) WebAssembly Type Confusion Vulnerability in Google Chrome Use After Free Vulnerability in Google Chrome (CVE-2018-6149) Type Confusion Vulnerability in ReadableStreams in Google Chrome Insufficient Policy Enforcement in USB in Google Chrome on Windows Prior to 67.0.3396.62: Remote Information Disclosure Vulnerability Out of Bounds Memory Write Vulnerability in Skia in Google Chrome Sandbox Escape Vulnerability in Google Chrome's IndexDB Prior to 67.0.3396.62 Domain Spoofing Vulnerability in WebKit on Google Chrome for iOS Out of Bounds Array Access Vulnerability in WebRTC in Google Chrome Out of Bounds Memory Access Vulnerability in WebRTC in Google Chrome WebAssembly Object Lifecycle Issue in Google Chrome: Remote Heap Corruption Vulnerability Uninitialized Data Vulnerability in WebRTC in Google Chrome (CVE-2018-6149) Domain Spoofing Vulnerability in Google Chrome Bypassing No-Referrer Policy in Google Chrome: Information Leak Vulnerability Domain Spoofing Vulnerability in Google Chrome (prior to 67.0.3396.62) Out of Bounds Memory Read Vulnerability in V8 Engine Cross-Origin Data Leakage via CSS Paint API in Google Chrome Bypassing Navigation Restrictions via Crafted Chrome Extension in Google Chrome (CVE-2018-6148) Arbitrary Code Execution via Insufficient Target Checks in Chrome Debugger API Arbitrary Code Execution via Malicious Chrome Extension in Google Chrome (CVE-2018-6148) Out of Bounds Memory Read Vulnerability in Skia Image Filter in Google Chrome Out of Bounds Memory Read Vulnerability in V8 in Google Chrome Out of Bounds Memory Read Vulnerability in V8 in Google Chrome (CVE-2018-6122) PDFium Off-by-One Error Allows Remote Memory Write via Crafted PDF File Bypassing Same Origin Policy via Crafted HTML Page in Google Chrome (CVE-2018-6149) Insecure Text Entry Mode in Google Chrome on Mac Prior to 67.0.3396.62 Bypassing Navigation Restrictions in Google Chrome via Content Security Policy Implementation Vulnerability Type Confusion Vulnerability in Google Chrome (prior to 67.0.3396.87) Allows Remote Out-of-Bounds Memory Write CORS Vulnerability in ServiceWorker in Google Chrome (prior to 66.0.3359.117) Allows Cross-Origin Data Leakage Out of Bounds Memory Read Vulnerability in Google Chrome DevTools Unconditional Marking of Downloaded Files as Safe in Google Chrome Allows Sandbox Escape Out of Bounds Memory Write Vulnerability in Skia in Google Chrome Heap Corruption Vulnerability in WebGL in Google Chrome (prior to 68.0.3440.75) Heap Corruption Vulnerability in Google Chrome VP8 Parser WebRTC Packet Length Derivation Vulnerability WebRTC Type Confusion Vulnerability in Google Chrome Race Condition Vulnerability in Oilpan in Google Chrome Information Disclosure Vulnerability in Google Chrome ServiceWorker Omnibox Spoofing Vulnerability in Google Chrome (prior to 68.0.3440.75) Bypassing Same Origin Policy in Blink in Google Chrome prior to 68.0.3440.75 Heap Corruption Vulnerability in WebGL in Google Chrome on Mac Domain Spoofing Vulnerability in Google Chrome URL Formatter Cross-Origin Data Leakage in Google Chrome Prior to 68.0.3440.75 Omnibox Spoofing Vulnerability in Google Chrome Domain Spoofing Vulnerability in Google Chrome URL Formatter Domain Spoofing Vulnerability in Google Chrome Remote Information Leak Vulnerability in Google Chrome Media Engine Unwanted Extension Installation Vulnerability in Google Chrome PDFium Heap Corruption Vulnerability Bluetooth Use After Free Vulnerability in Google Chrome Domain Spoofing Vulnerability in Google Chrome URL Formatter Domain Spoofing Vulnerability in Google Chrome URL Formatter Arbitrary Code Execution via Integer Overflow in Swiftshader Domain Spoofing Vulnerability in Google Chrome URL Formatter Privilege Escalation via Crafted Chrome Extension in Google Chrome Cross-Origin Information Leak in Google Chrome's Media Engine Vulnerability: Chrome Extension Allows Hiding of Security UI in Google Chrome DevTools File Access Permission Vulnerability in Google Chrome Extensions Arbitrary Password Setting Vulnerability in Online Voting System 1.0 Vulnerability: Bad Input Bypassing TinyMCE in Mahara Insecure Named Pipe Creation in BitDefender Total Security 2018: Privilege Escalation and Denial of Service Vulnerability Directory Traversal Vulnerability in ZEIT Next.js 4 before 4.2.3 Incorrect Default ACL Values in Cloudera Navigator Key Trustee KMS Allow Remote Access to Purge and Undelete API Calls on Encryption Zone Keys SSRF Vulnerability in Citrix NetScaler VPX through NS12.0 53.13.nc Heap-based Buffer Overflow in Artifex MuPDF 1.12.0's do_pdf_save_document Function Information Disclosure in Django AuthenticationForm XSS Vulnerability in F-Secure Radar (on-premises) before 2018-02-15 via Tags Parameter Cross-Site Scripting (XSS) Vulnerability in Netis WF2419 V3.2.41381 MAC Filtering Description Field Integer Overflow in js_strtod Function in Artifex MuJS Denial of Service Vulnerability in Artifex MuPDF 1.12.0 Cross-Site Scripting (XSS) Vulnerability in Routers2 2.24 via 'rtr' GET Parameter Cross-Site Scripting (XSS) Vulnerability in Splashing Images Plugin for WordPress PHP Object Injection vulnerability in Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress Infinite Recursion Vulnerability in w3m HTMLlineproc0 NULL Pointer Dereference Vulnerability in w3m through 0.5.3 Symlink Attack Vulnerability in w3m through 0.5.3 Open Redirect Vulnerability in vBulletin 3.x.x and 4.2.x through 4.2.5 eScan Antivirus 14.0.1400.2029 Local Denial of Service Vulnerability eScan Antivirus 14.0.1400.2029 Local Denial of Service Vulnerability in econceal.sys Driver eScan Antivirus 14.0.1400.2029 Local Denial of Service Vulnerability Denial of Service Vulnerability in Max Secure Anti Virus 19.0.3.019 Denial of Service Vulnerability in Max Secure Anti Virus 19.0.3.019 Denial of Service and Potential Impact Vulnerability in Max Secure Anti Virus 19.0.3.019 Denial of Service Vulnerability in Max Secure Anti Virus 19.0.3.019 Denial of Service Vulnerability in Max Secure Anti Virus 19.0.3.019 Denial of Service Vulnerability in Max Secure Anti Virus 19.0.3.019 Hardcoded rostel Account Vulnerability in D-Link DIR-620 Devices OS Command Injection Vulnerability in D-Link DIR-620 Devices with Customized Firmware Reflected Cross-Site Scripting (XSS) Vulnerability in D-Link DIR-620 Devices Hardcoded Password Vulnerability in D-Link DIR-620 Devices Denial of Service Vulnerability in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978 Arbitrary Code Execution Vulnerability in Trend Micro's User-Mode Hooking Module (UMH) Vulnerability in Trend Micro Email Encryption Gateway 5.5 Allows Eavesdropping and Tampering of Update Data Arbitrary File Write Vulnerability in Trend Micro Email Encryption Gateway 5.5 Unvalidated Software Update Vulnerability in Trend Micro Email Encryption Gateway 5.5 Arbitrary Logs Location Vulnerability in Trend Micro Email Encryption Gateway 5.5 Vulnerability in Trend Micro Email Encryption Gateway 5.5 Allows Unauthorized Manipulation of Appliance Registration CSRF Vulnerability in Trend Micro Email Encryption Gateway 5.5 XML External Entity Injection (XXE) Vulnerability in Trend Micro Email Encryption Gateway 5.5 Reflected Cross-Site Scripting (XSS) Vulnerabilities in Trend Micro Email Encryption Gateway 5.5 Configuration Files Stored XSS Vulnerability in Trend Micro Email Encryption Gateway 5.5 SQL Injection Vulnerability in Trend Micro Email Encryption Gateway 5.5 Allows Arbitrary Code Execution SQL Injection Vulnerability in Trend Micro Email Encryption Gateway 5.5 Edit Policy Script SQL Injection Vulnerability in Trend Micro Email Encryption Gateway 5.5 Search Configuration Script Privilege Escalation Vulnerability in Trend Micro Smart Protection Server (Standalone) Versions 3.3 and Below Buffer Overflow Privilege Escalation Vulnerability in Trend Micro Maximum Security 2018 Buffer Overflow Privilege Escalation Vulnerability in Trend Micro Maximum Security 2018 Trend Micro Maximum Security 2018 Local Information Disclosure Vulnerability Privilege Escalation Vulnerability in Trend Micro Maximum Security 2018 Time-of-Check Time-of-Use Privilege Escalation Vulnerability in Trend Micro Maximum Security 2018 Denial of Service Vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x Information Disclosure Vulnerability in NVIDIA Jetson TX2 Prior to R28.3 Critical Vulnerability in NVIDIA Tegra BootRom Allows Arbitrary Value Write to Physical Addresses Unvalidated Input Parameter in NVIDIA Tegra Gralloc Module: Arbitrary Code Execution and Privilege Escalation Vulnerability Buffer Overflow Vulnerability in NVIDIA Tegra BootROM Recovery Mode (RCM) Vulnerability in NVIDIA Tegra TLK Widevine Trust Application: Arbitrary Code Execution, Denial of Service, and Privilege Escalation NVIDIA Widevine Trustlet Information Disclosure Vulnerability NVIDIA Windows GPU Display Driver Kernel Mode NULL Pointer Dereference Vulnerability NVIDIA Windows GPU Display Driver DxgkDdiEscape Buffer Overflow Vulnerability NULL Pointer Dereference Vulnerability in NVIDIA GPU Display Driver NULL Pointer Dereference Vulnerability in NVIDIA Windows GPU Display Driver NVIDIA Windows GPU Display Driver DirectX 10 Usermode Driver Memory Write Vulnerability NVIDIA Windows GPU Display Driver DxgkDdiEscape Denial of Service Vulnerability Infinite Recursion Denial of Service Vulnerability in NVIDIA GPU Display Driver NVIDIA Media Server Out-of-Bounds Read Vulnerability Vulnerability in NVIDIA GeForce Experience GameStream Feature Potential Man-in-the-Middle (MitM) Attack Vulnerability in NVIDIA GeForce Experience GameStream Installation Potential Information Disclosure Vulnerability in NVIDIA GeForce Experience Local User Exploitation of NVIDIA Graphics Driver Side Channel Vulnerability Vulnerability in NVIDIA GeForce Experience GameStream Feature Allows Code Execution and Privilege Escalation Vulnerability in NVIDIA GeForce Experience GameStream Feature Allows Information Disclosure Privilege Escalation Vulnerability in NVIDIA GeForce Experience Privilege Escalation Vulnerability in NVIDIA GeForce Experience on Windows 7 Vulnerability in NVIDIA GeForce Experience Allows Information Disclosure NVIDIA Tegra OpenMax Driver (libnvomx) Input Validation Vulnerability NVIDIA Tegra libnvmmlite_video.so Memory Reference Vulnerability Vulnerability in NVIDIA Jetson TX2 Kernel Driver: Non-Trusted Pointer Dereference in IOCTL Handling NVIDIA Tegra OpenMax Driver (libnvomx) Buffer Overflow Vulnerability Critical Cross-Site Request Forgery Vulnerability Enables Administrative Account Takeover in Kaspersky Secure Mail Gateway 1.1 Critical Vulnerability: Remote Code Execution as Root via Configuration File Injection in Kaspersky Secure Mail Gateway 1.1 Kaspersky Secure Mail Gateway 1.1 Local Privilege Escalation Vulnerability Cross-Site Scripting Vulnerability in Kaspersky Secure Mail Gateway version 1.1 Critical Remote Code Execution Vulnerability in Saperion Web Client 7.5.2 83166 Arbitrary File Read Vulnerability in Saperion Web Client 7.5.2 83166 Critical Vulnerability: Unsecured Firmware Update in Hanwha Techwin Smartcams Critical Vulnerability: Unencrypted Remote Control and Communications in Hanwha Techwin Smartcams Hidden Vulnerability: Undocumented Web Interface Switching in Hanwha Techwin Smartcams Critical Buffer Overflow Vulnerability Found in Hanwha Techwin Smartcams Critical Remote Code Execution Vulnerability in Hanwha Techwin Smartcams Smartcam Authentication Bypass Vulnerability Critical Vulnerability: Remote Password Change Exploit in Hanwha Techwin Smartcams Cloud-based Vulnerability Allows Unauthorized Camera Access and Monitoring in Hanwha Techwin Smartcams Cloud Server Vulnerability: Denial of Service via Blocking New Camera Registration in Hanwha Techwin Smartcams Critical Vulnerability: Denial of Service Exploit via Malformed Firmware Upload in Hanwha Techwin Smartcams Remote Denial of Service Vulnerability in Gemalto's Sentinel LDK RTE XML Parser Gemalto's Sentinel LDK RTE version before 7.65 Denial of Service Vulnerability DLL Hijacking Vulnerability in Kaspersky Password Manager versions before 8.0.6.538 Heap Use-After-Free Vulnerability in LibVNC Server Code Allows Remote Code Execution Multiple SQL Injection Vulnerabilities in SugarCRM Community Edition 6.5.26 and Below Root Access Vulnerability on Foxconn Femtocell FEMTO AP-FC4064-T Privileged Account Weak Default Password Vulnerability on Foxconn Femtocell Arbitrary Code Injection via Modify Page Screen in WBCE CMS 1.3.1 Integer Overflow and Out-of-Bounds Read Vulnerability in libming Bypassing Application Whitelisting in Ivanti Endpoint Security Claymore Dual Miner 10.5 and Earlier: Unauthenticated Format String Vulnerability in Remote Management Interface DLL Hijacking Vulnerability in Sophos Tester Tool 3.2.0.7 Beta Denial of Service Vulnerability in Sophos Tester Tool 3.2.0.7 Beta Unvalidated Host Header Vulnerability in Pulse Secure Pulse Connect Secure and Pulse Policy Secure Unquoted Windows Search Path Privilege Escalation Vulnerability in Panda Global Protection 17.0.1 Insecure Named Pipe Creation in Panda Global Protection 17.0.1 Unsigned Integer Overflow in elf_object_p Function in libbfd Unvalidated Redirect Vulnerability in F-Secure Radar (on-premises) before 2018-02-15 Authentication Bypass Vulnerability in Unitrends Backup (UB) User Interface Unitrends Backup (UB) before 10.1.0 libbpext.so SQL Injection Vulnerability Error-Based SQL Injection Vulnerability in Laravel 5.4.15 via save.php Java Serialized Object Deserialization Vulnerability in Buck Parser-Cache Command Denial-of-Service Vulnerability in Proxygen's Handling of Invalid HTTP2 Settings Remote Code Execution Vulnerability in Nuclide's hhvm-attach Deep Link Handler Improper Variable Registration in Global Scope in Multipart-File Uploads Denial-of-Service Vulnerability in HHVM's Proxygen Server when Parsing Malformed h2 Frame Code Signing Bypass in osquery Prior to v3.2.7 Insecure Buffer Reuse in folly::secureRandom during fork() Stack Overflow Vulnerability in WhatsApp for Android and WhatsApp Business for Android Out-of-Bounds Read Vulnerability in Memcache::getextendedstats Function in HHVM Cross-Site Scripting (XSS) Vulnerability in ReactDOMServer API Arbitrary Command Execution Vulnerability in react-dev-utils on Windows Denial of Service Vulnerability in Proxygen's Certificate/CertificateRequest Parsing WhatsApp Heap Corruption Vulnerability Heap Overflow Vulnerability in number_format Function Circular Dependency Denial-of-Service Vulnerability in Proxygen HTTP2 Priority Handling Denial-of-Service Vulnerability in Proxygen's HTTP2 Header/Trailer Parsing Stack-based overflow vulnerability in WhatsApp for Android and WhatsApp Business for Android prior to 2.18.248 and 2.18.132 respectively WhatsApp Vulnerability: Out-of-Bounds Read in RTP Extension Headers Parsing Excessive Iteration Denial of Service Vulnerability in PoDoFo 0.9.5 Arbitrary Code Execution Vulnerability in Electrum Python Console Cross-Site Scripting (XSS) vulnerability in Formspree before 2018-01-23 via _next parameter in templates/forms/thanks.html Unauthenticated Stored Cross Site Scripting in iBall 300M Devices Path Traversal Vulnerability in Jenkins CSRF and XSS Vulnerability in acurax-social-media-widget Plugin for WordPress Heap-based Buffer Overflow in printDefineFont2 function in libming Use-after-free vulnerability in decompileIF function in libming through 0.4.8 Arbitrary Code Execution via Crafted Web Site in mpv XSS Vulnerability in Easy Hosting Control Panel (EHCP) v0.37.12.b via op Parameter XSS Vulnerability in Easy Hosting Control Panel (EHCP) v0.37.12.b via domainop Action Parameter SQL Injection Vulnerability in Task Rabbit Clone 1.0 via single_blog.php id Parameter SQL Injection in Multilanguage Real Estate MLM Script 3.0 via /product-list.php srch parameter SQL Injection Vulnerability in TSiteBuilder 1.0 via id Parameter SQL Injection in Vastal I-Tech Buddy Zone Facebook Clone 2.9.9 via request_id or category parameter SQL Injection Vulnerability in JomEstate PRO through 3.7 Component for Joomla! SQL Injection Vulnerability in NeoRecruit 4.1 Component for Joomla! SQL Injection Vulnerability in JB Bus 2.3 Component for Joomla! via order_number Parameter SQL Injection Vulnerability in Fastball 2.5 Component for Joomla! via season Parameter in view=player Action Insecure SSL Certificate Validation in Pulse Secure Desktop Linux Clients SQL Injection Vulnerability in Joomla! Hathor Postinstall Message XSS Vulnerability in Multiple Field Types in Joomla! before 3.8.4 XSS Vulnerability in Joomla! Core Media Manager XSS Vulnerability in Joomla! Uri Class (CVE-2018-xxxx) XSS Vulnerabilities in Joomla! Module Chromes Segmentation Fault Vulnerability in ZZIPlib 0.13.56-0.13.67 SQL Injection Vulnerability in MantisBT 2.10.0 via vendor/adodb/adodb-php/server.php Incomplete Forbidden Types List in Monstra CMS Allows Arbitrary PHP Code Execution Unquoted Windows Search Path Vulnerability in NSClient++ Hardcoded Password Vulnerability in iBall iB-WRA150N 1.2.6 Build 110401 Rel.47776n Devices Remote Command Execution in iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n Devices via Ping Test Arguments WordPress Denial of Service Vulnerability through Large List of Registered .js Files Memory Block Size Validation Vulnerability in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978 Netis WF2419 V2.2.36123 Devices Vulnerable to Cross-Site Request Forgery Attack: Address Reservation List Deletion Out-of-Array Access Vulnerability in FFmpeg's filter_slice Function Post-Authentication SQL Injection Vulnerability in FreePBX SQL Injection Vulnerability in InviteX 3.0.5 Component for Joomla! SQL Injection Vulnerability in Visual Calendar 3.1.3 Component for Joomla! SQL Injection Vulnerability in Google Map Landkarten Component for Joomla! Directory Traversal Vulnerability in Picture Calendar 3.1.4 Component for Joomla! SQL Injection Vulnerability in CP Event Calendar 3.0.1 Component for Joomla! Insecure Named Pipe Creation in Kingsoft WPS Office Free 10.2.0.5978 Undocumented Admin Account with Blank Password in Meross MSS110 Devices Vulnerability: Forced Deauthentication and Connection to Unencrypted Wi-Fi Network on Ecobee Ecobee4 4.2.0.171 Devices Memory Leak Vulnerability in ReadDCMImage Function in ImageMagick Unvalidated Child Frame Length in libwebm Allows Information Leak and Denial of Service Denial of Service Vulnerability in Conceptronic CIPCAMPTIWL V3 0.61.30.21 Devices CSRF Vulnerability in Conceptronic CIPCAMPTIWL V3 0.61.30.21 Devices Path Traversal Vulnerability in Appnitro MachForm SQL Injection Vulnerability in Appnitro MachForm's download.php SQL Injection Vulnerability in Appnitro MachForm Arbitrary Information Leakage Vulnerability in sbusfb_ioctl_helper() Function Buffer Overflow Vulnerability in Hikvision Camera DS-2CD9111-S (V4.1.2 build 160203 and earlier) Allows Remote Denial of Service Attack Buffer Overflow Vulnerability in Hikvision IP Cameras' Web Server Vulnerability: File Copy Bypass in Brocade Fabric OS Versions Session ID Interception and Manipulation Vulnerability in Brocade Fabric OS Root Access Vulnerability in Brocade Fabric OS CLI Versions Before 8.2.1 Root Access Vulnerability in Brocade Fabric OS CLI Escape from Restricted Shell Vulnerability in Brocade Fabric OS CLI Root Access Vulnerability in Brocade Fabric OS CLI Versions Root Access Vulnerability in Brocade Fabric OS CLI Versions Before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d Proxy Service Vulnerability in Brocade Fabric OS Arbitrary Environment Variable Injection Vulnerability in Brocade Fabric OS Remote Code Execution Vulnerability in Brocade Webtools Firmware Update Section Undocumented User Credentials Vulnerability in Brocade Network Advisor Versions before 14.3.1 Remote Code Execution and OS Command Injection Vulnerability in Brocade Network Advisor Critical Vulnerability in Brocade Network Advisor: Unauthorized Access to User Database and Password Extraction Undocumented User Credentials Exploit in Brocade Network Advisor Version Before 14.3.1 Session Hijacking Vulnerability in Brocade Fabric OS HTTP Management Interface Denial of Service Vulnerability in Brocade Fabric OS Management Interface Brocade Fabric OS HTTP Management Interface Host Header Injection Vulnerability Cross-Site Request Forgery (CSRF) Vulnerability in Easy Hosting Control Panel (EHCP) v0.37.12.b Denial of Service Vulnerability in strongSwan 5.6.1 Unauthenticated Information Disclosure in Hotspot Shield Webserver Insecure Library Loading Vulnerability in March Hare WINCVS and CVS Suite Arbitrary Code Execution Vulnerability in Tracker PDF-XChange Viewer and Viewer AX SDK XSS Vulnerability in Simditor v2.3.11 via SVG Onload in TEXTAREA Cross-Site Scripting (XSS) Vulnerability in PropertyHive Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in flickrRSS Plugin for WordPress CSRF Vulnerability in flickrRSS Plugin 5.3.1 for WordPress Cross-Site Scripting (XSS) Vulnerability in flickrRSS Plugin for WordPress Arbitrary Web Script Injection Vulnerability in flickrRSS Plugin for WordPress DS_Store Information Leakage Vulnerability in Nibbleblog 4.0.5 on macOS Denial of Service Vulnerability in SUPERAntiSpyware Professional Trial 6.0.1254 Denial of Service Vulnerability in SUPERAntiSpyware Professional Trial 6.0.1254 Denial of Service Vulnerability in SUPERAntiSpyware Professional Trial 6.0.1254 Denial of Service Vulnerability in SUPERAntiSpyware Professional Trial 6.0.1254 DLL Hijacking Vulnerability in SUPERAntiSpyware Professional Trial 6.0.1254 Allows Escalation of Privileges Privilege Escalation Vulnerability in SUPERAntiSpyware Professional Trial 6.0.1254 Netwave IP Camera Devices: Denial of Service Vulnerability Type Confusion Vulnerability in CCN-lite 2 Leads to Memory Access Violation and Nonce Failure Buffer Overflow Vulnerability in Disk Savvy Enterprise v10.4.18 Control Protocol Memory Alignment Error and Bus Error in __zzip_fetch_disk_trailer Function of ZZIPlib 0.13.67 Integer Overflow in GNU C Library's posix_memalign and memalign Functions XML External Entity (XXE) Injection Vulnerability in Micro Focus Fortify Audit Workbench and Software Security Center Remote Information Disclosure Vulnerability in Micro Focus Universal CMDB Foundation Software Remote Arbitrary Code Execution Vulnerability in Micro Focus Universal CMDB (Versions 4.10-4.12) Exploiting XML External Entity (XXE) Vulnerability in Micro Focus Project and Portfolio Management Center 9.32 Remote Denial of Service Vulnerability in Micro Focus Operations Orchestration Software, version 10.x Remote Exploitation of Local Escalation of Privilege Vulnerability in Micro Focus Universal CMDB Persistent Cross-Site Scripting and HTML Injection Vulnerabilities in HP Network Operations Management Ultimate and Network Automation Remote SQL Injection Vulnerability in HP Network Operations Management Ultimate and Network Automation HP Service Manager Software Web Tier Remote SQL Injection Vulnerability Remote Cross-Site Scripting (XSS) Vulnerability in Micro Focus Universal CMDB and UCMDB Browser Vulnerability in UCMBD Browser Allows for Remote Cross-Site Request Forgery (CSRF) and Unsafe Deserialization Vulnerability: Remote Cross-Site Request Forgery (CSRF) and Unsafe Deserialization in UCMBD and CMS Servers Critical Remote Code Execution Vulnerability in Hybrid Cloud Management and Operations Bridge Containerized Suites Remote Code Execution Vulnerability in Multiple Micro Focus Products Remote Directory Traversal Vulnerability in ArcSight Management Center (ArcMC) Insufficient Access Controls Vulnerability in ArcSight Management Center (ArcMC) Versions Prior to 2.81 Reflected Cross-Site Scripting (XSS) Vulnerability in ArcSight Management Center (ArcMC) Versions Prior to 2.81 Critical Access Control Vulnerability in ArcSight Management Center (ArcMC) Versions Prior to 2.81 Cross-Site Request Forgery (CSRF) Vulnerability in ArcSight Management Center (ArcMC) Versions Prior to 2.81 Unauthenticated File Download Vulnerability in ArcSight Management Center (ArcMC) Versions Prior to 2.81 Cross-Site Scripting (XSS) Vulnerability in miniBB 3.2.2 Administrative Panel's Add Forum Feature Remote Execution Bug in Puppet Enterprise 2017.3.x Cross-Site Scripting Vulnerability in Puppet Enterprise Console Cross-Site Scripting Vulnerability in Puppet Enterprise Console Unsafe Code Execution Vulnerability in Puppet Enterprise 2018.1.x and pe-razor-server Privilege Escalation through Custom Facts in Puppet Enterprise and Puppet Agent DLL Preloading Vulnerability in Puppet Agent and Facter on Windows Privilege Escalation Vulnerability in Puppet Agent on Windows Arbitrary Code Execution and Privilege Escalation in Puppet PE Client Tools on Windows Unconfirmed Host Fingerprint Addition Vulnerability XSS Vulnerability in Composr CMS 10.0.13 via site_name Parameter SAML2 Library Denial of Service Vulnerability for Fraction-of-Seconds Timestamps Open Redirect Vulnerability in SimpleSAMLphp before 1.15.2 SQL Injection Vulnerability in SimpleSAMLphp's sqlauth Module Denial of Service and Potential Impact Vulnerability in nProtect AVS V4.0 Denial of Service Vulnerability in nProtect AVS V4.0 Denial of Service Vulnerability in nProtect AVS V4.0 Denial of Service and Potential Impact Vulnerability in nProtect AVS V4.0 Path Disclosure Vulnerability in MantisBT 2.10.0-development XSS Vulnerability in D-Link DIR-868L, DIR-865L, and DIR-860L Allows Remote Cookie Reading XSS Vulnerability in D-Link DIR-868L, DIR-865L, and DIR-860L Allows Remote Cookie Reading XSS Vulnerability in D-Link DIR-868L, DIR-865L, and DIR-860L Allows Cookie Theft Remote OS Command Injection Vulnerability in D-Link Routers Memory Exhaustion Vulnerability in Icinga 2.x through 2.8.1 Privilege Escalation Vulnerability in Icinga 2.x through 2.8.1 NULL Pointer Dereference Vulnerability in Icinga 2.x through 2.8.1 Password Disclosure Vulnerability in Icinga 2.x through 2.8.1 Privilege Escalation via Icinga2.pid File Manipulation Buffer Overflow Vulnerability in Flexense SyncBreeze Enterprise v10.4.18 Control Protocol Bus Error Vulnerability in ZZIPlib 0.13.67 Allows Remote Denial of Service Bus Error Vulnerability in ZZIPlib 0.13.67 Allows for Denial of Service via Crafted Zip File Bus Error Vulnerability in ZZIPlib 0.13.67 Integer Overflow in GNU Binutils 2.30: Denial of Service Vulnerability Denial of Service Vulnerability in Artifex MuPDF 1.12.0 Stored Cross-Site Scripting (XSS) Vulnerability in Ipswitch MoveIt v8.1 Unauthenticated Remote Code Execution in plays.tv Service Unauthenticated Remote Code Execution in plays.tv Service Use-after-free vulnerability in libwebm through 2018-02-02 XSS Vulnerability in Monstra CMS 3.0.4: Title Function in pages.plugin.php Heap Corruption Vulnerability in GNU C Library (glibc) on PowerPC and i386 Apport Local Privilege Escalation and Container Escape Vulnerability CUPS AppArmor Profile Hard Link Confinement Escape Vulnerability Memory Leak Vulnerability in Linux Kernel's AF_IRDA Socket Binding Use-after-free vulnerability in irda_setsockopt function in Linux kernel before 4.17 Unconditional Path Opening Vulnerability in lxc-user-nic Improper Handling of Temporary Files in MOTD Update Script in Ubuntu 18.04 LTS and 18.10 Privilege Escalation via Incorrect Group ID Restoration in pam_fscrypt OverlayFS Mount Vulnerability in Linux Kernel Sandbox Escape Vulnerability in Flatpak Proxy XSS Vulnerability in dijit.Editor of Dojo Toolkit 1.13 via SVG onload Attribute JSONP Hijacking Vulnerability in totemomail Encryption Gateway CSRF Vulnerabilities in totemomail Encryption Gateway before 6.0.0_Build_371 Unauthenticated Access to /ADMIN.ASP in West Wind Web Server 6.x Remote Command Execution Vulnerability in Go's go get Command SQL Injection Vulnerability in JEXTN Classified 1.0.0 Component for Joomla! SQL Injection in Event Manager 1.0 via event.php and page.php parameters SQL Injection Vulnerability in JEXTN Membership 3.1.0 Component for Joomla! SQL Injection Vulnerability in JE PayperVideo 3.0.0 Component for Joomla! SQL Injection Vulnerability in JEXTN Reverse Auction 3.1.0 Component for Joomla! via view=products&uid= Request Arbitrary File Upload Vulnerability in Jimtawl Component for Joomla! SQL Injection Vulnerability in JMS Music 1.1.1 Component for Joomla! SQL Injection Vulnerability in Zh GoogleMap 8.4.0.0 Component for Joomla! SQL Injection Vulnerability in Timetable Responsive Schedule 1.5 Component for Joomla! SQL Injection Vulnerability in DT Register 3.2.7 Component for Joomla! SQL Injection Vulnerability in JTicketing 2.0.16 Component for Joomla! Stored Cross-Site Scripting Vulnerability in CA API Developer Portal 3.5 CR6 Reflected Cross-Site Scripting Vulnerability in CA API Developer Portal 3.5 CR6 Reflected Cross-Site Scripting Vulnerability in CA API Developer Portal 3.5 CR5 Denial of Service Vulnerability in CA Spectrum 10.1 and 10.2.x Unspecified Reflected Cross-Site Scripting Vulnerability in CA API Developer Portal 4.x Lack of Safe Publication Configuration in Converse.js and Inverse.js Allows Information Disclosure Improper Memory Cleanup in Unisys Stealth 3.3 Windows Endpoints Privilege Escalation via Improper Access Control in MalwareFox AntiMalware Weak ElGamal Key Parameter Vulnerability in PyCrypto Timing Attack Vulnerability in Anymail's Webhooks Authorization Hidden Privilege Escalation Vulnerability in Alcatel A30 Device Unprotected Component Allows Unauthorized Factory Reset on Orbic Wonder Devices Vulnerability: Unauthorized Access to Android Log on Orbic Wonder Devices Vulnerability: Cross-Site Scripting (XSS), HTTP Response Splitting, and CRLF Injection in Promise Technology WebPam Pro-E Devices via PHPSESSID Cookie SQL Injection Vulnerability in Zh YandexMap 6.2.1.0 Component for Joomla! SQL Injection Vulnerability in Zh BaiduMap 3.0.0.1 Component for Joomla! Privilege Escalation Vulnerability in MalwareFox AntiMalware 2.74.0.150 WebRTC in Opera 51.0.2830.55 Vulnerability: Private IP Address Disclosure in STUN Request SQL Injection Vulnerability in JSP Tickets 1.1 Component for Joomla! Information Leakage in jLike 1.0 Component for Joomla! via getUserByCommentId Request Out-of-Bounds Read Vulnerability in OpenMPT and libopenmpt Integer Underflow Vulnerability in jhead 3.00's process_EXIF Function Excessive Iteration Denial of Service Vulnerability in OpenJPEG 2.3.0 Password Change Vulnerability in Easy Hosting Control Panel (EHCP) v0.37.12.b Cleartext Password Storage Vulnerability in Easy Hosting Control Panel (EHCP) v0.37.12.b Weak Hashing Algorithm and Lack of Salt in EHCP v0.37.12.b Expose Database Passwords to Attackers Out-of-Array Read Denial of Service Vulnerability in FFmpeg's decode_frame Function Vulnerability: Insecure Handling of Abnormal S3 Sleep Clears TPM 2.0 and Compromises Security Features Privilege Escalation via Arbitrary Code Execution in Hola 1.79.859 Authentication Bypass Vulnerability in OMRON NS Devices 1.1 through 1.3 Denial of Service Vulnerability in WatchDog Anti-Malware 2.74.186.150 Denial of Service Vulnerability in Micropoint Proactive Defense Software 2.0.20266.0146 Denial of Service Vulnerability in WatchDog Anti-Malware 2.74.186.150 Denial of Service Vulnerability in Micropoint Proactive Defense Software 2.0.20266.0146 Denial of Service Vulnerability in Micropoint Proactive Defense Software 2.0.20266.0146 Denial of Service Vulnerability in Micropoint Proactive Defense Software 2.0.20266.0146 Denial of Service Vulnerability in Micropoint Proactive Defense Software 2.0.20266.0146 Denial of Service Vulnerability in Micropoint Proactive Defense Software 2.0.20266.0146 Denial of Service Vulnerability in Micropoint Proactive Defense Software 2.0.20266.0146 Persistent Unauthorized Access Vulnerability in Parsec Windows 142-0 and Parsec 'Linux Ubuntu 16.04 LTS Desktop' Build 142-1 SMGR-26896: SSL Authentication Bypass in Avaya Aura System Manager MathType 6.9c Stack-Based Buffer Overflow (Remote Code Execution) Vulnerability Design Science MathType 6.9c Out-of-Bounds Write Remote Code Execution Vulnerability Heap Overflow Vulnerability in Design Science MathType 6.9c Arbitrary Free Vulnerability in Design Science MathType 6.9c Reflected Cross-Site Scripting Vulnerability in Infoblox NetMRI 7.1.1 via /api/docs/index.php Null Pointer Denial of Service Vulnerability in SBLIM Small Footprint CIM Broker (SFCB) 1.4.9 Arbitrary Origin Header Validation Vulnerability in uncurl Insecure TLS Cipher Suite Selection in comforte SWAP and comforte Secur Products Authentication Token Exposure in Grammarly Extension for Chrome Stored XSS Vulnerability in PHP Scripts Mall Doctor Search Script 1.0.2 via Arbitrary Profile Field CSRF Vulnerability in Z-BlogPHP 1.5.1 via zb_users/plugin/AppCentre/app_del.php Unsanitized User Input Leads to Reflected Cross-Site Scripting in McAfee ePolicy Orchestrator (ePO) Directory Traversal Vulnerability in McAfee ePolicy Orchestrator (ePO) Allows Bypassing File Extensions via Windows Alternate Data Streams Privilege Elevation through DLL Side-Loading in McAfee True Key Privilege Escalation in McAfee Management of Native Encryption (MNE) before 4.1.4 Bypassing Product Block Action in McAfee Data Loss Prevention Endpoint Authentication Bypass Vulnerability in McAfee Web Gateway Administrative User Interface Whitelist Bypass Vulnerability in McAfee Application Control / Change Control 7.0.1 and Earlier Whitelist Bypass Vulnerability in McAfee Application Control / Change Control 7.0.1 and Earlier External Entity Attack Vulnerability in McAfee Common UI (CUI) 2.0.2 Extension Application Protection Bypass Vulnerability in McAfee ePolicy Orchestrator (ePO) McAfee ePolicy Orchestrator (ePO) Information Disclosure Vulnerability Privilege Escalation Vulnerability in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 13 Elevated Privilege Directory Traversal Vulnerability in McAfee Web Gateway (MWG) MWG 7.8.1.x Arbitrary Command Execution Vulnerability in McAfee Web Gateway (MWG) Administrative Interface Arbitrary HTML Code Reflection Vulnerability in McAfee Network Security Management (NSM) Cross Site Scripting Vulnerability in McAfee True Key (TK) 4.0.0.0 and earlier Access Control Bypass Vulnerability in McAfee Data Loss Prevention (DLP) for Windows TPM Autoboot Authentication Bypass Vulnerability in McAfee Drive Encryption Infinite Loop Vulnerability in McAfee GetSusp 3.0.0.461 and Earlier McAfee Data Loss Prevention Endpoint (DLPe) Authentication Bypass Vulnerability Arbitrary Code Execution Vulnerability in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and Earlier Remote Bypass of Local Security Protection in Belkin Wemo Insight Smart Plug Privilege Escalation Vulnerability in ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and Earlier SSH Host Keys Generation Vulnerability in McAfee Threat Intelligence Exchange Server (TIE Server) DLL Search Order Hijacking Vulnerability in McAfee True Key (TK) before 5.1.165 Use After Free Vulnerability in McAfee Agent (MA) 5.x prior to 5.6.0 Allows Remote Code Execution via Crafted HTTP Header Privilege Escalation Vulnerability in McAfee Agent for Linux Privilege Escalation Vulnerability in McAfee Agent for Linux Insecure Handling of Temporary Files in McAfee Agent Installation on Linux Denial of Service and Unauthorized Code Execution Vulnerability in McAfee Agent Local Privilege Escalation Vulnerability in McAfee True Key (TK) 5.1.230.7 and earlier Local Privilege Escalation Vulnerability in McAfee True Key (TK) 5.1.230.7 and earlier on Microsoft Windows Client Privilege Escalation Vulnerability in McAfee True Key for Windows Client Stack-based Buffer Overflow in uwsgi_expand_path Function Unchecked strnlen operation in bfd_get_debug_link_info_1 function leads to denial of service vulnerability in GNU Binutils 2.30 Arbitrary Command Execution Vulnerability in libvirt's LXC Container Protection Mechanism Arbitrary Code Execution Vulnerability in Swisscom MySwisscomAssistant 2.17.1.1065 Arbitrary Code Execution Vulnerability in Swisscom TVMediaHelper 1.1.0.50 Stack-based Buffer Over-read in ParseRiffHeaderConfig Function of WavPack 5.1.0 Denial of Service Vulnerability in Jiangmin Antivirus 16.0.0.100 Denial of Service Vulnerability in Jiangmin Antivirus 16.0.0.100 Denial of Service Vulnerability in Jiangmin Antivirus 16.0.0.100 Denial of Service Vulnerability in Jiangmin Antivirus 16.0.0.100 Denial of Service Vulnerability in Jiangmin Antivirus 16.0.0.100 Denial of Service Vulnerability in Jiangmin Antivirus 16.0.0.100 Denial of Service Vulnerability in Jiangmin Antivirus 16.0.0.100 Denial of Service Vulnerability in Jiangmin Antivirus 16.0.0.100 Denial of Service Vulnerability in Jiangmin Antivirus 16.0.0.100 Denial of Service Vulnerability in Jiangmin Antivirus 16.0.0.100 Denial of Service Vulnerability in Jiangmin Antivirus 16.0.0.100 Denial of Service Vulnerability in Jiangmin Antivirus 16.0.0.100 Denial of Service Vulnerability in Jiangmin Antivirus 16.0.0.100 Denial of Service Vulnerability in Jiangmin Antivirus 16.0.0.100 Denial of Service Vulnerability in Jiangmin Antivirus 16.0.0.100 Denial of Service Vulnerability in Jiangmin Antivirus 16.0.0.100 Denial of Service Vulnerability in Jiangmin Antivirus 16.0.0.100 Denial of Service Vulnerability in Jiangmin Antivirus 16.0.0.100 Denial of Service Vulnerability in Jiangmin Antivirus 16.0.0.100 Denial of Service Vulnerability in Jiangmin Antivirus 16.0.0.100 Denial of Service Vulnerability in Jiangmin Antivirus 16.0.0.100 Remote Code Execution Vulnerability in Exim SMTP Listener Remote IP Address Discovery in KDE Plasma Workspace Arbitrary Command Execution Vulnerability in KDE Plasma Workspace Multiple SQL Injection Vulnerabilities in Saifor CVMS HUB 1.3.1 HTTP Detection Bypass Vulnerability in Suricata Stored XSS Vulnerability in PHP Scripts Mall Naukri Clone Script 3.0.3 Stored XSS Vulnerability in PHP Scripts Mall Multilanguage Real Estate MLM Script 3.0 Heap-based Buffer Overflow in Perl Regular Expression Processing Heap-based Buffer Over-read in Perl 5.22 through 5.26 Heap Overwrite Vulnerability in GraphicsMagick's AcquireCacheNexus Function Arbitrary File Read Vulnerability in Marked 2 through 2.5.11 Arbitrary File Download Vulnerability in NetScaler ADC and Gateway Remote Privilege Escalation in NetScaler ADC and NetScaler Gateway NetScaler ADC and Gateway Directory Traversal Vulnerability Cross-Site Scripting (XSS) Vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway Unprotected XPC Service in PureVPN 6.0.1 on macOS Allows Root-Level Command Execution Unprotected XPC Service in Mailbutler Shimo VPN Client Allows Root Script Execution Cozy Version 2 XSS Vulnerability: Remote Administrative Access via URL Parameter Hardcoded SSH Server Vulnerability in VOBOT CLOCK Devices Cleartext HTTP Vulnerability in VOBOT CLOCK Allows Arbitrary Code Execution Insecure SSL Certificate Verification in VOBOT CLOCK before 0.99.30 Improper Encoding in Libgcrypt's ElGamal Implementation Allows Ciphertext-Only Attacks Directory Traversal Vulnerability in Foscam Cameras Arbitrary Command Execution via ntpServer Argument in Foscam Cameras Stack-based Buffer Overflow in Foscam Cameras C1 Lite V3 and C1 V3 Firmware 2.82.2.33 and Earlier Cross-Site Scripting (XSS) Vulnerability in Etherpad Lite v1.6.3 and Earlier JSONP Mishandling in Etherpad Lite Allows Bypass of Access Restrictions Uninitialized Memory Address Vulnerability in Wireshark's netmonrec_comment_destroy Function XSS Vulnerability in Kentico 10 and 11 Allows for Improper Construction of System Page SQL Injection Vulnerability in Kentico 10 and 11 Administration Interface XSS Vulnerability in MyBB 1.8.14 Edit Forum Screen XSS Vulnerability in PHP Scripts Mall Multi Language Olx Clone Script 2.0.6 Path Disclosure Vulnerability in Z-BlogPHP 1.5.1 WebRTC Vulnerability: Private IP Address Disclosure in DuckDuckGo 4.2.0 Local Privilege Escalation via IOCTL 0x80206040 in Sophos SafeGuard Enterprise, SafeGuard Easy, and SafeGuard LAN Crypt Local Privilege Escalation via IOCTL 0x80202298 in Sophos SafeGuard Enterprise, SafeGuard Easy, and SafeGuard LAN Crypt Local Privilege Escalation via IOCTL 0x80206024 in Sophos SafeGuard Enterprise, SafeGuard Easy, and SafeGuard LAN Crypt Local Privilege Escalation via IOCTLs in Sophos SafeGuard Enterprise, SafeGuard Easy, and SafeGuard LAN Crypt Local Privilege Escalation via IOCTL 0x80202014 in Sophos SafeGuard Enterprise, SafeGuard Easy, and SafeGuard LAN Crypt Local Privilege Escalation via IOCTL 0x8020601C in Sophos SafeGuard Enterprise, SafeGuard Easy, and SafeGuard LAN Crypt Local Privilege Escalation via IOCTL 0x802022E0 in Sophos SafeGuard Enterprise, SafeGuard Easy, and SafeGuard LAN Crypt XSS Vulnerability in PHP Scripts Mall Facebook Clone Script SQL Injection Vulnerability in Schools Alert Management Script 2.0.2 via Login Parameter Arbitrary File Upload and Remote Code Execution in PHP Scripts Mall Schools Alert Management Script 2.0.2 via Profile Picture XSS Vulnerability in PHP Scripts Mall Lawyer Search Script 1.0.2 via Profile Update Parameter XSS Vulnerability in PHP Scripts Mall Bitcoin MLM Software 1.0.2 via Profile Field SQL Injection Vulnerability in PHP Scripts Mall Select Your College Script 2.0.2 via Login Parameter XSS Vulnerability in PHP Scripts Mall Multi Religion Responsive Matrimonial 4.7.2 XSS Vulnerability in PHP Scripts Mall Learning and Examination Management System Script 2.3.1 Cross Site Scripting (XSS) Vulnerability in PHP Scripts Mall Alibaba Clone Script 1.0.2 via Profile Parameter XSS Vulnerability in PHP Scripts Mall Slickdeals / DealNews / Groupon Clone Script 3.0.2 via User Profile Field Uncontrolled Memory Allocation and Denial of Service Vulnerability in ZZIPlib 0.13.68 Reflected XSS vulnerability in PHP Scripts Mall Website Seller Script 2.0.3 via Listings Search feature Arbitrary File Read Vulnerability in LibreOffice's WEBSERVICE Function Denial of Service Vulnerability in elf_parse_notes Function of libbfd Privilege Escalation in Auth0 Authentication Service: Unvalidated JWT Audience CSRF Vulnerability in Auth0 Authentication Service with Legacy Lock API Flag Enabled KeepKey Version 4.0.0 Format String Vulnerability Allows Unauthorized Information Display Stack-based buffer under-read vulnerability in OLEProperty class in libfpx 1.3.1-10 XSS Vulnerability in PHP Scripts Mall Hot Scripts Clone Script Classified 3.1 Review Section Remote Code Modification Vulnerability in PHP Scripts Mall Website Seller Script 2.0.3 Path Disclosure Vulnerability in EmpireCMS 6.6 through 7.2 Path Disclosure Vulnerability in EmpireCMS 6.6 via admin/tool/ShowPic.php Arbitrary Web Script Injection via Content-Location Header in Zimbra Collaboration Suite SQL Injection in Piwigo Administration Panel via admin/tags.php Unauthenticated Path Traversal Vulnerability in MicroStrategy Web Services Critical Cross-Site Request Forgery Vulnerability in Typesetter 5.1 Host Header Injection Vulnerability in Typesetter 5.1 Wolf CMS 0.8.3.1 Cross-Site Scripting (XSS) Vulnerability in Page Editing Feature XSS Vulnerability in Bookly #1 WordPress Booking Plugin Lite Buffer Overflow Vulnerability in CloudMe Sync Application SQL Injection in controllers/member/Api.php in dayrui FineCms 5.2.0 XSS Vulnerability in PHP Scripts Mall Website Broker Script 3.0.6 via Last Name Field XSS Vulnerability in PHP Scripts Mall Image Sharing Script 1.3.3 via Edit Profile Action Email Address Validation Bypass in PHP Scripts Mall Hot Scripts Clone Script Classified v3.1 XSS Vulnerability in PHP Scripts Mall Car Rental Script 2.0.8 Edit Profile Action XSS Vulnerability in TYPO3 Page Module via Crafted Site Name Persistent Cross Site Scripting (XSS) Vulnerability in Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 Web Application via REST API Injection Control Vulnerability in Green Electronics RainMachine Mini-8 (2nd Gen) and Touch HD 12 Web Application Authentication Bypass Vulnerability in Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 Web Application Clickjacking Vulnerability in Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 Web Application Path Disclosure Vulnerability in DedeCMS 5.7 Arbitrary OS Command Execution in Advantech WebAccess 8.3.0 Out-of-Array Read Denial of Service Vulnerability in FFmpeg's decode_plane Function Heap-based Buffer Overflow in Perl's pack Function Arbitrary Directory/File Creation Vulnerability in Ruby's Dir.mktmpdir Method IPsec Packet Validation and Use-After-Free Vulnerability in FreeBSD Integer Overflow Vulnerability in FreeBSD Infinite Loop Vulnerability in FreeBSD IPsec Option Header Memory Disclosure Vulnerability in FreeBSD Memory Disclosure Vulnerability in FreeBSD Linux Subsystem and Atheros Wireless Driver Memory Disclosure Vulnerability in FreeBSD Network Subsystem TCP Reassembly Algorithm Vulnerability in FreeBSD Excessive Resource Consumption Vulnerability in FreeBSD IP Fragment Reassembly Code Insufficient Validation in ELF Header Parser in FreeBSD IPv6 Protocol Control Block Flags Maintenance Vulnerability Arbitrary OS Command Injection Vulnerability in MISP 2.4.87 Integer Overflow Vulnerability in Linux Kernel's futex_requeue Function SQL Injection Vulnerability in PHP Scripts Mall News Website Script 2.0.4 via Search Term Stack-based Buffer Over-read Vulnerability in ImageMagick 7.0.7-22 CSRF Vulnerability in PHP Scripts Mall Online Tutoring Script 2.0.3 XSS Vulnerability in PHP Scripts Mall Student Profile Management System Script v2.0.6 Cross Site Scripting (XSS) Vulnerability in D-Link DIR-600M C1 3.01 via SSID or User Account Name Remote Code Execution Vulnerability in NAT32 v2.2 Build 22284 Devices Remote Code Execution Vulnerability in NAT32 v2.2 Build 22284 Devices NULL Pointer Dereference in FreeType 2.9: DoS Vulnerability Cross-Site Scripting (XSS) Vulnerability in UltimateMember Plugin 2.0 for WordPress Cross-Site Scripting (XSS) Vulnerability in UltimateMember Plugin 2.0 for WordPress Uninitialized Stack Variable Vulnerability in nxfuse Component of NoMachine Buffer Overflow Vulnerability in ccnl_prefix_to_str_detailed Function in CCN-lite 2 Segmentation Fault and Denial of Service Vulnerability in GNU Patch Double Free Vulnerability in GNU Patch through 2.7.6 Buffer Overflow and Out-of-Bounds Memory Access Vulnerability in CCN-lite 2's NDNTLV Parser Privilege Escalation via systemd-tmpfiles Symlink Vulnerability Denial-of-Service Vulnerability in VMware Workstation and Fusion DOM-based Cross-Site Scripting (XSS) Vulnerability in VMware vRealize Automation (vRA) Session Hijacking Vulnerability in VMware vRealize Automation (vRA) Broken Authentication Vulnerability in VMware Horizon DaaS (7.x before 8.0.0) Allows Bypass of Two-Factor Authentication Command Injection Vulnerability in VMware NSX SD-WAN Edge by VeloCloud Signature Bypass Vulnerability in VMware Fusion (10.x before 10.1.2) Allows Local Privilege Escalation Multiple Denial-of-Service Vulnerabilities in VMware Workstation and Fusion Local Privilege Escalation Vulnerability in VMware Horizon Client for Linux Out-of-Bounds Read Vulnerability in VMware ESXi, Workstation, and Fusion Out-of-Bounds Read Vulnerability in VMware ESXi, Workstation, and Fusion Out-of-Bounds Read Vulnerability in VMware ESXi, Workstation, and Fusion Remote Code Execution Vulnerability in VMware AirWatch Agent for Android and Windows Mobile Out-of-Bounds Read Vulnerability in VMware Tools HGFS Out-of-bounds read vulnerability in VMware Horizon Connection Server, Horizon Agent, and Horizon Client Local Information Disclosure Vulnerability in VMware Horizon View Agents NULL pointer dereference vulnerability in VMware ESXi, Workstation, and Fusion Out-of-Bounds Write Vulnerability in VMware Workstation and Fusion Allows Guest-to-Host Code Execution Out-of-Bounds Read Vulnerability in VMware ESXi, Workstation, and Fusion Unencrypted Data Vulnerability in AirWatch Agent for iOS Unencrypted Filenames and Metadata Vulnerability in VMware Content Locker for iOS Denial-of-Service Vulnerability in VMware ESXi, Workstation, and Fusion due to Infinite Loop in 3D-Rendering Shader Local Privilege Escalation Vulnerability in vRealize Operations SAML Authentication Bypass Vulnerability in VMware Workspace ONE Unified Endpoint Management Console Improper Authorization in User Registration Method in VMware vRealize Log Insight Uninitialized Stack Memory Usage in VMware Virtual Network Adapter Allows Guest-to-Host Code Execution Uninitialized Stack Memory Usage in VMware ESXi 6.7 and 6.5 Allows Information Leak from Host to Guest Integer Overflow Vulnerability in VMware Workstation and Fusion Virtual Network Devices Arbitrary Code Execution Vulnerability in webcheckout through 1.20171231 SQL Injection Vulnerability in SchedMD Slurm Authentication Bypass Vulnerability in TRENDnet TEW-751DR, TEW-752DRU, and TEW733GR Devices Stored Cross-Site Scripting (XSS) Vulnerability in Gleez CMS 1.2.0 and 2.0 Buffer Overflow Vulnerability in CCN-lite 2.0.0 Beta Arbitrary Code Execution Vulnerability in Kentico 9-11 via Dynamic .NET Code Evaluation Default JMX Credentials Vulnerability in Wowza Streaming Engine Denial of Service Vulnerability in Wowza Streaming Engine 4.7.1 XSS Vulnerability in Wowza Streaming Engine's HTTP Providers NULL Pointer Dereference Vulnerability in Irssi Out-of-Bounds Access Vulnerability in Irssi NULL Pointer Dereference Vulnerability in Irssi Use-after-free vulnerability in Irssi Use-after-free vulnerability during server disconnection in Irssi SSRF Vulnerability in GroupViewProxyServlet in RoomWizard before 4.4.x Information Disclosure Vulnerability in RoomWizard Cross-Site Scripting (XSS) Vulnerability in RoomWizard before 4.4.x via HelpAction.action pageName Parameter Aruba ClearPass Authentication Bypass Vulnerability Aruba ClearPass API Privilege Escalation Vulnerability Aruba ClearPass CSRF Vulnerability: Unauthorized Actions on Web Admin Interface Vulnerability: Unauthorized Access and Compromise of Aruba ClearPass API Reflected Cross-Site Scripting (XSS) Vulnerability in Aruba Instant Web Interface Authenticated SQL Injection Vulnerability in Aruba ClearPass Policy Manager: Privilege Escalation and Cluster Compromise Aruba ClearPass Policy Manager Unauthenticated Remote Command Execution Vulnerability Aruba ClearPass Policy Manager Remote Authentication Bypass Vulnerability Remote HOST Header Attack Vulnerability in HPE CentralView Fraud Risk Management Remote Unauthenticated Access to Files Vulnerability in HPE CentralView Fraud Risk Management Remote Disclosure of Information Vulnerability in HPE CentralView Fraud Risk Management Remote Access to Sensitive Information Vulnerability in HPE Network Function Virtualization Director (NFVD) 4.2.1 Remote Bypass of Security Restrictions in HPE Moonshot Provisioning Manager Local Arbitrary File Modification Vulnerability in HPE Moonshot Provisioning Manager v1.24 and earlier Remote Code Execution Vulnerability in HPE Intelligent Management Center (iMC) PLAT 7.3 E0506P07 Title: Remote Cross-Site Scripting (XSS) Vulnerability in HPE Intelligent Management Center (iMC) PLAT v7.3 (E0506) Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (iMC) Unauthorized Access Vulnerability in HPE XP P9000 Command View Advanced Edition (CVAE) Device Manager Critical Remote Code Execution Vulnerability in HPE Integrated Lights-Out (iLO) Versions Prior to v2.60 (iLO 4) and v1.30 (iLO 5) Aruba ClearPass Policy Manager Guest Authorization Bypass Vulnerability in Aruba Access Points' Embedded BLE Radio Firmware ArubaOS Remote Code Execution Vulnerability Aruba Instant Command Injection Vulnerability Aruba Instant Web Interface Unauthorized Access to Core Dumps Vulnerability Aruba Instant Web Interface Command Injection Vulnerability Cross-Site Scripting Vulnerability in HPE XP P9000 Command View Advanced Edition Software (CVAE) Open URL Redirection Vulnerability in HPE XP P9000 Command View Advanced Edition Software (CVAE) Remote Directory Traversal Vulnerability in HPE Intelligent Management Center Platform (IMC Plat) 7.3 E0506P09 Remote Denial of Service Vulnerability in HPE Integrated Lights-Out and Moonshot Chassis Manager Local Privilege Escalation Vulnerability in 3PAR Service Processor (SP) Remote Access Restriction Bypass Vulnerability in 3PAR Service Processor Remote Code Execution Vulnerability in 3PAR Service Processor (SP) 3PAR Service Processor (SP) Remote Cross-Site Request Forgery Vulnerability 3PAR Service Processor (SP) Local Directory Traversal Vulnerability 3PAR Service Processor (SP) Local Information Disclosure Vulnerability Local Disclosure of Sensitive Information in HPE OfficeConnect 1810 Switch Series Remote Denial of Service Vulnerability in HPE Integrated Lights Out 4 and iLO 5 Remote Arbitrary File Modification Vulnerability in HPE Intelligent Management Center (iMC) PLAT E0506P09 Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (iMC) Wireless Services Manager Software Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (iMC) Wireless Services Manager Software Remote Code Execution and Information Disclosure Vulnerability in HPE Integrated Lights-Out (iLO) Remote SQL Injection and Privilege Escalation Vulnerability in HPE Device Entitlement Gateway (DEG) v3.2.4 - v3.3.1 HPE StorageWorks XP7 Automation Director Authentication Bypass Vulnerability HPE eIUM v9.0FP1 Remote Arbitrary File Modification Vulnerability Remote Unauthorized Disclosure of Information Vulnerability in HPE Service Governance Framework (SGF) 4.2 and 4.3 Remote Unauthorized Access Vulnerability in HPE UIoT: Malfunction in DSM Portal and APIs Local Disclosure of Privileged Information in HPE Windows Firmware Installer for Certain Servers Local Exploit to Bypass Firmware Update Security Restrictions in HPE iLO 5 Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) Remote Buffer Overflow Vulnerability in HPE Intelligent Management Center (IMC) Remote Denial of Service Vulnerability in HPE Intelligent Management Center (IMC) Remote Cross-Site Scripting Vulnerability in HPE iLO 5 Web User Interface Local Access Restriction Bypass Vulnerability in HPE Service Pack for ProLiant (SPP) Bundled Software Local Disclosure of Sensitive Information Vulnerability in HPE NonStop Safeguard and NonStop Standard Security Software Elevation of Privilege Vulnerability in HPE Virtual Connect SE 16Gb Fibre Channel Module Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Remote Disclosure of Information Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Denial of Service Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Regular Expression Denial of Service (ReDoS) in Node.js 4.x `'path'` Module HTTP Parser in Node.js Allows Spaces in Content-Length Header Remote Code Execution Vulnerability in Node.js Inspector: Exploiting DNS Rebinding Attack Denial of Service (DoS) Vulnerability in Node.js HTTP2 Server Denial of Service (DoS) Vulnerability in Node.js TLS Implementation Denial of Service Vulnerability in Node.js Versions 9.7.0 and Later Uninitialized Memory Disclosure Vulnerability in Node.js 10 Buffer.fill() and Buffer.alloc() Hang Vulnerability Privilege Escalation via newgidmap in shadow-utils Sybil Attack Vulnerability in ntpd Twonky Server Directory Traversal Vulnerability Arbitrary File Deletion Vulnerability in WonderCMS before 2.4.1 Denial of Service Vulnerability in xpdf 4.00 via JBIG2Stream::readSymbolDictSeg Infinite Loop Denial of Service Vulnerability in xpdf 4.00 NULL Pointer Dereference in readCodestream Allows Denial of Service in xpdf 4.00 CSRF Vulnerability in FrontAccounting 2.4.3 Allows Unauthorized User Account Addition SQL Injection Vulnerability in Saxum Numerology 3.0.4 Component for Joomla! SQL Injection Vulnerability in Saxum Picker 3.2.10 Component for Joomla! via publicid Parameter SQL Injection Vulnerability in SquadManagement 1.0.3 Component for Joomla! via id Parameter SQL Injection Vulnerability in Saxum Astro 4.0.14 Component for Joomla! Out-of-Bounds Read Vulnerability in ntpd Remote Code Execution Vulnerability in ntpq's decodearr Function Denial of Service Vulnerability in ntpd (CVE-2016-1549) Denial of Service Vulnerability in NTP 4.2.6 Stack-based Buffer Overflow in Leptonica before 1.75.3 Arbitrary OS Command Execution via Insecure go get Implementation in Go 1.9.4 XSS Vulnerability in Tiki before 18 Allows Privilege Escalation via SVG Image Denial of Service Vulnerability in Linux Kernel's TUN Subsystem Arbitrary Script Injection in Enhancesoft osTicket 1.10.2 Arbitrary Web Script Injection in Enhancesoft osTicket 1.10.2 Denial-of-Service Vulnerability in Enhancesoft osTicket Ticket Number Generator Password Reset Vulnerability in Enhancesoft osTicket Arbitrary Web Script Injection in Enhancesoft osTicket 1.10.2 Stored Cross-Site Scripting (XSS) Vulnerability in Pluck 4.7.4 Cross-Site Scripting (XSS) Vulnerability in October CMS 1.0.431 Add Posts Page CSV Injection in ProjectSend: Exploiting Microsoft Excel Import Vulnerability Cross-Site Scripting (XSS) Vulnerability in ProjectSend Arbitrary Script Injection Vulnerability in Twonky Server 7.0.11 through 8.5 Sensitive Information Exposure in Giribaz File Manager Plugin for WordPress Reflected Cross-Site Scripting Vulnerability in Kentico's Edit Device Layout Improper Group Membership Validation in JupyterHub OAuthenticator Unvalidated Index Vulnerability in coff_pointerize_aux Function in libbfd Sensitive Information Disclosure in iDashboards 9.6b via idashboards/config.xml URI Sensitive Information Disclosure in iDashboards 9.6b via Direct Request for idb/config?CMD=installLicense URI Weak Obfuscation Library in iDashboards 9.6b SSO Implementation Allows Credential Discovery Path Traversal Vulnerability in Sinatra 2.x on Windows Vulnerability: Bypassing Multi-Factor Authentication and macOS Disk-Encryption Protection in Abine Blur 7.8.242* CSRF Vulnerability in Bravo Tejari Procurement Portal Allows Unauthorized Modification of User Data File Upload Vulnerability in Bravo Tejari Procurement Portal Arbitrary Code Execution Vulnerability in Citrix NetScaler Application Delivery Controller and NetScaler Gateway CSRF Vulnerability in NoneCms 1.3.0 Allows Unauthorized Account Manipulation Uninitialized Data Access Vulnerability in LibVNCServer Integer Overflow Vulnerability in LinuxVNC and VNCommand Unauthenticated URL Retrieval Vulnerability in Schneider Electric's Pelco Sarix Professional Authentication Bypass Vulnerability in Schneider Electric's Pelco Sarix Professional Firmware Hardcoded Credentials Vulnerability in Schneider Electric's Pelco Sarix Professional Firmware XML External Entity (XXE) Vulnerability in Schneider Electric's Pelco Sarix Professional Firmware Versions Prior to 3.29.67 Command Execution Vulnerability in Schneider Electric's Pelco Sarix Professional Firmware Command Execution Vulnerability in Schneider Electric's Pelco Sarix Professional Firmware Command Execution Vulnerability in Schneider Electric's Pelco Sarix Professional Firmware Arbitrary System File Download Vulnerability in Schneider Electric's Pelco Sarix Professional Firmware Arbitrary System File Download Vulnerability in Schneider Electric's Pelco Sarix Professional Unauthenticated SSH Service Vulnerability in Schneider Electric's Pelco Sarix Professional Arbitrary System File Deletion Vulnerability in Schneider Electric's Pelco Sarix Professional Buffer Overflow Vulnerability in Schneider Electric's Pelco Sarix Professional Web-based GUI DLL Hijacking Vulnerability in Schneider Electric's SoMove Software and DTM Components Arbitrary Code Execution Vulnerability in Schneider Electric's Modicon Quantum Communication Modules Vulnerability: Hard Coded Accounts in Schneider Electric's Modicon Controllers Vulnerability: Hash Collision Attacks in Schneider Electric's Modicon Controllers Authorization Bypass Vulnerability in Schneider Electric's 66074 MGE Network Management Card Transverse Information Disclosure Vulnerability in Schneider Electric's 66074 MGE Network Management Card Transverse Unauthorized Control and Configuration Access in Schneider Electric's 66074 MGE Network Management Card Transverse Cleartext Transmission of Sensitive Information Vulnerability in Schneider Electric's 66074 MGE Network Management Card Transverse Buffer Overflow Vulnerability in pixHtmlViewer in Leptonica Unauthenticated User Account Validation Vulnerability in Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317 Race Condition Vulnerability in secdrv.sys Allows Arbitrary Code Execution Uninitialized Kernel Pool Allocation Vulnerability in secdrv.sys Exposure of MySQL Credentials in Anchor 0.12.3 Heap-based Buffer Over-read Vulnerability in WavPack 5.1.0's ParseDsdiffHeaderConfig Function Remote Denial-of-Service and Buffer Overflow Vulnerability in WavPack 5.1.0 Sensitive Information Disclosure in Flight Sim Labs A320-X Installer Arbitrary Code Injection via Crafted URL in phpMyAdmin Multiple Persistent XSS Vulnerabilities in Radiant CMS 1.1.4 Ceph RGW Malformed HTTP Headers Denial of Service Vulnerability Denial of Service and Possible Remote Code Execution in Underbit libmad through 0.15.1b Multiple Out of Bounds Write and Sign Errors in Pictview Image Processing Library Embedded in ActivePDF Toolkit Stored XSS Vulnerability in Shimmie 2 2.6.0 via Crafted SVG File Upload Information Exposure Vulnerability in MagniComp SysInfo SQL Injection Vulnerability in Yii 2.x ActiveRecord findByCondition Function MetInfo 6.0.0 Installation Process Arbitrary Command Execution Vulnerability Sensitive Information Disclosure via SSOToken ID in ForgeRock AM REST APIs Floppy Driver Information Disclosure Vulnerability Multiple Persistent Cross-Site Scripting Vulnerabilities in Yab Quarx 2.4.3 Information Disclosure Vulnerability in Lutron Quantum BACnet Integration 2.0 Persistent XSS Vulnerability in RLE Wi-MGR/FDS-Wi 6.2 Devices Persistent XSS Vulnerability in RLE Protocol Converter FDS-PC / FDS-PC-DP 2.1 Devices Critical Remote Code Execution Vulnerability in AlienVault USM and OSSIM Cross-Site Scripting (XSS) Vulnerability in Ninja Forms Plugin for WordPress Root Privilege Escalation Vulnerability in CactusVPN 5.3.6 for macOS TITool PrintMonitor Solution: Username Parameter SQL Injection Vulnerability Buffer Overflow Vulnerability in Asterisk SUBSCRIBE Request Processing NULL Pointer Access Vulnerability in Asterisk 15.x through 15.2.1 Remote Crash Vulnerability in Asterisk through 15.2.1 WebSocket Payload Size 0 Mishandling Vulnerability in Asterisk 15.x through 15.2.1 Vulnerability: Malware Bypasses Detection in Armadito 0.12.7.2 due to UTF-16 Filename Handling Cross Site Scripting (XSS) Vulnerability in Tiki before 12.13, 15.6, 17.2, and 18.1 Improper Enforcement of Message Integrity in FFXIV Launcher Allows Credential Theft Arbitrary File Read Vulnerability in eQ-3 AG Homematic CCU2 2.29.2 and Earlier Remote Code Execution in eQ-3 AG Homematic CCU2 2.29.2 and earlier Arbitrary Malicious Firmware Updates Vulnerability in eQ-3 AG HomeMatic CCU2 2.29.22 Arbitrary File Creation and Software Installation Vulnerability in eQ-3 AG Homematic CCU2 2.29.2 and Earlier Arbitrary File Write and Remote Code Execution in eQ-3 AG Homematic CCU2 2.29.2 and earlier Open XML-RPC Port Without Authentication in eQ-3 AG HomeMatic CCU2 2.29.22 Devices SVG Content Upload Vulnerability in Tiki 17.1 HTML Injection Vulnerability in Tiki 17.1 Calendar Component CSV Injection Vulnerability in Tiki 17.1 Allows Remote Code Execution CSRF Vulnerability in MyBB 1.8.14 Allows Arbitrary Deletion of User Accounts CSRF Vulnerability in Auth0.js Library: Mishandling of Missing State Parameter in Authorization Response Arbitrary File Manipulation Vulnerability in DanWin Hosting Root Privilege Escalation Vulnerability in PrivateVPN 2.0.31 for macOS SQL Injection Vulnerability in Alexandria Book Library 3.1.2 Component for Joomla! SQL Injection Vulnerability in CW Tags 2.0.6 Component for Joomla! SQL Injection in PrayerCenter 3.0.2 Component for Joomla! via sessionid Parameter SQL Injection Vulnerability in Ek Rishta 2.9 Component for Joomla! Arbitrary File Upload Vulnerability in Proclaim 9.1.1 Component for Joomla! Proclaim 9.1.1 Joomla! Component Backup Download Vulnerability SQL Injection in CheckList 1.1.1 Component for Joomla! via Multiple Parameters SQL Injection Vulnerability in OS Property Real Estate 3.12.7 Component for Joomla! SIGCOMP Protocol Dissector Crash Vulnerability in Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12 Loop Vulnerability in Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12 Integer Wraparound Vulnerability in Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12 Loop Vulnerability in Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12 Infinite Loop Vulnerability in Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12 Infinite Loop Vulnerability in Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12 Infinite Loop Vulnerability in Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12 Infinite Loop Vulnerability in Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12 Infinite Loop Vulnerability in Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12 Infinite Loop Vulnerability in Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12 Infinite Loop Vulnerability in Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12 Infinite Loop Vulnerability in Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12 Infinite Loop Vulnerability in Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12 Infinite Loop Vulnerability in Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12 UMTS MAC Dissector Crash Vulnerability IEEE 802.11 Dissector Crash Vulnerability in Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12 FCP Protocol Dissector Null Pointer Crash Vulnerability Vulnerability: Crash in DOCSIS Protocol Dissector in Wireshark 2.4.0 to 2.4.4 MP4v2 MP4Atom Class Entry Number Validation Vulnerability XML Signature Wrapping Vulnerability in Duo Network Gateway 1.2.9 and Earlier Cross-Site Scripting Vulnerability in ZTE MF65 and MF65M1 Devices ZTE ZXR10 8905E Product: TCP Initial Sequence Number (ISN) Reuse Vulnerability Improper Access Control Vulnerability in ZTE ZXHN H168N Improper Change Control Vulnerability in ZTE ZXHN H168N Heap-Based Buffer Overflow Vulnerability in ZTE ZXHN F670 (Versions up to V1.1.10P3T18) Information Exposure Vulnerability in ZTE ZXHN F670: Unauthorized Access to GPON SN Information Null Pointer Dereference Vulnerability in ZTE ZXHN F670: Denial of Service via appviahttp Service Improper Access Control Vulnerability in ZTE ZXHN F670 Routers Improper Authorization Vulnerability in ZTE ZXHN F670: Brute Force Account Credential Attack Improper Access Control Vulnerability in ZTE ZXIN10 Product European Region Untrusted Search Path Vulnerability in ZTE uSmartView Product Authentication Bypass Vulnerability in ZTE ZXV10 B860AV2.1 Arbitrary Code Injection through Cross-Site Scripting (XSS) in Zoho ManageEngine EventLog Analyzer Arbitrary Code Execution via u3d Images in Foxit Reader and PhantomPDF Remote Code Execution via U3D Image Rendering in Foxit Reader and PhantomPDF Local Privilege Escalation Vulnerability in npm 5.7.0 Pre-release Buffer Overflow in unicode_to_ansi_copy() function in unixODBC IPMI Dissector Crash Vulnerability in Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4 SIGCOMP Dissector Crash Vulnerability in Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4 NBAP Dissector Crash Vulnerability in Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4 PCAPNG File Parser Crash Vulnerability Infinite Loop Vulnerability in Wireshark DMP Dissector Local File Inclusion Vulnerability in Site Editor Plugin for WordPress Arbitrary web script injection vulnerability in Splunk Web Denial of Service Vulnerability in Splunk Enterprise and Splunk Light Directory Traversal Vulnerability in Splunk Django App Denial of Service Vulnerability in Splunk Enterprise and Splunk Light Improper Data Escaping in iThemes Security Plugin for WordPress Logs Page Path Disclosure Vulnerability in zzcms 8.2 Heap-Based Buffer Over-Read in FreeXL's destroy_cell Function Heap-Based Buffer Over-Read in parse_SST Function in FreeXL Heap-Based Buffer Over-Read in FreeXL's parse_SST Function Heap-Based Buffer Over-Read in FreeXL's parse_unicode_string Function Heap-Based Buffer Over-Read in FreeXL's read_mini_biff_next_record Function Command Injection Vulnerability in Leptonica through 1.75.3 Hardcoded /tmp Pathnames Vulnerability in Leptonica Path Traversal and Arbitrary File Overwrite Vulnerability in Leptonica Memory Allocation Failure in ReadTIFFImage Function in ImageMagick 7.0.7-23 Q16 Buffer Overflow in MikroTik RouterOS SMB Service Allows Remote Code Execution Persistent Cross-Site Scripting Vulnerabilities in mojoPortal 2.6.0.0 Arbitrary PHP Code Injection Vulnerability in CMS Made Simple 2.1.6 Installation Procedure Denial of Service Vulnerability in SEGGER FTP Server for Windows NULL Pointer Dereference Vulnerability in xpdf 4.00 Allows Denial of Service Denial of Service Vulnerability in xpdf 4.00: Infinite Recursion in AcroForm::scanField NULL Pointer Dereference Vulnerability in Xpdf 4.00 Allows Denial of Service Denial of Service Vulnerability in xpdf 4.00 via Out-of-Bounds Read in JPXStream::readTilePart NULL Pointer Dereference in TIFFPrintDirectory function in LibTIFF Arbitrary SQL Command Execution in ASANHAMAYESH CMS 3.4.6 via files.php Vulnerability: Cross-Site Scripting (XSS) in VirtueMart before 3.2.14 Injection Vulnerability in TestLink's installNewDB.php Allows Remote Attackers to Conduct Injection Attacks Directory Traversal Vulnerability in AxxonSoft Axxon Next XSS Vulnerability in PHP Scripts Mall Entrepreneur Job Portal Script 2.0.9 Denial of Service Vulnerability in ImageMagick 7.0.7-22 Q16 Integer Overflow Vulnerability in KingView 7.5SP1's stgopenstorage API Denial of Service Vulnerability in INVT Studio 1.2 Open Redirect Vulnerability in SO Connect SO WIFI Hotspot Web Interface SQL Injection Vulnerability in Textpattern CMS 4.6.2 and Earlier IceWarp Mail Server 12.0.3 Cross-Site Scripting (XSS) Vulnerability in webdav/ticket/ URIs Cross Site Scripting (XSS) in dayrui FineCms 5.3.0 via id or lid parameter in c=linkage,m=import request SQL Injection Vulnerability in PHP Scripts Mall School Management Script 3.0.4 Path Disclosure Vulnerability in YzmCMS 3.6 Double Free Vulnerability in blkcg_init_queue Function in Linux Kernel Directory Traversal Vulnerability in K2 Component 2.8.0 for Joomla! Privilege Escalation through DLL Hijacking in PureVPN Improper Argument Order in SQLWriteFileDSN Function in unixODBC 2.3.5 Arbitrary Code Execution via Unrestricted Inline Function Calls in Blue River Mura CMS Heap-Based Buffer Overflow in LoadPCX Function of sam2p 0.49.4 Unauthenticated Remote Code Execution in FasterXML Jackson-Databind Directory Traversal Vulnerability in uWSGI before 2.0.17 PrestaShop UI-Redressing/Clickjacking Vulnerability NULL Pointer Dereference Vulnerability in Linux Kernel's net/rds/rdma.c __rds_rdma_map() Function Root Privilege Escalation Vulnerability in CactusVPN for macOS Stack Buffer Overflow in WPLSoft in Delta Electronics Versions 2.45.0 and Prior External Control of File Name or Path Vulnerability in Advantech WebAccess Unintended Information Disclosure in OSIsoft PI Vision Versions 2017 and Prior Untrusted Pointer Dereference Vulnerabilities in Advantech WebAccess and WebAccess Dashboard Lack of Data Encryption in Philips Alice 6 System R8.0.2 or Prior: A Breach of Confidentiality, Integrity, and Accountability Stack-based Buffer Overflow Vulnerabilities in Advantech WebAccess Privilege Escalation Vulnerability in OSIsoft PI Web API Multiple SQL Injection Vulnerabilities in Advantech WebAccess Improper Validation of User-Supplied Pointers in Beckhoff TwinCAT: Privilege Escalation Vulnerability Path Traversal Vulnerability in Advantech WebAccess Reflected Cross-Site Scripting Vulnerability in OSIsoft PI Vision Versions 2017 and Prior Unrestricted File Upload Vulnerability in Advantech WebAccess Vulnerability: Disclosure of Private Key in Moxa MXview Versions 2.8 and Prior Heap Buffer Overflow in WPLSoft in Delta Electronics Versions 2.45.0 and Prior Cross-Site Scripting Vulnerability in OSIsoft PI Web API Versions 2017 R2 and Prior Buffer Overflow Vulnerability in WPLSoft (Delta Electronics) Versions 2.45.0 and Prior Plaintext Password Exposure in BeaconMedaes TotalAlert Scroll Medical Air Systems Buffer Overflow Vulnerability in Eaton ELCSoft Versions 2.04.02 and Prior Remote Code Execution Vulnerability in Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 IP Cameras Stack-Based Buffer Overflow in Omron CX-Supervisor Versions 3.30 and Prior Stack-based buffer overflow vulnerability in Omron CX-One versions 4.42 and prior Uninitialized Pointer Vulnerability in Omron CX-Supervisor Versions 3.30 and Prior Server-Side Request Forgery Vulnerability in Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 IP Cameras Allows Proxied Network Scans Out of Bounds Vulnerability in Omron CX-Supervisor Versions 3.30 and Prior Insecure Storage and Transmission of Credentials in TotalAlert Web Application Heap-Based Buffer Overflow in Omron CX-Supervisor Versions 3.30 and Prior Improper Access Control Vulnerability in Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 IP Cameras Use After Free Vulnerability in Omron CX-Supervisor Versions 3.30 and Prior Vulnerability: Privilege Escalation via Fixed Memory Location in Schneider Electric Triconex Tricon MP Model 3008 Firmware Versions 10.0-10.4 Double Free Vulnerability in Omron CX-Supervisor Versions 3.30 and Prior Unauthorized User Addition Vulnerability in Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 IP Cameras Untrusted Pointer Dereference Vulnerability in Omron CX-Supervisor Versions 3.30 and Prior Unauthenticated Information Disclosure Vulnerability in TotalAlert Web Application Buffer Overflow Vulnerability in LeviStudio HMI Editor and PI Studio HMI Project Programmer SQL Injection Vulnerability in Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 IP Cameras Deserialization of Untrusted Data Vulnerability in OSIsoft PI Data Archive Pointer Misuse Vulnerability in Omron CX-One Software Suite Unauthenticated Custom Request Vulnerability in OSIsoft PI Data Archive Unauthenticated Remote Code Execution Vulnerability in Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 IP Cameras OSIsoft PI Data Archive 2017 and Prior: Incorrect Default Permissions Vulnerability Memory Leakage of Encryption Key in Stealth Authorization Server Privilege Escalation Vulnerability in TotalAV v4.1.7 Catastrophic Backtracking Vulnerability in Django's urlize() Function Catastrophic Backtracking Vulnerability in Django's Truncator Methods SQL Injection Vulnerability in Enalean Tuleap Tracker Functionality Vulnerability: Directory Traversal in Appear TV XC5000 and XC5100 Devices Denial of Service Vulnerability in Xen through 4.10.x via Non-Preemptable L3/L4 Pagetable Freeing Grant-table transition vulnerability in Xen allows for denial of service and privilege escalation Denial of Service Vulnerability in Xen Hypervisor due to Mishandling of Configurations without Local APIC Arbitrary JavaScript Injection in SnapCreek Duplicator Plugin for WordPress Cross-Protocol Scripting Vulnerability in OpenVPN Management Interface Denial of Service Vulnerability in Kingsoft WPS Office 2016 and Jinshan PDF 10.1.0.6621 XSS Vulnerability in lyadmin 1.x via config[WEB_SITE_TITLE] Parameter NULL Pointer Dereference Vulnerability in zsh through 5.4.2 Crash Vulnerability in zsh 5.4.2: Empty Hash Table Copy Out-of-Bounds Memory Access in QEMU's load_multiboot Function Invalid Free Vulnerability in MiniPS::delete0 in sam2p 0.49.4 Invalid Free Vulnerability in Mapping::DoubleHash::clear in sam2p 0.49.4 Heap-Based Buffer Overflow in pcxLoadRaster Function of sam2p 0.49.4 Invalid Free Vulnerability in ReadImage Function of sam2p 0.49.4 Remote Code Execution in LimeSurvey InstallerController.php Out-of-Array Read Denial of Service Vulnerability in FFmpeg OPC UA Server Private Key Disclosure Vulnerability Regular Expression Denial of Service (ReDoS) in aws-lambda-multipart-parser NPM Package Stack-based Buffer Overflow in Tenda AC9 Devices V15.03.05.14_EN HTTPD Race Condition Vulnerability in GLPI through 9.2.1 Allows Temporary Access to Uploaded Executable Files Cross-Site Scripting (XSS) Vulnerability in GLPI through 9.2.1 Stored XSS Vulnerability in Polycom QDX 6000 Devices CSRF Vulnerability Discovered on Polycom QDX 6000 Devices Buffer Overflow Vulnerability in Linux Kernel 4.15 via SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl Blind Remote Code Execution in OTRS Admin Package Manager Integer Overflow and Application Crash in parse_die function of libbfd Integer Underflow/Overflow and Application Crash in libbfd Denial of Service Vulnerability in assign_file_positions_for_non_load_sections function in libbfd Pulse Secure Client Authentication Bypass and Command Execution Vulnerability FTPShell Client 6.7 Remote Code Execution Vulnerability Buffer Overflow Vulnerability in Google TensorFlow 1.7.x and Earlier Null Pointer Dereference Vulnerability in Google TensorFlow 1.6.x and Earlier Memcpy Parameter Overlap Vulnerability in Google Snappy Library 1.1.4 SQL Injection in YzmCMS 3.6 via catids array parameter in update_category_url.html Title: Denial of Service Vulnerability in Philips Hue Hub: Freezing and Unresponsiveness during SYN Flood Attack Weak Permissions in WebLog Expert Web Server Enterprise 9.4 Allow Local Users to Set Cleartext Password and Login as Admin Remote Denial Of Service Vulnerability in WebLog Expert Web Server Enterprise 9.4 Remote Denial of Service Vulnerability in DualDesk 20's Proxy.exe Stack-based Buffer Under-read Vulnerability in PHP HTTP Response Parsing Unsecured Gallery Paths in NextGen Gallery Plugin for WordPress Denial of Service Vulnerability in CImg v.220: Allocation Failure in load_bmp Heap-Based Buffer Over-Read Vulnerability in CImg v.220's load_bmp Function Double Free Vulnerability in CImg v.220's load_bmp Function CSRF Vulnerability in Hoosk 1.7.0 Allows Unauthorized Account Creation Arbitrary Code Execution Vulnerability in Drupal Highly Critical Remote Code Execution Vulnerability in Drupal Core (SA-CORE-2018-002) Cross Site Scripting (XSS) Vulnerability in Drupal's Search Autocomplete Module Remote Code Execution Vulnerability in EpiCentro E_7.3.2+ HTTPD Remote Denial of Service Vulnerability in EpiCentro E_7.3.2+ HTTPD Epicentro E_7.3.2+ /ui/login Form Language Parameter Code Injection Vulnerability CSRF Vulnerability in Enalean Tuleap 9.17 Allows Account Takeover via E-mail Address Change Whale Browser before 1.0.41.8 Vulnerability: Displaying Fake Domain Name on Address Bar Arbitrary Code Injection Vulnerability in PAN-OS URL Filtering Continue Page Heap-based Buffer Over-read in CImg v.220's load_bmp Function Heap-based Buffer Over-read in CImg v.220's load_bmp Function Heap-based Buffer Over-read in CImg v.220's load_bmp Function Heap-based Buffer Over-read in load_bmp function in CImg v.220 Heap-based Buffer Over-read in CImg v.220's load_bmp Function Denial of Service Vulnerability in libbfd's swap_std_reloc_in Function Integer Overflow and Application Crash in GNU Binutils 2.30 Key Confusion Vulnerability in XmlSecLibs Library Allows Impersonation in SimpleSAMLphp Buffer Overflow Vulnerability in OpenJPEG 2.3.0 Cross-Site Scripting (XSS) Vulnerability in Monitorix before 3.10.1 Stored XSS Vulnerability in PHP Scripts Mall Hot Scripts Clone:Script Classified Version 3.1 Application Regular Expression Denial of Service (ReDoS) Vulnerability in ssri Module for Node.js Cross-Site Scripting (XSS) Vulnerability in Zonemaster Web GUI before 1.0.11 XSS Vulnerability in YzmCMS 3.6 via a, c, or m Parameter in index.php Path Traversal Vulnerability in 3CX 15.5.6354.2: Unrestricted File Access via /api/RecordingList/download?file= Parameter Denial of Service Vulnerability in Softros Network Time System 2.3.4 Stored Cross-Site Scripting Vulnerability in OpenText Documentum D2 Webtop v4.6.0030 build 059 via Uploaded Image Filename Reflected Cross-Site Scripting Vulnerability in OpenText Documentum D2 Webtop v4.6.0030 build 059 Remote Audio Data Leakage in Papenmeier WiFi Baby Monitor Free & Lite Path Disclosure Vulnerability in Couch through 2.0 Server-side Template Injection in Voten.co User Profile Bio Field Arbitrary OS Command Injection in ClipBucket Arbitrary File Upload Vulnerability in ClipBucket Multiple SQL Injection Vulnerabilities in ClipBucket Server-Side Request Forgery (SSRF) Vulnerability in Adminer 4.3.1 via the server Parameter Arbitrary Attachment Read Vulnerability in TestLink 1.9.16 Directory Traversal Vulnerability in Sitecore Log Viewer Application NetIQ Identity Manager Communication Channel Denial of Service Vulnerability URL Redirection Vulnerability in NetIQ Identity Manager User Console (Versions prior to 4.7) Session Hijacking Vulnerability in NetIQ Sentinel Web Interface Sensitive Information Leakage in NetIQ Identity Manager UserApp (Versions Prior to 4.7) CSRF Vulnerability in NetIQ Access Manager (NAM) 4.4 Identity Server Cross Site Scripting Vulnerability in NetIQ Access Manager (NAM) Administration Console Remote Code Execution in Micro Focus Solutions Business Manager HTTP Header Reflection Vulnerability in Micro Focus Solutions Business Manager JavaScript Injection in Micro Focus Solutions Business Manager Favorites Folder Cross-Domain Invocation Vulnerability in Micro Focus Solutions Business Manager Sensitive Information Exposure in Micro Focus Solutions Business Manager Server Log Files Vulnerability: Corrupted RPM Installation Bypass in libzypp Shared Memory Information Leakage Vulnerability in NetIQ eDirectory Buffer Overflow Vulnerability in Micro Focus Client for OES Allows Privilege Escalation OpenSUSE Open Build Service Vulnerability: Unauthorized Modification of Sources Insufficient Permission Checks in InitializeDevelPackage Function in openSUSE Open Build Service before 2.9.3 Remote Unauthorized Access Vulnerability in Micro Focus Fortify Software Security Center (SSC) Versions 17.10, 17.20, 18.10 Remote Unauthorized Access Vulnerability in Micro Focus Fortify Software Security Center (SSC) Versions 17.10, 17.20, 18.10 Unvalidated Redirect Vulnerability in NetIQ eDirectory Unencrypted Transmission of Credentials in D-Link mydlink+ App Arbitrary Code Execution Vulnerability in DedeCMS 5.7 via CSRF CSRF Vulnerabilities in SecurEnvoy SecurMail before 9.2.501 Arbitrary Email Spoofing and Modification in SecurEnvoy SecurMail Arbitrary Script Injection in SecurEnvoy SecurMail before 9.2.501 Arbitrary Email Message Reading Vulnerability in SecurEnvoy SecurMail SecurEnvoy SecurMail Directory Traversal Vulnerability SecurEnvoy SecurMail Directory Traversal Vulnerability Arbitrary Script Injection in SecurEnvoy SecurMail before 9.2.501 Incorrect Signature Validation in SimpleSAMLphp Library Denial of Service Vulnerability in OpenCV 3.4.1's validateInputImageSize Function Denial of Service Vulnerability in OpenCV 3.4.1's validateInputImageSize Function Denial of Service Vulnerability in OpenCV 3.4.1's validateInputImageSize Function Root Privilege Escalation Vulnerability in PrivateVPN 2.0.31 for macOS Root Privilege Escalation Vulnerability in PrivateVPN 2.0.31 for macOS XSS Vulnerability in Kubik-Rubik Simple Image Gallery Extended (SIGE) Extension 3.2.3 for Joomla! User Account Takeover via Serialized Request Manipulation in Telexy QPath 5.4.462 Directory Traversal Vulnerability in Acrolinx Server before 5.2.5 on Windows CSRF Vulnerability in Western Bridge Cobub Razor 0.7.2 Allows Unauthorized Account Creation Cross Site Scripting (XSS) Vulnerability in MetInfo 6.0.0 Feedback Module Stored XSS vulnerability in Piwigo 2.9.3 management panel via name parameter in /ws.php?format=json request Stored XSS vulnerability in Piwigo 2.9.3 management panel via virtual_name parameter Stored XSS vulnerability in Piwigo 2.9.3 management panel via name parameter ZZIPlib 0.13.68 - Invalid Memory Address Dereference in zzip_disk_fread in mmapped.c ZZIPlib 0.13.68 Denial of Service Vulnerability in __zzip_parse_root_directory Function Memory Leak in ZZIPlib 0.13.68: Denial of Service Vulnerability Heap-based Buffer Over-read in Exempi TIFF_Handler.cpp Stack-based Buffer Over-read in PostScript_MetaHandler::ParsePSFile() Function Heap-based Buffer Over-read in PSD_MetaHandler::CacheFileData() Function NULL Pointer Dereference in WEBP::VP8XChunk Class SQL Injection in YxtCMF 3.1 via ShitiController.class.php CSRF Vulnerability in YxtCMF 3.1 RbacController.class.php Remote SQL Injection Vulnerability in Afian FileRun (before 2018.02.13) via search parameter in /?module=users&section=cpanel&page=list request Remote SQL Injection Vulnerability in Afian FileRun (before 2018.02.13) via search parameter in /?module=metadata&section=cpanel&page=list_filetypes request XSS Vulnerability in Z-BlogPHP 1.5.1.1740 via ZC_BLOG_SUBNAME or ZC_UPLOAD_FILETYPE Parameter Web Site Physical Path Leakage in Z-BlogPHP 1.5.1.1740 Privilege Escalation via Shell Command Injection in util-linux Authentication Bypass Vulnerability in antsle antman before 0.9.1a Denial of Service Vulnerability in Linux Kernel through 4.15.7 via Crafted Application Reflected XSS Vulnerability in Eramba e1.0.6.033 Date Filter Unauthenticated Account Creation in Western Bridge Cobub Razor 0.7.2 Unauthenticated Stored XSS in Western Bridge Cobub Razor 0.7.2 Cross-Site Scripting (XSS) Vulnerabilities in Caldera Forms Plugin for WordPress Arbitrary Code Execution via Glide Scripting Injection in ServiceNow Release Jakarta Patch 8 and Earlier Insecure Authentication Handling in AsyncSSH Server Implementation Incomplete Authentication Check in Paramiko SSH Server Implementation Denial of Service Vulnerability in FFmpeg's svg_probe Function Buffer Overflow in gf_media_avc_read_sps function in GPAC through 0.7.1 Improper Sanitization of URI Values in Bleach 2.1.x Information Disclosure Vulnerability in Linux Kernel's aoedisk_debugfs_show Function Kernel Pointer Leak Vulnerability in Linux Floppy Driver Unauthenticated Remote Code Execution in DEWESoft X3 SP1 (64-bit) Installer Memory Leak in Linux Kernel's sas_smp_get_phy_events Function Denial of Service Vulnerability in Schneider Electric's MiCOM Px4x Series Buffer Overflow Vulnerability in Schneider Electric's Modicon PLCs Authorization Bypass Vulnerability in Schneider Electric's Modicon PLCs Arbitrary Code Execution Vulnerability in Schneider Electric's Modicon PLCs Buffer Overflow Vulnerability in Schneider Electric's Modicon PLCs Directory Traversal Vulnerability in Schneider Electric U.motion Builder Software Directory Traversal Vulnerability in Schneider Electric U.motion Builder Software SQL Injection Vulnerability in Schneider Electric U.motion Builder Software SQL Injection Vulnerability in Schneider Electric U.motion Builder Software SQL Injection Vulnerability in Schneider Electric U.motion Builder Software SQL Injection Vulnerability in Schneider Electric U.motion Builder Software SQL Injection Vulnerability in Schneider Electric U.motion Builder Software Arbitrary File Send Vulnerability in Schneider Electric U.motion Builder Software Directory Traversal Vulnerability in Schneider Electric U.motion Builder Software SQL Injection Vulnerability in Schneider Electric U.motion Builder Software SQL Injection Vulnerability in Schneider Electric U.motion Builder Software SQL Injection Vulnerability in Schneider Electric U.motion Builder Software Information Disclosure Vulnerability in Schneider Electric U.motion Builder Software Insufficient Handling of update_file Parameter in Schneider Electric U.motion Builder Software Unauthenticated Remote Privilege Escalation in Schneider Electric Evlink Charging Station Web Interface Weak and Unprotected FTP Access in Schneider Electric Wiser for KNX, homeLYnk, and spaceLYnk Buffer Overflow Vulnerability in Schneider Electric Pelco Sarix Professional 1st Generation Cameras Clear Text Password Exposure and Privilege Escalation in Schneider Electric Pelco Sarix Professional 1st Generation Cameras Clear Text Password Vulnerability in Schneider Electric Pelco Sarix Professional 1st Generation Cameras Schneider Electric SoMachine Basic v1.6 SP1 XML External Entity (XXE) Vulnerability Command Injection Vulnerability in Schneider Electric U.motion Builder Software Remote Command Injection Vulnerability in Schneider Electric U.motion Builder Software Cross-Site Scripting (XSS) Vulnerability in Schneider Electric U.motion Builder Software Versions Prior to v1.3.4 Improper Input Validation in Schneider Electric U.motion Builder Software CWE-255 Credentials Management Vulnerability in Modicon Quantum Firmware Versions Prior to V2.40: Telnet Denial of Service Remote Reboot Vulnerability in Schneider Electric's Modicon M221 Modicon M221 Information Management Error Vulnerability Schneider Electric Modicon M221 Firmware Vulnerability: Unauthorized Password Overwrite and Program Extraction Schneider Electric Modicon M221: Rainbow Table Password Decoding Vulnerability Credential Management Vulnerability in FoxView HMI SCADA: Unauthorized Disclosure, Modification, and Service Disruption Denial of Service Vulnerability in Modicon PLCs via Modbus TCP Cross Protocol Injection Vulnerability in Schneider Electric's PowerLogic PM5560 (FW version < 2.5.4) Allows Cross-Site Scripting Attack Buffer Overflow Vulnerability in PowerSuite 2 URL Redirection Vulnerability in Power Monitoring Expert, Energy Expert, and Power SCADA Operation Remote Change of IPv4 Configuration Vulnerability in Modicon M221 Schneider Electric Software Update (SESU) DLL Hijacking Vulnerability Hard-coded Credentials Vulnerability in EVLink Parking v3.2.0-12_v1 and Earlier Remote Code Execution Vulnerability in EVLink Parking v3.2.0-12_v1 and Earlier EVLink Parking v3.2.0-12_v1 and Earlier: Critical SQL Injection Vulnerability Allows Full Privilege Access Title: CWE-754 Vulnerability in Triconex TriStation Emulator V1.2.0 Allows for Emulator Crash via Specially Crafted Packet URL Redirection Vulnerability in Modicon M340, Premium, Quantum PLCs and BMXNOR0200 ZipSlip Vulnerability in Data Center Operation: Arbitrary File Upload via Zip File ZipSlip Vulnerability in Data Center Expert: Arbitrary File Upload Unverified Password Change Vulnerability in Modicon M340, Premium, Quantum PLCs, and BMXNOR0200 Cross-site Scripting (XSS) Vulnerability in Modicon M340, Premium, Quantum PLCs and BMXNOR0200 Unverified Password Change Vulnerability in Modicon M340, Premium, Quantum PLCs, and BMXNOR0200 Information Exposure through Discrepancy in Modicon M340, Premium, Quantum PLCs and BMXNOR0200 Web Servers Remote Code Execution Vulnerability in Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0) Remote Code Execution Vulnerability in Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0) Remote Code Execution Vulnerability in Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0) Arbitrary File Deletion Vulnerability in 1st Gen Pelco Sarix Enhanced Camera's Web GUI Remote Code Execution Vulnerability in Zelio Soft 2 v5.1 and Prior Versions APC UPS Network Management Card 2 AOS v6.5.6 - Remote Monitoring Credentials Exposure Vulnerability Cycle Time Impact Vulnerability in SoMachine Basic and Modicon M221 Unauthorized Access to SoMachine Basic Resource Files Remote Code Execution Vulnerability in SoMachine Basic and Modicon M221 Schneider Electric Modbus Serial Driver: Externally Controlled Resource Reference Vulnerability Command Injection Vulnerability in PelcoSarix Enhanced Camera's Web GUI Command Injection Vulnerability in Pelco Sarix Enhanced Camera's Web GUI Cross-Site Scripting (XSS) Vulnerability in Pelco Sarix Enhanced and Spectra Enhanced Cameras CSRF Vulnerability in Pelco Sarix and Spectra Enhanced Cameras Command Injection Vulnerability in Pelco Sarix Enhanced and Spectra Enhanced Cameras HTTP Response Splitting Vulnerability in Modicon M340, Premium, Quantum PLCs and BMXNOR0200 Cross-Site Scripting (XSS) Vulnerability in Modicon M340, Premium, Quantum PLCs and BMXNOR0200 Arbitrary Execution Vulnerability in Pro-Face GP-Pro EX v4.08 and Earlier Versions Unauthenticated XML POST Request Denial of Service Vulnerability in Modicon M340, Premium, Quantum PLCs and BMXNOR0200 CWE-79 Cross-Site Scripting Vulnerability in TSXETG100 IIoT Monitor 3.1.38 Path Traversal Vulnerability Unrestricted File Upload Vulnerability in IIoT Monitor 3.1.38 Software XML External Entity (XXE) Vulnerability in IIoT Monitor 3.1.38 Software Denial of Service Vulnerability in Modicon M580 CPU and BMENOC Ethernet Module Information Disclosure Vulnerability in IIoT Monitor 3.1.38 Uncontrolled Search Path Element in VideoXpert OpsCenter: DLL Hijacking Vulnerability U.motion Builder Software Version 1.3.4 SQL Injection (CWE-89) Vulnerability Modicon Series: Brute Force Authentication Bypass Vulnerability Uncaught Exception Vulnerability in Modicon Controllers: Denial of Service via Invalid Memory Block Read Modicon PLCs: SNMP Information Exposure via Modbus Memory Reading Modicon Controller Out-of-bounds Read Vulnerability Brute Force Attack Vulnerability on Modicon Controllers CWE-284: Improper Access Control Vulnerability in Modicon Controllers SNMP Information Disclosure Vulnerability in Modicon Controllers Uncaught Exception Vulnerability in Modicon Controllers: Potential Denial of Service Invalid Information Display Vulnerability in Modicon PLCs Denial of Service Vulnerability in Modicon PLCs CWE-248: Uncaught Exception Vulnerability in Modicon PLCs Uncaught Exception Vulnerability in Modicon Controllers: Denial of Service via Invalid Memory Blocks Uncaught Exception Vulnerability in Modicon Controllers: Denial of Service via Invalid Debug Parameters Uncaught Exception Vulnerability in Modicon Controllers: Denial of Service via Invalid Breakpoint Parameters Uncaught Exception Vulnerability in Modicon Controllers: Potential Denial of Service via Invalid Memory Blocks Uncaught Exception Vulnerability in Modicon Controllers: Potential Denial of Service via Out-of-Bounds Variable Writing Denial of Service Vulnerability in QEMU's Cirrus CLGD 54xx VGA Emulator Support Remote Code Execution Vulnerability in D-Link DGS-1510-Series Switches NULL Pointer Dereference Vulnerability in libming 0.4.8 Heap-Based Buffer Overflow in libming 0.4.8's getString Function Leads to Denial of Service Heap-Based Buffer Over-Read Vulnerability in libming 0.4.8's getName Function Memory Leak Vulnerability in libming 0.4.8's dcinit Function Invalid Memory Address Dereference in libming 0.4.8: Denial of Service Vulnerability Heap-Based Buffer Over-Read Vulnerability in libming 0.4.8's getName Function Invalid Memory Address Dereference in libming 0.4.8: Denial of Service Vulnerability Heap-Based Buffer Overflow in libming 0.4.8's getString Function for INTEGER Data Invalid Memory Address Dereference in strlenext in libming 0.4.8: Denial of Service Vulnerability Heap-Based Buffer Over-Read Vulnerability in libming 0.4.8's getString Function Memory Exhaustion Vulnerability in libming 0.4.8's parseSWF_ACTIONRECORD Function Heap-Based Buffer Overflow in libming 0.4.8's getString Function for DOUBLE Data DLL Hijacking Vulnerability in DisplayLink Core Software Cleaner Application Buffer Overflow Vulnerability in CloudMe Sync Client Application Arbitrary Code Execution via Pickle Deserialization in Calibre 3.18 Command Injection Vulnerability in Zoho ManageEngine Applications Manager .NET Remoting Endpoints Vulnerability in Milestone XProtect Video Management Software Stored XSS in CMS Made Simple (CMSMS) 2.2.6 via metadata parameter in admin/moduleinterface.php Reflected XSS Vulnerability in Eramba e1.0.6.033 via advanced_filter Parameter Double Free Vulnerability in Mali Driver of Huawei Berkeley-AL20 and Berkeley-BD Smart Phones Information Leak Vulnerability in Huawei HG Products: Exploiting Device Information Disclosure Remote Control Vulnerability in Huawei ALP-AL00B and BLA-AL00B Smart Phones JSON Injection Vulnerability in Huawei 1288H V5 and 288H V5 with V100R005C00 Software JSON Injection Vulnerability in Huawei 1288H V5 and 288H V5 with V100R005C00 Software JSON Injection Vulnerability in Huawei 1288H V5 and 288H V5 with V100R005C00 Software Denial of Service (DoS) Vulnerability in Huawei Smartphones: Black Screen Exploit Sensitive Information Leak Vulnerability in Huawei Products Authentication Bypass Vulnerability in Huawei Smartphones: Unauthorized Access and Control Factory Reset Protection (FRP) Bypass Vulnerability in Huawei Smart Phones Improper Resource Management Vulnerability in Huawei AR Series Devices Information Leak Vulnerability in Huawei B315s-22 (Software Version 21.318.01.00.26) Allows Unauthorized Access to Device Information Insufficient Input Validation Vulnerability in Huawei ALP-L09 Smart Phones Insufficient Input Validation Vulnerability in Huawei ALP-L09 Smart Phones Information Leak Vulnerability in Anne-AL00 Huawei Phones Lock-Screen Bypass Vulnerability in Huawei Smartphones Emily-AL00A Improper Authorization Vulnerability in Huawei Watch 2 Factory Reset Protection (FRP) Bypass Vulnerability in MyCloud APP on Huawei Smartphones Lock-Screen Bypass Vulnerability in Huawei Mate RS Smartphones Information Leak Vulnerability in Huawei Mate 9 NFC Module Whitelist Mechanism Bypass Vulnerability in Huawei AppGallery Arbitrary Javascript Execution Vulnerability in Huawei AppGallery Path Traversal Vulnerability in Huawei Home Gateway Products: Arbitrary Code Execution and Privilege Escalation Denial of Service (DoS) Vulnerability in Huawei Mobile Phones with Versions Before BLA-L29 8.0.0.145(C432) Denial of Service Vulnerability in E5573Cs-322 (21.328.01.00.00) Factory Reset Protection (FRP) Bypass Vulnerability in Mate 10 Pro Huawei Smartphones Plug-in Signature Bypass Vulnerability in Huawei HiRouter-CD20-10 and WS5200-10 Information Leak Vulnerability in P10 Huawei Smartphones (Versions before Victoria-AL00AC00B217) Factory Reset Protection (FRP) Bypass Vulnerability in Huawei Smart Phones Authentication Bypass Vulnerability in Huawei Mate 10 and Mate 10 Pro Smartphones Authentication Bypass Vulnerability in Huawei iBMC V200R002C60 Authentication Bypass Vulnerability in Huawei iBMC Servers Huawei Server Authentication Bypass Vulnerability Factory Reset Protection (FRP) Bypass Vulnerability in Huawei Smart Phones Emily-AL00A Information Leak Vulnerability in Huawei Smartphones: Exploiting Improper Design for Data Leakage Authentication Bypass Vulnerability in Huawei Mobile Phones Privilege Escalation Vulnerability in Huawei iBMC Servers: Unauthorized Password Access and Modification Huawei Server iBMC JSON Injection Vulnerability Huawei Server iBMC JSON Injection Vulnerability Bruteforce Vulnerability in Huawei VIP App Exposes User Information Information Leakage Vulnerability in Huawei Smartphones: Unauthorized Location Access via Phone State Authorization Anonymous TLS Cipher Suites Vulnerability in Huawei eSpace Product Huawei eSpace Product: SRTP Man-in-the-Middle Vulnerability Huawei eSpace Product SRTP Icon Display Vulnerability Smart SMS Verification Code Vulnerability in Huawei Smart Phones Stored Cross-Site Scripting (XSS) Vulnerability in Huawei eSpace Desktop V300R001C00 and V300R001C50 Title: Information Leakage Vulnerability in Huawei Products: Exploiting Insufficient Communication Protection Out-of-Bounds Write Vulnerability on Huawei P20 Smartphones: Denial of Service Exploit Factory Reset Protection (FRP) Bypass Vulnerability Allows Unauthorized Access to Smartphones Improper Authentication Vulnerability in Huawei Mate 10 Pro Smartphones FRP Bypass Vulnerability in Huawei Mate10 Pro Smartphones Factory Reset Protection (FRP) Bypass Vulnerability in Huawei Mate10 Smartphones Buffer Overflow Vulnerability in Huawei MediaPad M3, Mate 9 Pro, and P10 Plus Use After Free Vulnerability in HUAWEI Mate 10 Smartphones Memory Leak Vulnerability in Huawei Products Race condition vulnerability in store_int_with_restart() function in Linux kernel through version 4.15.7 allows local users to cause denial of service (panic) Stored XSS Vulnerability in Eramba e1.0.6.033 via /programScopes Description Parameter Reflected XSS Vulnerability in Eramba e1.0.6.033 CSV File Inclusion Tab NULL function pointer dereference vulnerability in libvips before 8.6.3 NULL Pointer Dereference Vulnerability in libgraphite2 1.3.11's Segment.cpp Heap-based Buffer Overflow in PoDoFo::PdfTokenizer::GetNextToken() in PdfTokenizer.cpp Heap-based Buffer Over-read Vulnerability in PoDoFo 0.9.5's UnescapeName() in PdfName.cpp Infinite Loop Vulnerability in PoDoFo 0.9.5's PdfParserObject::ParseFileComplete() Allows for Denial-of-Service Attacks Directory Traversal Vulnerability in Apache Ambari Allows Unauthorized File Access HTTP Smuggling and Cache Poisoning Vulnerabilities in Apache Traffic Server Apache Traffic Server (ATS) Multiple Range Request Vulnerability Cross-Site Scripting Vulnerability in Apache ActiveMQ Administration Console Privilege Escalation and Remote Code Execution in Apache CouchDB Arbitrary File Write Vulnerability in Apache Storm Zip Slip Vulnerability in Apache Hadoop 3.1.0 and Earlier Versions Apache Solr XML External Entity Expansion (XXE) and XInclude Vulnerability Null Pointer Dereference DoS Vulnerability in mod_md Challenge Handler Unauthenticated Server Join Vulnerability in Apache ZooKeeper Apache Batik 1.x Deserialization Remote Code Execution Vulnerability Insecure Default CORS Filter Settings in Apache Tomcat Endless Recursive Function Call Vulnerability in Apache ORC File Parser Unauthenticated Remote Code Execution via JMX/RMI in Apache Cassandra Infinite Loop Vulnerability in Apache Tika's IptcAnpaParser Arbitrary Code Execution via Apache Ignite Serialization Vulnerability Incorrect Handling of Invalid OCSP Responses in Apache Tomcat Native Apache Tomcat Native OCSP Pre-Produced Responses Authentication Bypass Vulnerability Remote Code Execution Vulnerability in Superset Versions Prior to 0.23 Invalid TLS Handshake Vulnerability in Apache Traffic Server (ATS) 6.2.2 Timing Attack Vulnerability in Apache Mesos JWT Implementation Apache Spark UI Cross-Site Scripting (XSS) Vulnerability Race-condition vulnerability in Apache HBase Thrift 1 API Server over HTTP (CVE-2018-8025) Apache Solr XML External Entity Expansion (XXE) and XInclude Vulnerability Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core XXE in XSD Validation Processor Vulnerability Unauthenticated Access and Data Manipulation Vulnerability in Apache Sentry Privilege Escalation Vulnerability in Apache Hadoop Denial of Service Vulnerability in Apache Qpid Broker-J Versions 7.0.0-7.0.4 Apache TomEE Console (tomee-webapp) XSS Vulnerability Cross-Site Scripting (XSS) Vulnerability in Apache Axis 1.x up to and including 1.4 Default Servlet/Services External Entity (XXE) Injection in Apache OFBiz HTTP Engine Missing Host Name Verification in TLS with WebSocket Client Unfiltered User Input Execution in Apache UIMA DUCC (<= 2.2.2) Apache PDFBox AFMParser Out of Memory Vulnerability Race condition vulnerability in Apache Tomcat 9.0.0.M9 to 9.0.9 and 8.5.5 to 8.5.31 XML External Entity (XXE) Injection in Apache CXF Fediz Improper Exception Handling in Apache CXF Allows Man-in-the-Middle Attacks ESI Plugin Cookie Header Access Vulnerability Apache Camel Mail Path Traversal Vulnerability Exposure of Passwords in Apache Ambari Agent Log Messages Unimac MDIO Probe Function Null Pointer Dereference Vulnerability Vulnerability: Incorrect Access Control in K7Antivirus Premium 15.1.0.53 SQL Injection Vulnerability in Joomla! User Notes List View Unsanitized getTip() Method of Action Columns in Sencha Ext JS 4 to 6 before 6.6.0 Allows XSS Attacks Reflected Cross-Site Scripting (XSS) Vulnerability in vtiger CRM 7.0.1 Loofah Gem 2.2.0: HTML Attribute Whitelisting Bypass Vulnerability Denial of Service Vulnerability in Unisys Stealth SVG Denial of Service Vulnerability in af_get_page() Function in AFFLIB Physical Path Leakage in Western Bridge Cobub Razor 0.8.0 via Invalid Channel Name Parameter SQL Injection Vulnerability in Western Bridge Cobub Razor 0.8.0 XSS Vulnerability in CMS Made Simple (CMSMS) 2.2.6 via pagedata Parameter Missing SSL Certificate Validation in NGINX Configuration Examples for SUSE Portus 2.3 with Docker Compose Null Pointer Dereference Vulnerability in HWiNFO AMD64 Kernel Driver Vulnerability: Unprivileged User Can Perform Direct Physical Memory Read/Write in HWiNFO AMD64 Kernel Driver Cross-Site Scripting (XSS) Vulnerability in Comtrend AR-5387un Devices with A731-410JAZ-C04_R02.A2pD035g.d23i Firmware User Mode Write Access Violation in Flexense SyncBreeze Enterprise 10.6.24 Web Server XSS Vulnerability in QCMS Version 3.0 via webname Parameter XSS Vulnerability in QCMS Version 3.0 via /guest/index.html URI Stored XSS Vulnerability in Mautic Theme Config File Stack-based Buffer Overflow in EDIMAX IP Cameras Remote Code Execution in Yii 2.x via Redis Extension (CVE-2018-7269 variant) Unintended Search Condition Injection in Yii 2.x before 2.0.15 Type Confusion Vulnerability in ZenMate 1.5.4 for macOS Stored XSS Vulnerability in YzmCMS 3.7 via advertisement/adver/edit.html Title Parameter Linux Kernel Memory Leak Vulnerability in hwsim_new_radio_nl Function Remote Code Execution Vulnerability in org.slf4j.ext.EventData in SLF4J Insecure Library Loading Vulnerability in Quick Heal Security Software CSV Injection Vulnerability in Mautic before 2.13.0 Authentication Bypass Vulnerability in Datalust Seq before 4.2.605 Arbitrary Code Execution via Code Injection in Eve (pyeve) before 0.7.5 Integer Overflow in libgit2: Denial of Service via Crafted Repository Index File Double Free Vulnerability in libgit2: Denial of Service via Crafted Repository Index File Heap-based Buffer Overflow in JPXStream::readTilePart Function in xpdf 4.00 Denial of Service Vulnerability in xpdf 4.00 via JPXStream::inverseTransformLevel Function Denial of Service Vulnerability in xpdf 4.00 via JBIG2Stream.cc Denial of Service Vulnerability in xpdf 4.00 via JBIG2Stream::readGenericBitmap Function Heap-based Buffer Over-read Vulnerability in xpdf 4.00's BufStream::lookChar Function Denial of Service Vulnerability in xpdf 4.00 via JPXStream::fillReadBuf Function Denial of Service Vulnerability in xpdf 4.00 via JPXStream::readTilePartData Function Denial of Service Vulnerability in xpdf 4.00 via JPXStream::close Function XSS Vulnerability in Bui's Select Component Microsoft Edge Remote Code Execution Vulnerability Microsoft Edge Remote Code Execution Vulnerability Cross-Origin Security Bypass Vulnerability in Microsoft Edge Internet Explorer 11 MOTW Bypass Vulnerability Internet Explorer Scripting Engine Memory Corruption Vulnerability Windows Host Compute Service Shim Remote Code Execution Vulnerability Windows Denial of Service Vulnerability in Graphics Component Keystroke Hijacking Vulnerability in Microsoft Wireless Keyboard 850 Internet Explorer Memory Corruption Vulnerability: Remote Code Execution Azure IoT SDK AMQP Spoofing Vulnerability Win32k Elevation of Privilege Vulnerability in Windows Windows Kernel Object Initialization Information Disclosure Vulnerability Internet Explorer Remote Code Execution Vulnerability Microsoft Edge Information Disclosure Vulnerability Win32k Elevation of Privilege Vulnerability in Multiple Windows Versions Microsoft Edge Remote Code Execution via Memory Corruption Vulnerability UMCI Policy Validation Failure in Internet Explorer 11 Windows Kernel Object Memory Handling Vulnerability Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Windows Security Feature Bypass Vulnerability in Device Guard Chakra Scripting Engine Remote Code Execution Vulnerability in Microsoft Edge Windows Security Feature Bypass Vulnerability in Device Guard Chakra Scripting Engine Remote Code Execution Vulnerability in Microsoft Edge Windows Kernel API Elevation of Privilege Vulnerability Windows Object Memory Handling Remote Code Execution Vulnerability Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Cortana Elevation of Privilege Vulnerability in Windows 10 Servers and Windows 10 Windows Kernel Object Memory Handling Vulnerability Kernel Driver Signature Validation Bypass Vulnerability in Windows Chakra Scripting Engine Memory Disclosure Vulnerability Memory Object Handling Vulnerability in Microsoft Excel Allows Remote Code Execution Memory Object Handling Vulnerability in Microsoft Excel Allows Remote Code Execution Microsoft SharePoint Elevation of Privilege Vulnerability Outlook Attachment Block Filter Security Bypass Vulnerability Microsoft Exchange Memory Corruption Vulnerability Microsoft Exchange Server Elevation of Privilege Vulnerability in Outlook Web Access Microsoft Exchange Server Outlook Web Access Spoofing Vulnerability Microsoft Exchange Remote Code Execution Vulnerability Microsoft SharePoint Elevation of Privilege Vulnerability Microsoft SharePoint Elevation of Privilege Vulnerability Microsoft Office Remote Code Execution Vulnerability Microsoft Office Remote Code Execution Vulnerability Microsoft Exchange OWA Elevation of Privilege Vulnerability Outlook Message Opening Vulnerability: Information Disclosure Exploit Microsoft Office Remote Code Execution Vulnerability Memory Object Handling Vulnerability in Microsoft Excel Allows Remote Code Execution Memory Disclosure Vulnerability in Microsoft Excel Win32k Elevation of Privilege Vulnerability in Multiple Windows Versions DirectX Graphics Kernel Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability in Multiple Windows Versions Windows Common Log File System Driver Elevation of Privilege Vulnerability Microsoft SharePoint Elevation of Privilege Vulnerability HIDParser Elevation of Privilege Vulnerability Windows Kernel Image Elevation of Privilege Vulnerability ASP.NET Security Feature Bypass: Unvalidated Incorrect Login Attempts Unbuilt Project Source Markup Remote Code Execution in Visual Studio Memory Object Handling Vulnerability in Microsoft InfoPath VBScript Engine Remote Code Execution Vulnerability in Windows Operating Systems Windows 10 WEBDAV Denial of Service Vulnerability XML Content Validation Failure in Microsoft PowerPoint: Remote Code Execution Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability Microsoft Browser Memory Corruption Vulnerability: Remote Code Execution Exploit Edge Memory Corruption Vulnerability: Remote Code Execution Exploit Device Guard Code Integrity Policy Security Feature Bypass Vulnerability Device Guard Code Integrity Policy Security Feature Bypass Vulnerability .NET Framework Elevation of Privilege Vulnerability Device Guard Code Integrity Policy Security Feature Bypass Vulnerability Windows Memory Object Handling Vulnerability Windows FTP Server Denial of Service Vulnerability Windows Kernel Object Memory Handling Vulnerability Windows Desktop Bridge Elevation of Privilege Vulnerability Windows Wireless Network Profile Information Disclosure Vulnerability Windows Remote Code Execution Vulnerability Device Guard Code Integrity Policy Security Feature Bypass Vulnerability in Windows 10 Servers Device Guard Code Integrity Policy Security Feature Bypass Vulnerability Windows Remote Code Execution Vulnerability in Memory Handling Windows Desktop Bridge Elevation of Privilege Vulnerability Device Guard Code Integrity Policy Security Feature Bypass Vulnerability Device Guard Code Integrity Policy Security Feature Bypass Vulnerability Device Guard Code Integrity Policy Security Feature Bypass Vulnerability Windows Hyper-V Denial of Service Vulnerability Hypervisor Code Integrity Elevation of Privilege Vulnerability Device Guard Code Integrity Policy Security Feature Bypass Vulnerability Device Guard Code Integrity Policy Security Feature Bypass Vulnerability Windows Kernel Elevation of Privilege Vulnerability Windows DNSAPI Remote Code Execution Vulnerability HTTP.sys Denial of Service Vulnerability in HTTP 2.0 Protocol Stack Chakra Scripting Engine Remote Code Execution Vulnerability in Microsoft Edge Chakra Scripting Engine Remote Code Execution Vulnerability in Microsoft Edge HTTP Protocol Stack Remote Code Execution Vulnerability Microsoft Visual Studio Macro Assembler Tampering Vulnerability Win32k Elevation of Privilege Vulnerability in Windows 10 and Windows 10 Servers Microsoft Edge Information Disclosure Vulnerability Cross-Origin Security Bypass Vulnerability in Microsoft Edge Microsoft Edge Remote Code Execution Vulnerability UNC Path Link Security Bypass Vulnerability in Skype for Business and Lync Windows GDI Information Disclosure Vulnerability Scripting Engine Memory Corruption Vulnerability in Internet Explorer ChakraCore Remote Code Execution Vulnerability Outlook Attachment Header Validation Elevation of Privilege Vulnerability Lockdown Bypass Vulnerability in Microsoft Publisher Allows Remote Code Execution Memory Disclosure Vulnerability in Microsoft Excel: Exposing Sensitive Information Microsoft Office Web Apps Server and Office Online Server Elevation of Privilege Vulnerability Excel Remote Code Execution Vulnerability Internet Explorer 11 Remote Code Execution Vulnerability Media Foundation Memory Corruption Vulnerability Microsoft SharePoint Server Elevation of Privilege Vulnerability Lockscreen Browsing Vulnerability in Microsoft Cortana Microsoft SharePoint Elevation of Privilege Vulnerability PowerShell Remote Code Execution Vulnerability .NET Framework Remote Code Execution Vulnerability in Source Markup Validation Microsoft Edge Remote Code Execution via Memory Corruption Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Chakra Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Scripting Engine Memory Corruption Vulnerability in Internet Explorer OData Denial of Service Vulnerability in Microsoft.Data.OData Windows Bowser.sys Memory Object Handling Information Disclosure Vulnerability SQL Server Buffer Overflow Vulnerability: Remote Code Execution Risk Microsoft Edge Remote Code Execution via Memory Corruption Vulnerability Microsoft Edge Remote Code Execution via Memory Corruption Vulnerability Control Flow Guard Bypass Vulnerability in Microsoft Chakra Scripting Engine Microsoft Edge HTML Content Spoofing Vulnerability Microsoft Edge Remote Code Execution via Memory Corruption Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability in Microsoft Edge Memory Object Handling Vulnerability in Microsoft Office Software Win32k Elevation of Privilege Vulnerability in Windows ChakraCore Remote Code Execution Vulnerability .NET Framework Remote Code Injection Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability in Microsoft Edge Scripting Engine Memory Corruption Vulnerability in Microsoft Browsers Scripting Engine Memory Corruption Vulnerability in Microsoft Browsers Microsoft Edge Information Disclosure Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability in Microsoft Edge Scripting Engine Memory Corruption Vulnerability in Microsoft Browsers Redirect Information Disclosure Vulnerability in .NET Core Chakra Scripting Engine Remote Code Execution Vulnerability in Microsoft Edge Internet Explorer Scripting Engine Memory Corruption Vulnerability Microsoft Edge Information Disclosure Vulnerability ChakraCore Remote Code Execution Vulnerability Microsoft SharePoint Server Elevation of Privilege Vulnerability Unvalidated Source Markup in Microsoft SharePoint Allows Remote Code Execution Microsoft Edge Remote Code Execution via Memory Corruption Vulnerability Microsoft Exchange Remote Code Execution Vulnerability Windows DNSAPI Denial of Service Vulnerability Windows Mail Client Information Disclosure Vulnerability Exploiting Command Injection in Microsoft Wireless Display Adapter V2 Software WordPad Embedded OLE Objects Security Bypass Vulnerability Windows Kernel Elevation of Privilege Vulnerability Windows Denial of Service Vulnerability: Memory Object Handling Issue Microsoft Outlook Attachment Tampering Vulnerability Skype for Business and Microsoft Lync Remote Code Execution Vulnerability Memory Object Handling Vulnerability in Microsoft Access Windows Kernel API Elevation of Privilege Vulnerability Windows Elevation of Privilege Vulnerability: Sandbox Escape Microsoft Scripting Engine Information Disclosure Vulnerability Internet Explorer Remote Code Execution Vulnerability in Hyperlink Validation Arithmetic Computation Vulnerability in MSR JavaScript Cryptography Library DNS Global Blocklist Security Feature Bypass Vulnerability Microsoft SharePoint Server Elevation of Privilege Vulnerability Microsoft Edge Information Disclosure Vulnerability Microsoft Edge Information Disclosure Vulnerability Open Source Customization for AD FS XSS Vulnerability PowerShell Editor Services Remote Code Execution Vulnerability Linux On Windows Elevation Of Privilege Vulnerability Windows Kernel Information Disclosure Vulnerability Excel Remote Code Execution Vulnerability Win32k Graphics Remote Code Execution Vulnerability Microsoft Filter Manager Elevation Of Privilege Vulnerability Windows SMB Denial of Service Vulnerability Windows Kernel Information Disclosure Vulnerability Case Sensitivity Security Bypass Vulnerability in Windows Subsystem for Linux Windows Installer Insecure Library Loading Elevation of Privilege Vulnerability AD FS Multi-Factor Authentication Bypass Vulnerability Windows Kernel Object Memory Handling Vulnerability Windows NDIS Buffer Overflow Vulnerability Windows NDIS Buffer Overflow Vulnerability Windows Font Library Remote Code Execution Vulnerability LNK Remote Code Execution Vulnerability in Microsoft Windows LNK Remote Code Execution Vulnerability in Microsoft Windows Windows Kernel Elevation of Privilege Vulnerability in Symbolic Link Parsing Windows Kernel Information Disclosure Vulnerability Microsoft COM for Windows Remote Code Execution Vulnerability Windows PDF Library Remote Code Execution Vulnerability Cross-Frame Interaction Vulnerability in Microsoft Browsers Scripting Engine Memory Corruption Vulnerability in Internet Explorer Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Scripting Engine Memory Corruption Vulnerability in Microsoft Browsers .NET Framework Security Feature Bypass Vulnerability Sandbox Escape: Microsoft Browser Elevation of Privilege Vulnerability Redirect Handling Security Bypass Vulnerability in Microsoft Edge ChakraCore Remote Code Execution Vulnerability .NET Framework Multi-Tenant Information Disclosure Vulnerability Microsoft Edge Fetch API Information Disclosure Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability in Microsoft Edge WebAudio Library Audio Request Handling Vulnerability in Microsoft Edge Scripting Engine Memory Corruption Vulnerability in Internet Explorer Scripting Engine Memory Corruption Vulnerability in Microsoft Browsers Scripting Engine Memory Corruption Vulnerability in Internet Explorer Profile Data Tampering Vulnerability in Microsoft Exchange Server Memory Object Handling Vulnerability in Microsoft Excel Software PowerPoint Remote Code Execution Vulnerability Microsoft Edge Remote Code Execution Vulnerability Uninitialized Variable in Microsoft Office: Memory Disclosure Vulnerability Memory Object Handling Vulnerability in Microsoft Excel Chakra Scripting Engine Remote Code Execution Vulnerability in Microsoft Edge Chakra Scripting Engine Remote Code Execution Vulnerability in Microsoft Edge Memory Disclosure Vulnerability in Microsoft Excel: Exposing Sensitive Information Microsoft Edge HTTP Content Parsing Spoofing Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability Scripting Engine Memory Corruption Vulnerability in Microsoft Browsers Microsoft Edge Remote Code Execution Vulnerability Microsoft Edge HTML Content Spoofing Vulnerability Scripting Engine Memory Corruption Vulnerability in Internet Explorer ChakraCore Remote Code Execution Vulnerability ChakraCore Remote Code Execution Vulnerability Microsoft JET Database Engine Remote Code Execution Vulnerability Microsoft JET Database Engine Buffer Overflow Remote Code Execution Vulnerability Windows GDI Memory Disclosure Vulnerability Windows GDI Memory Disclosure Vulnerability GDI+ Remote Code Execution Vulnerability in Windows Server 2008, Windows 7, and Windows Server 2008 R2 Windows GDI Memory Disclosure Vulnerability Win32k Elevation of Privilege Vulnerability in Windows 10 Servers DirectX Graphics Kernel Elevation of Privilege Vulnerability in Windows 10 Servers DXGKRNL Elevation of Privilege Vulnerability in Windows Memory Corruption Vulnerability in Microsoft Browsers: Remote Code Execution Win32k Elevation of Privilege Vulnerability in Multiple Windows Versions DirectX Graphics Kernel Elevation of Privilege Vulnerability DXGKRNL Elevation of Privilege Vulnerability in Windows MSRPC Information Disclosure Vulnerability in Windows Operating Systems Windows Kernel Information Disclosure Vulnerability System.IO.Pipelines Denial of Service Vulnerability in .NET Core 2.1 and ASP.NET Core 2.1 Windows Kernel API Registry Object Handling Elevation of Privilege Vulnerability NTFS Access Control Vulnerability Microsoft AutoUpdate (MAU) Office Elevation of Privilege Vulnerability Windows Theme API Remote Code Execution Vulnerability Windows Shell Path Validation Remote Code Execution Vulnerability Unlogged Code Execution Vulnerability in Microsoft PowerShell .NET Core Tampering Vulnerability in File Handling Device Guard Bypass Vulnerability in Microsoft JScript Windows Kernel Information Disclosure Vulnerability MS XML Remote Code Execution Vulnerability .NET Framework Remote Code Execution Vulnerability Windows GDI Memory Disclosure Vulnerability JET Database Engine Remote Code Execution Vulnerability Windows GDI Information Disclosure Vulnerability Microsoft Edge HTML Content Spoofing Vulnerability Microsoft Office SharePoint XSS Vulnerability Microsoft Graphics Components Information Disclosure Vulnerability Microsoft SharePoint Server Elevation of Privilege Vulnerability Memory Disclosure Vulnerability in Microsoft Excel: Exposing Sensitive Information Word PDF Remote Code Execution Vulnerability Microsoft SharePoint Elevation of Privilege Vulnerability Microsoft Graphics Components Remote Code Execution Vulnerability Windows Graphics Component Information Disclosure Vulnerability Windows Hyper-V Information Disclosure Vulnerability Windows Hyper-V BIOS Loader High-Entropy Source Security Bypass Vulnerability Windows Hyper-V Denial of Service Vulnerability Windows Hyper-V Denial of Service Vulnerability Windows Hyper-V Network Switch Denial of Service Vulnerability Windows Hyper-V Remote Code Execution Vulnerability Windows ALPC Elevation of Privilege Vulnerability Windows Subsystem for Linux Integer Overflow Elevation of Privilege Vulnerability Windows Kernel Information Disclosure Vulnerability Windows Kernel Object Memory Handling Vulnerability Windows SMBv2 Information Disclosure Vulnerability Windows Kernel Information Disclosure Vulnerability in Windows 10 and Windows 10 Servers Windows Kernel Information Disclosure Vulnerability Internet Explorer Memory Corruption Remote Code Execution Vulnerability Microsoft Exchange Server Elevation of Privilege Vulnerability in Outlook Web Access Device Guard Security Feature Bypass Vulnerability Windows Search Remote Code Execution Vulnerability Scripting Engine Information Disclosure Vulnerability in Microsoft Browsers Win32k Elevation of Privilege Vulnerability in Multiple Windows Versions Windows Audio Service Information Disclosure Vulnerability Windows Kernel Object Memory Handling Elevation of Privilege Vulnerability ChakraCore Scripting Engine Memory Corruption Vulnerability Scripting Engine Memory Corruption Vulnerability in Microsoft Browsers ChakraCore Scripting Engine Memory Corruption Vulnerability Internet Explorer 11 Remote Code Execution Vulnerability Internet Explorer Remote Code Execution Vulnerability DirectX Graphics Kernel Elevation of Privilege Vulnerability Escape from AppContainer Sandbox: Microsoft Edge Elevation of Privilege Vulnerability Edge PDF Reader Remote Code Execution Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability in Microsoft Edge Chakra Scripting Engine Remote Code Execution Vulnerability in Microsoft Edge Chakra Scripting Engine Remote Code Execution Vulnerability in Microsoft Edge Sandbox Escape: Windows Elevation of Privilege Vulnerability Escape from AppContainer Sandbox: Microsoft Edge Elevation of Privilege Vulnerability Universal Cross-Site Scripting (UXSS) Vulnerability in Internet Explorer 11 Microsoft RemoteFX Virtual GPU Miniport Driver Elevation of Privilege Vulnerability Windows GDI Information Disclosure Vulnerability Microsoft Edge Remote Code Execution via Memory Corruption Vulnerability Security Feature Bypass Vulnerability in Lync for Mac 2011 Windows Image File Remote Code Execution Vulnerability Windows Deployment Services TFTP Server Remote Code Execution Vulnerability Windows Kernel Information Disclosure Vulnerability Azure IoT Device Provisioning C SDK Spoofing Vulnerability Microsoft SharePoint Elevation of Privilege Vulnerability Windows Media Player File Information Disclosure Vulnerability Windows Media Player File Information Disclosure Vulnerability DirectX Graphics Kernel Elevation of Privilege Vulnerability DirectX Elevation of Privilege Vulnerability in Multiple Windows Versions DirectX Information Disclosure Vulnerability Microsoft SharePoint Elevation of Privilege Vulnerability Windows Hyper-V Remote Code Execution Vulnerability Windows Hyper-V Remote Code Execution Vulnerability Internet Explorer Remote Code Execution Vulnerability Device Guard Code Integrity Policy Security Feature Bypass Vulnerability Fragmented IP Packet Information Disclosure Vulnerability in Windows TCP/IP Stack MS XML Remote Code Execution Vulnerability Windows Shell URI Handling Remote Code Execution Vulnerability Windows Kernel Elevation of Privilege Vulnerability Microsoft SharePoint Elevation of Privilege Vulnerability ChakraCore Scripting Engine Memory Corruption Vulnerability Protected View Object Handling Remote Code Execution Vulnerability in Microsoft PowerPoint Protected View Object Handling Remote Code Execution Vulnerability in Microsoft Excel Chakra Scripting Engine Remote Code Execution Vulnerability in Microsoft Edge Protected View Object Handling Remote Code Execution Vulnerability in Microsoft Word Chakra Scripting Engine Remote Code Execution Vulnerability in Microsoft Edge Windows Codecs Library Information Disclosure Vulnerability Microsoft Edge Remote Code Execution Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability in Microsoft Edge Chakra Scripting Engine Remote Code Execution Vulnerability in Microsoft Edge Microsoft Edge Content Security Policy Bypass Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability in Microsoft Edge Remote Procedure Call Runtime Information Disclosure Vulnerability .NET Framework Denial of Service Vulnerability Microsoft SharePoint Elevation of Privilege Vulnerability Outlook Remote Code Execution Vulnerability Outlook Remote Code Execution Vulnerability SQL Server Management Studio XEL File Information Disclosure Vulnerability Unsecured Communication in Team Foundation Server Allows Remote Code Execution Cross-Origin Security Feature Bypass in Microsoft Edge Memory Corruption Vulnerability in Azure IoT Hub Device Client SDK XML External Entity (XXE) Vulnerability in Microsoft SQL Server Management Studio XML External Entity (XXE) Vulnerability in Microsoft SQL Server Management Studio Memory Object Handling Vulnerability in Microsoft Word Software .NET Framework Remote Code Injection Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability in Microsoft Edge Chakra Scripting Engine Remote Code Execution Vulnerability in Microsoft Edge Chakra Scripting Engine Remote Code Execution Vulnerability in Microsoft Edge VBScript Engine Remote Code Execution Vulnerability in Windows Operating Systems Cross-Origin Information Disclosure Vulnerability in Microsoft Edge Skype for Business Denial of Service Vulnerability Active Directory Federation Services XSS Vulnerability Kernel Driver Signature Validation Bypass Vulnerability in Windows Windows COM Aggregate Marshaler Elevation of Privilege Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability in Microsoft Edge Windows Scripting Engine Memory Disclosure Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Graphics Components DirectX Elevation of Privilege Vulnerability in Windows 10 Servers, Windows 10, and Windows Server 2019 Chakra Scripting Engine Remote Code Execution Vulnerability in Microsoft Edge Chakra Scripting Engine Remote Code Execution Vulnerability in Microsoft Edge Chakra Scripting Engine Remote Code Execution Vulnerability in Microsoft Edge Microsoft Outlook Information Disclosure Vulnerability DirectX Elevation of Privilege Vulnerability in Multiple Windows Versions Win32k Elevation of Privilege Vulnerability in Multiple Windows Versions DirectX Information Disclosure Vulnerability in Multiple Windows Versions Microsoft Edge HTML Content Spoofing Vulnerability Win32k Kernel Information Disclosure Vulnerability BitLocker Security Feature Bypass Vulnerability in Windows Cross-Domain Information Injection Vulnerability in Microsoft Edge Microsoft SharePoint Elevation of Privilege Vulnerability Yammer Desktop App Arbitrary Content Loading Remote Code Execution Vulnerability Internet Explorer 11 Remote Code Execution Vulnerability Microsoft SharePoint Elevation of Privilege Vulnerability Object Memory Handling Vulnerability in Microsoft Word Excel Remote Code Execution Vulnerability Memory Object Handling Vulnerability in Microsoft Project Software Outlook Remote Code Execution Vulnerability Microsoft Excel Remote Code Execution Vulnerability Microsoft SharePoint Folder Structure Information Disclosure Vulnerability Outlook File Attachment Information Disclosure Vulnerability Cross-Site Search Attack Vulnerability in Microsoft SharePoint Server Critical Elevation of Privilege Vulnerability in Microsoft Exchange Server Outlook Rule Export File Remote Code Execution Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability in Microsoft Edge Windows ALPC Elevation of Privilege Vulnerability Outlook Object Memory Handling Remote Code Execution Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability in Microsoft Edge Windows Win32k Elevation of Privilege Vulnerability Windows 10 Elevation of Privilege Vulnerability via Physical Media Installation Windows GDI Information Disclosure Vulnerability Windows GDI Information Disclosure Vulnerability Excel Remote Code Execution Vulnerability Memory Disclosure Vulnerability in Microsoft Excel (CVE-2020-XXXX) Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability Unsanitized User Input in Azure App Services on Azure Stack: Cross-site Scripting (XSS) Vulnerability Team Foundation Server Cross-site Scripting Vulnerability Profile Data Tampering Vulnerability in Microsoft Exchange Server Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability Windows Kernel Elevation of Privilege Vulnerability Connected User Experiences and Telemetry Service Denial of Service Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability in Microsoft Edge Chakra Scripting Engine Remote Code Execution Vulnerability in Microsoft Edge VBScript Execution Policy Bypass in Internet Explorer Windows Kernel Information Disclosure Vulnerability Windows Kernel Information Disclosure Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability in Microsoft Edge VBScript Engine Remote Code Execution Vulnerability in Internet Explorer Windows DNS Server Heap Overflow Vulnerability Uninitialized Variable in Microsoft Excel Leads to Information Disclosure PowerPoint Object Memory Handling Remote Code Execution Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability in Microsoft Edge Internet Explorer Memory Corruption Vulnerability Microsoft Text-To-Speech Remote Code Execution Vulnerability Microsoft SharePoint Server Elevation of Privilege Vulnerability Excel Remote Code Execution Vulnerability Win32k KASLR Bypass Vulnerability in Windows Kernel DirectX Information Disclosure Vulnerability in Windows 10 and Windows Server 2019 Win32k Elevation of Privilege Vulnerability in Multiple Windows Versions Win32k Elevation of Privilege Vulnerability in Windows Scripting Engine Memory Corruption Vulnerability in Internet Explorer Windows Denial of Service Vulnerability in Memory Handling Microsoft Office SharePoint XSS Vulnerability Microsoft Dynamics NAV Cross Site Scripting Vulnerability Windows Azure Pack Rollup 13.1 Cross-site Scripting Vulnerability Scripting Engine Memory Corruption Vulnerability in Internet Explorer Microsoft Dynamics 365 Server Elevation of Privilege Vulnerability Remote Code Execution Vulnerability in WooCommerce Products Filter Plugin Local File Inclusion Vulnerability in WooCommerce Products Filter Plugin Webmin Local File Include Vulnerability Arbitrary File Transfer and Information Disclosure in Honeywell MatrikonOPC OPC Controller Authentication Bypass Vulnerability in Embedthis HTTP Library and Appweb XSS Vulnerability in WSO2 Identity Server Dashboard CSRF Vulnerability in joyplus-cms 1.6.0 Allows Unauthorized Administrator Account Creation CSRF Vulnerability in Mailer Plugin for Jenkins Allows Unauthorized Mail Sending Unrestricted Access to WP Security Audit Log Files in WordPress Plugin XSS Vulnerability in ServiceNow ITSM 2016-06-02: First Name/Last Name Field and Search Bar Stored XSS Vulnerability in Zoho ManageEngine EventLog Analyzer 11.0 Build 11000 - index2.do?url=editAlertForm&tab=alert&alert=profile URI Multiple XSS Vulnerabilities in Zoho ManageEngine Desktop Central 9.1.0 Build 91099 Vulnerability: Incorrect Access Control in K7AntiVirus Premium 15.1.0.53 Buffer Overflow Vulnerability in K7AntiVirus Premium 15.01.00.53: Execute Arbitrary Code (Local) Buffer Overflow Vulnerability in K7Antivirus Premium 15.1.0.53: Execute Arbitrary Code (Local) Path Traversal Vulnerability in Mirasys DVMS Workstation 5.12.6 and Earlier Cross-Site Scripting (XSS) Vulnerability in Kontena Master Login Code Display Unescaped Title Cross-Site Scripting (XSS) Vulnerability in Activity Log Plugin for WordPress Arbitrary Web Script Injection Vulnerability in WampServer 3.1.1 Nagios XI Core Config Manager Authentication Bypass Vulnerability Arbitrary SQL Command Execution in Nagios XI Core Config Manager Nagios XI Remote Command Execution (RCE) Vulnerability Root Privilege Escalation via RCE Vulnerability in Nagios XI 5.2.x - 5.4.x Stored XSS Vulnerability in Bookme Control Panel 2.0 Application's Customers Book Me Function Cross-Site Scripting (XSS) Vulnerability in Airties 5444 1.0.0.18 and 5444TT 1.0.0.18 Devices Root Privilege Escalation Vulnerability in VPN Unlimited 4.2.0 for macOS SQLite NULL Pointer Dereference Vulnerability Directory Traversal Vulnerability in SquirrelMail 1.4.22 Allows Unauthorized File Exfiltration Bleichenbacher Attack on IKEv1 Implementation in Clavister cOS Core Out-of-Bounds Data Size Vulnerability in libevt_record_values_read_event() Function Unauthenticated Configuration File Download Vulnerability in NuCom WR644GACV Devices Arbitrary Code Execution via Eval Injection in YzmCMS v3.7.1 Price Modification Vulnerability in Yxcms Building System v1.4.7 XSS Vulnerability in LDAP Account Manager before 6.3 CSRF Token Placement Vulnerability in Roland Gruber Softwareentwicklung LDAP Account Manager Denial of Service and Potential Impact Vulnerability in 2345 Security Guard 3.6 Remote Code Execution Vulnerability in joyplus-cms 1.6.0 via Arbitrary File Upload XSS Vulnerability in joyplus-cms 1.6.0 via manager/admin_ajax.php?action=save&tab={pre}vod_type Jupyter Notebook Vulnerability: Maliciously Forged Notebook Files Exploit JavaScript Execution Buffer Over-read Vulnerability in elfutils 0.170's ebl_dynamic_tag_name Function Physical Path Leakage Vulnerability in Western Bridge Cobub Razor 0.8.0 Cross-Site Scripting (XSS) Vulnerability in Coship RT3052 4.0.0.48 Wireless Setting - Basic Screen WEBrick Server Denial of Service Vulnerability Buffer under-read vulnerability in Ruby's String#unpack method allows for massive information disclosure Null Character Vulnerability in UNIXServer.open and UNIXSocket.open Methods Unintentional Directory Traversal Vulnerability in Ruby's Dir Methods Integer-Overflow Vulnerability in udl_fb_mmap Function Allows Code Execution in Kernel Space Heap-Based Buffer Overflow in FreeRDP's zgfx_decompress_segment() Function Heap-Based Buffer Overflow in FreeRDP's zgfx_decompress() Function Integer Truncation Vulnerability in FreeRDP prior to version 2.0.0-rc4 Integer Overflow leading to Heap-Based Buffer Overflow in FreeRDP's gdi_Bitmap_Decompress() Function Out-of-Bounds Write Vulnerability in FreeRDP's nsc_rle_decode() Function Out-Of-Bounds Reads in FreeRDP NTLM Authentication Module Leading to Denial of Service Local Privilege Escalation in Check Point ZoneAlarm Version 15.3.064.17729 and Below Out-Of-Bounds Read Vulnerability in rdesktop v1.8.3: Information Leak in rdpdr_process() Out-Of-Bounds Read Vulnerability in rdesktop v1.8.3 Heap-Based Buffer Overflow in rdesktop v1.8.3: Potential Remote Code Execution Integer Overflow in rdesktop v1.8.3: Out-Of-Bounds Write Vulnerability with Remote Code Execution Potential Heap-Based Buffer Overflow in rdesktop v1.8.3: Integer Overflow Vulnerability Out-Of-Bounds Read Vulnerability in rdesktop v1.8.3: Denial of Service (segfault) Heap-Based Buffer Overflow in rdesktop v1.8.3: Remote Code Execution Vulnerability Out-Of-Bounds Read Vulnerability in rdesktop v1.8.3: Information Leak in rdpsnd_process_ping() Out-Of-Bounds Read Vulnerability in rdesktop v1.8.3: Denial of Service (segfault) Heap-Based Buffer Overflow in rdesktop v1.8.3: Remote Code Execution Vulnerability SSRF Vulnerability in GitLab Community and Enterprise Editions SQL Injection Vulnerability in ePortal Manager's Management Interface Double Free Vulnerability in ImageMagick 7.0.7-25 Q16 XSS Vulnerability in Yxcms Building System v1.4.7 via extend_guestbook.php Use-after-free vulnerability in libming 0.4.8's decompileArithmeticOp function in decompile.c Use-after-free vulnerability in libming 0.4.8's decompileCALLFUNCTION function in decompile.c Heap-based Buffer Over-read in r_asm_disassemble function of radare2 2.4.0 Heap-based Buffer Over-read in radare2 2.4.0's dalvik_op Function Heap-based Buffer Over-read in get_ivar_list_t function of mach0_classes.c in radare2 2.4.0 OpenCMS 10.5.3 Cross-Site Request Forgery (CSRF) Privilege Escalation Vulnerability Open Redirect Vulnerability in WolfCMS 0.8.3.1 Login Functionality CSRF Vulnerability in WolfCMS 0.8.3.1 Allows Remote Authentication Hijacking Arbitrary Script Injection via SVG Image in Alkacon OpenCMS 10.5.3 Gallery Function CSRF Vulnerability in Wampserver's add_vhost.php XML External Entity (XXE) Vulnerability in Automated Logic Corporation (ALC) WebCTRL Versions 6.0, 6.1, and 6.5 Allows Disclosure of Server File Contents Time Based SQL Injection Vulnerability in Square 9 GlobalForms 6.2.x Denial of Service Vulnerability in Jungo DriverWizard WinDriver 12.6.0 Buffer Overflow in ncp_read_kernel Function in Linux Kernel Arbitrary PHP Code Execution in Responsive Mega Menu Pro Module for PrestaShop SQL Injection Vulnerability in Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro Module Buffer Overflow Vulnerability in Google TensorFlow 1.7 and Below: Arbitrary Code Execution (Local) Remote Code Execution Vulnerability in ASUS RT-Series Routers Unsanitized User Input in Technicolor MediaAccess TG789vac v2 HP Log Viewer Interface Allows for XSS Buffer Overflow Vulnerability in Kamailio Persistent XSS Vulnerability in Kodi (formerly XBMC) 17.6 Allows Arbitrary Code Execution via Playlist XSS Vulnerability in enhavo 0.4.0 via User-Group Name Remote Code Execution via Heap-based Buffer Overflow in Advantech WebAccess HMI Designer 2.1.7.32 and Prior Heap-based Buffer Overflow in Omron CX-One Project Files Remote Code Execution Vulnerability in Advantech WebAccess HMI Designer 2.1.7.32 and Prior Remote Denial-of-Service Vulnerability in Wago 750 Series PLCs Remote Code Execution via Specially Crafted .pm3 Files in Advantech WebAccess HMI Designer 2.1.7.32 and Prior Vulnerability in Message Management Function in Yokogawa CENTUM CS and CENTUM VP Systems Multiple Stack-Based Buffer Overflow Vulnerabilities in Delta PMSoft Versions 2.10 and Prior Remote Code Execution Vulnerability in InduSoft Web Studio and InTouch Machine Edition Improper Privilege Management Vulnerability in Advantech WebAccess Cleartext Transmission Vulnerability in Philips e-Alert Unit Use After Free Vulnerability in Rockwell Automation Arena Simulation Software Insufficient Request Verification in Philips e-Alert Unit (non-medical device) Web Application Heap-Based Buffer Overflow Vulnerability in Advantech WebAccess Cross-Site Scripting (XSS) Vulnerability in Philips e-Alert Unit (non-medical device) Stack-based Buffer Overflow Vulnerability in Eaton 9000X DriveA Versions 2.0.29 and Prior Incorrect Permissions Vulnerability in Philips e-Alert Unit (non-medical device), Version R2.1 and prior Unencrypted Storage of PII and PHI in Medtronic N'Vision Clinician Programmer Input Validation Vulnerability in Philips e-Alert Unit (non-medical device) Version R2.1 and Prior Plaintext Password Storage Vulnerability in Echelon SmartServer and i.LON Devices Session Hijacking Vulnerability in Philips e-Alert Unit (non-medical device) Version R2.1 and Prior Elevated Privileges and Unauthorized Resource Access in Philips Brilliance CT Devices Resource Consumption Vulnerability in Philips e-Alert Unit (non-medical device), Version R2.1 and prior Unencrypted Web Connections and Unsecure FTP in Echelon SmartServer and i.LON Devices Hard-coded Cryptographic Key Vulnerability in Philips e-Alert Unit (non-medical device) Fixed Credentials Vulnerability in Philips Brilliance CT Software Firmware Vulnerability: Credential Extraction in VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662) Authentication Bypass Vulnerability in Echelon SmartServer and i.LON Devices Firmware Update Capture Vulnerability in Vecna VGo Robot Versions Prior to 3.0.3.52164 Break-out and Privilege Escalation Vulnerabilities in Philips Brilliance CT Kiosk Environment Remote Triggering of False Alarms in ATI Systems Emergency Mass Notification Systems Potential Information Disclosure Vulnerability in Philips EncoreAnywhere HTTP Header Remote Triggering of False Alarms in ATI Systems Emergency Mass Notification Systems Stack-based Buffer Overflow Vulnerability in Lantech IDS 2102 2.0 and Prior Command Injection Vulnerability in Vecna VGo Robot Versions Prior to 3.0.3.52164 Remote Denial of Service Vulnerability in GE PACSystems Devices Debug Code Allows Unauthorized Access to Implantable Cardiac Devices Arbitrary Input Vulnerability in Lantech IDS 2102 2.0 and Prior Hard-coded Operating System Password in Medtronic MyCareLink Patient Monitor Heap-based Buffer Overflow Vulnerability in Delta Electronics Automation TPEditor Version 1.89 or Prior Memory Address Verification Bypass Vulnerability in Schneider Electric Triconex Tricon MP Model 3008 Firmware Versions 10.0-10.4 Denial of Service and Potential Impact in 2345 Security Guard 3.6 Denial of Service and Potential Impact Vulnerability in 2345 Security Guard 3.6 Denial of Service and Potential Impact Vulnerability in 2345 Security Guard 3.6 Denial of Service and Potential Impact Vulnerability in 2345 Security Guard 3.6 Remote Information Disclosure in Asuswrt-Merlin and ASUS Firmware Remote Information Disclosure in Asuswrt-Merlin and ASUS Firmware Remote Code Execution Vulnerability in Asuswrt-Merlin Firmware for ASUS Devices Lutron Quantum BACnet Integration 2.0 Firmware 3.2.243 - User Authentication Bypass and Internal Network Information Disclosure Vulnerability Heap-Based Buffer Over-Read Vulnerability in NASM 2.13.02rc2 Stack-Based Buffer Under-Read Vulnerability in NASM 2.13.02rc2's ieee_shr Function Buffer Over-read Vulnerability in NASM 2.13.02rc2's parse_line Function Race condition vulnerability in screen-resolution-extra 0.17.2 allows local users to bypass access restrictions via mishandling of a setuid or pkexec process in the PolicyKit D-Bus API. Stored Cross-Site Scripting (XSS) Vulnerability in BlackBerry UEM Management Console Arbitrary File Retrieval Vulnerability in BlackBerry Enterprise Mobility Server (BEMS) Session hijacking vulnerability in BlackBerry UEM Management Console Stored Cross-Site Scripting (XSS) Vulnerabilities in BlackBerry UEM Management Console CSRF Vulnerability in BlackBerry UEM Management Console CSRF Vulnerability in Z-BlogPHP 1.5.1 Plugin Edit Allows Arbitrary PHP Code Execution Denial of Service and Potential Impact Vulnerability in 2345 Security Guard 3.6 Denial of Service and Potential Impact Vulnerability in 2345 Security Guard 3.6 Denial of Service and Potential Impact Vulnerability in 2345 Security Guard 3.6 Vulnerability: Unexpected Behavior in #DB Exceptions Deferred by MOV SS or POP SS Instructions Authentication Bypass Vulnerability in D-Link DSL-3782 Router Login Panel XSS Vulnerability in IdentityServer IdentityServer4 1.x and 2.x Cross-Site Scripting (XSS) Vulnerability in License Manager Service of HASP SRM, Sentinel HASP, and Sentinel LDK Products LDAP Password Disclosure Vulnerability in Ivanti Avalanche Shared Key Encryption Vulnerability in Ivanti Avalanche Cross-Site Scripting (XSS) Vulnerability in Open-AudIT Professional 2.1 Credentials Screen Denial of Service Vulnerability in Windows Master 7.99.13.604 Heap-based Buffer Overflow in LibTIFF 4.0.9 via Crafted TIFF File XSS Vulnerability in dsmall v20180320 via Crafted Street Address CSRF Vulnerability in Frog CMS 0.9.5 User Add Functionality Arbitrary File Write Vulnerability in Wire Application for Android (CVE-XXXX-XXXX) Cross-Site Scripting (XSS) Vulnerability in Synology Drive Attachment Preview XSS Vulnerability in Synology Note Station Attachment Preview Arbitrary Code Injection via SYNO.NoteStation.Note in Synology Note Station Missing Custom Error Page Vulnerability in Synology Web Station SQL Injection Vulnerability in Synology Media Server UPnP DMA Arbitrary Code Injection via Title Parameter in Synology Calendar Unverified Password Change Vulnerability in Synology DiskStation Manager (DSM) Arbitrary Web Script Injection Vulnerability in Synology DiskStation Manager (DSM) Arbitrary Web Script Injection in Synology Router Manager (SRM) info.cgi Credential Theft Vulnerability in Synology DiskStation Manager (DSM) before 6.1.6-15266 Arbitrary Content Injection Vulnerability in Log Exporter in Synology DiskStation Manager (DSM) Arbitrary Code Injection through File Name in Synology Drive's File Sharing Notify Toast Improper Access Control Vulnerability in Synology Drive XSS Vulnerability in Synology File Station Attachment Preview Cross-site scripting (XSS) vulnerability in Synology Office Title Tooltip CSRF Vulnerability in Synology Photo Station Allows Authentication Hijacking Permissive Regular Expression Vulnerability in Synology Photo Station Allows Privilege Escalation via fullname Parameter Arbitrary Event Creation Vulnerability in SYNO.Cal.Event Arbitrary Script Injection in Synology CardDAV Server Address Book Editor Man-in-the-Middle Vulnerability in Synology SSL VPN Client MASTERKEY-1, MASTERKEY-2, and MASTERKEY-3: Insufficient Hardware Validated Boot Enforcement in AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile Processor Chips RYZENFALL-1: Insufficient Access Control in AMD Ryzen Processor Chips RYZENFALL: Insufficient Access Control Vulnerability in AMD Ryzen and Ryzen Pro Processor Chips FALLOUT: Insufficient Access Control in AMD EPYC Server Processor Chips CHIMERA-FW: The Hidden Backdoor in AMD Ryzen and Ryzen Pro Platforms CHIMERA-HW: The Hidden Backdoor in AMD Ryzen and Ryzen Pro Platforms Critical Privilege Escalation Vulnerability Found in AMD EPYC, Ryzen, and Ryzen Pro Processors Open-AudIT Professional 2.1 Open Redirect Vulnerability Code Injection Vulnerability in Ipswitch WhatsUp Gold SSRF Vulnerability in Ipswitch WhatsUp Gold Allows Unauthorized Access and Remote Command Execution XML External Entity (XXE) Vulnerability in Enghouse Cloud Contact Center Platform 7.2.5 Buffer Overflow Vulnerability in D-Link DSL-3782 Diagnostics Functionality XSS Vulnerability in Xiuno BBS 4.0.0 Admin Page's Sitename Parameter PHPSHE 1.6 Userbank Parameter SQL Injection Vulnerability Arbitrary File Upload Vulnerability in PHPOK 4.8.338 Denial of Service Vulnerability in BFD Library's bfd_section_from_shdr Function Base64 Encoding Vulnerability in rap2hpoutre Laravel Log Viewer Multiple XSS Vulnerabilities in MISP before 2.4.89 via Malicious MISP Module Critical API Integrity Bug in MISP Allows Unauthorized Attribute Deletion SQL Injection Vulnerability in CA Workload Automation AE Remote Code Execution Vulnerability in CA Workload Control Center Arbitrary Code Execution via Filename Manipulation in BitDefender GravityZone Installer Broadcast Client Clock Synchronization Vulnerability in ntpd 4.2.8p10-4.2.8p13 XSS Vulnerability in CoverCMS v1.1.6 via index.php and admina/mconfigs.inc.php Heap-based Buffer Over-read in ReadTIFFImage function of ImageMagick 7.0.7-26 Q16 Use-after-free vulnerability in libming 0.4.8's decompilePUSHPARAM function in decompile.c Use-after-free vulnerability in libming 0.4.8 allows remote attackers to cause denial of service via crafted swf file in decompileSingleArgBuiltInFunctionCall function of decompile.c. Use-after-free vulnerability in libming 0.4.8's decompileGETVARIABLE function in decompile.c Use-after-free vulnerability in libming 0.4.8's decompileDELETE function in decompile.c Arbitrary File Deletion Vulnerability in zzcms 8.2 PHP Code Injection Vulnerability in zzcms 8.2 via siteurl Parameter SQL Injection Vulnerability in zzcms 8.2 via adv2.php?action=modify Directory Traversal Vulnerability in zzcms 8.2 Allows Arbitrary File Deletion Directory Traversal Vulnerability in zzcms 8.2 Allows Arbitrary File Deletion Silent Omission of Hostname Verification in LibreSSL 2.7.0 Incorrect Omniauth-Auth0 Configuration in GitLab Leading to Unauthorized User Sign-In CSRF Vulnerability in Creditwest Bank CMS Project (CWCMS) Allows Remote Code Injection XSS Vulnerability in OTCMS 3.20 via admin/keyWord_deal.php?mudi=add Endpoint Code Injection Vulnerability in MicrobeTRACE 0.1.11 Allows Remote Code Execution Heap-based Buffer Over-read in Netpbm's pm_mallocarray2 Function Exiv2 0.26 Denial of Service Vulnerability in jpgimage.cpp Denial of Service Vulnerability in Exiv2 0.26 XSS Vulnerability in Open-AudIT Professional 2.1 via Crafted IMG SRC Attribute CSRF and XSS Vulnerabilities in Open-AudIT Professional 2.1 Denial of Service Vulnerability in Windows Master 7.99.13.604 Denial of Service Vulnerability in Windows Master 7.99.13.604 Denial of Service Vulnerability in Windows Master 7.99.13.604 Denial of Service Vulnerability in Windows Master 7.99.13.604 Denial of Service Vulnerability in Windows Master 7.99.13.604 Denial of Service Vulnerability in Windows Master 7.99.13.604 Denial of Service Vulnerability in Windows Master 7.99.13.604 Denial of Service Vulnerability in Windows Master 7.99.13.604 Denial of Service Vulnerability in Windows Master 7.99.13.604 Denial of Service Vulnerability in Windows Master 7.99.13.604 Denial of Service Vulnerability in Advanced SystemCare Ultimate 11.0.1.58 Denial of Service Vulnerability in Advanced SystemCare Ultimate 11.0.1.58 Denial of Service and Potential Impact Vulnerability in Advanced SystemCare Ultimate 11.0.1.58 Denial of Service Vulnerability in Advanced SystemCare Ultimate 11.0.1.58 Denial of Service Vulnerability in Advanced SystemCare Ultimate 11.0.1.58 Denial of Service Vulnerability in Advanced SystemCare Ultimate 11.0.1.58 Denial of Service Vulnerability in Advanced SystemCare Ultimate 11.0.1.58 Denial of Service Vulnerability in Advanced SystemCare Ultimate 11.0.1.58 Denial of Service Vulnerability in Advanced SystemCare Ultimate 11.0.1.58 Denial of Service Vulnerability in Advanced SystemCare Ultimate 11.0.1.58 Use-after-free vulnerability in libming 0.4.8's decompileJUMP function in decompile.c Absolute Path Traversal Vulnerability in Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 Physical Path Leakage in dsmall v20180320 via public/index.php/home/predeposit/index.html?pdr_sn= Request XSS Vulnerability in dsmall v20180320 via pdr_sn Parameter Cross-Site Scripting (XSS) Vulnerability in dsmall v20180320 via Public Home Page Search Box XSS Vulnerability in dsmall v20180320: Member Search Box at public/index.php/home/membersnsfriend/findlist.html URI Divide-by-Zero Vulnerability in GraphicsMagick 1.3.28's ReadMNGImage Function SQL Injection Vulnerability in Dolibarr before Version 7.0.2: Remote Code Execution via sortfield Parameter Cross-Site Scripting (XSS) Vulnerability in Events Manager Plugin for WordPress CA Privileged Access Manager 2.8.2 and Earlier: Remote Command Execution Vulnerability CA Privileged Access Manager 2.8.2 and Earlier: Remote Code Execution via Configuration File Poisoning Arbitrary Command Execution Vulnerability in CA Privileged Access Manager 2.x IP Address Spoofing Vulnerability in CA Privileged Access Manager 2.x Remote Log Poisoning Vulnerability in CA Privileged Access Manager 2.x Session Fixation Vulnerability in CA Privileged Access Manager 2.x Reflected Cross-Site Scripting Vulnerability in CA Privileged Access Manager 2.x Weak Cryptography for Passwords in CA Privileged Access Manager 2.x: A Breach Waiting to Happen SQL Injection Vulnerability in CA Privileged Access Manager 2.x Client-side Password Disclosure Vulnerability in TNLSoftSolutions Sentry Vision 3.x Login Interface Authentication Bypass Vulnerability in D-Link DIR-850L Router Allows SharePort Web Access Portal Bypass Arbitrary JavaScript Injection Vulnerability in Relevanssi Plugin for WordPress CSV Injection Vulnerability in ExportToCsvUtf8.php of Contact Form 7 to Database Extension Plugin 2.10.32 for WordPress Stored XSS Vulnerability in CheckSec Canopy 3.x before 3.0.7 Remote Code Execution in Monstra CMS 3.0.4 via Zip File Upload Remote File Deletion Vulnerability in Monstra CMS 3.0.4 Variable Scoping Vulnerability in Octopus Deploy 2.0 and later Denial of Service Vulnerability in Advanced SystemCare Ultimate 11.0.1.58 Denial of Service and Potential Impact Vulnerability in Advanced SystemCare Ultimate 11.0.1.58 Denial of Service and Potential Impact Vulnerability in Advanced SystemCare Ultimate 11.0.1.58 Denial of Service Vulnerability in Advanced SystemCare Ultimate 11.0.1.58 Denial of Service Vulnerability in Advanced SystemCare Ultimate 11.0.1.58 Denial of Service Vulnerability in Windows Master 7.99.13.604 Denial of Service Vulnerability in Windows Master 7.99.13.604 Denial of Service Vulnerability in Windows Master 7.99.13.604 Denial of Service Vulnerability in Windows Master 7.99.13.604 Denial of Service Vulnerability in Windows Master 7.99.13.604 Denial of Service Vulnerability in Windows Master 7.99.13.604 Denial of Service Vulnerability in Windows Master 7.99.13.604 Denial of Service Vulnerability in Windows Master 7.99.13.604 Denial of Service Vulnerability in Windows Master 7.99.13.604 Denial of Service Vulnerability in Windows Master 7.99.13.604 Denial of Service Vulnerability in JasPer 2.0.14 via Reachable Assertion in jpc_firstone Function BranchScope: Unauthorized Information Disclosure via Speculative Execution Side-Channel Attack Insecure PRNG Algorithm and Seeding in AWS IAM User Login Profile Provisioning Infinite Loop Denial of Service Vulnerability in Long Range Zip (lrzip) 0.631 Remote Code Execution Vulnerability in Easy File Sharing (EFS) Web Server 7.2 via Malicious Login Request Lenovo ThinkPad BIOS Vulnerability: Arbitrary Code Injection Exploit Buffer Overflow Vulnerability in Lenovo System Update Authentication Bypass Vulnerability in Lenovo xClarity Administrator Credential Store Vulnerability in Lenovo xClarity Administrator Command Injection Vulnerability in Lenovo xClarity Administrator Insufficient Access Control in Lenovo Help Android App: Potential Exposure of Email Addresses and IMEI Hard-coded SFTP Credentials Vulnerability in IMM2 Race Condition Vulnerability in Lenovo IdeaPad BIOS Flash Device Locking Mechanism Factory Test Mode Vulnerability in Lenovo Smart Assistant Android App Lenovo Chassis Management Module (CMM) Prior to Version 2.0.0 Information Disclosure Vulnerability Insufficient Input Sanitization in LXCI for VMware Allows Unauthorized File Downloads Hardcoded Encryption Key Vulnerability in Lenovo Chassis Management Module (CMM) Path Traversal Vulnerability in Iomega, Lenovo, LenovoEMC NAS Devices Command Injection Vulnerability in Iomega, Lenovo, LenovoEMC NAS Devices Command Injection Vulnerability in Iomega, Lenovo, LenovoEMC NAS Devices Command Injection Vulnerability in Iomega, Lenovo, LenovoEMC NAS Devices Arbitrary JavaScript Execution via SVG Upload in Iomega/Lenovo NAS Devices DOM Manipulation and Arbitrary JavaScript Execution in Iomega and Lenovo NAS Devices Session Hijacking Vulnerability in Iomega, Lenovo, LenovoEMC NAS Devices Cross-Site Scripting (XSS) Vulnerability in Iomega, Lenovo, LenovoEMC NAS Devices Unauthenticated Password Change Vulnerability in Iomega, Lenovo, LenovoEMC NAS Devices Weak Default Root Credentials in System Management Module (SMM) Versions Prior to 1.06 Bypassing Software Update Validation in System Management Module (SMM) Versions Prior to 1.06 Unset Write Protection Lock Bit Vulnerability in Lenovo and IBM System x Servers Command Injection Vulnerability in Lenovo ThinkServer BMC Firmware Download Command Default Credentials and XSS Vulnerability in CoreOS Tectonic Critical Remote Code Execution Vulnerability in KEMP LoadMaster Operating System (LMOS) Allows System Compromise and Data Exposure CSRF Vulnerability in MiniCMS 1.10 Allows Unauthorized Password Change Mitel MiVoice Connect and ST Reflected XSS Vulnerability SQL Injection Vulnerability in Mitel MiVoice Connect and ST 14.2 Mitel MiVoice Connect and ST Conferencing Component Reflected XSS Vulnerability Mitel MiVoice Connect and ST Conferencing Component Reflected XSS Vulnerability Privilege Escalation Vulnerability in NordVPN for macOS CSV Injection in Acyba AcySMS Extension for Joomla! CSV Injection in Acyba AcyMailing Extension for Joomla CSRF Vulnerability in QuickAppsCMS 2.0.0-beta2 Allows Unauthorized Account Creation with Admin Privileges Directory Traversal and File Deletion Vulnerability in Studio 42 elFinder Directory Traversal and File Deletion Vulnerability in Studio 42 elFinder Cross Site Scripting (XSS) Vulnerability in Foxconn FEMTO AP-FC4064-T AP_GT_B38_5.8.3lb15-W47 LTE Build 15 Vulnerability: Privilege Escalation via Weak Default Password and Cookie Manipulation Code Injection Vulnerability in Centers for Disease Control and Prevention MicrobeTRACE 0.1.12 SitaWare 6.4 SP2 Vulnerability: Freezing of Situational Layer through Unvalidated Input WireMock XXE Vulnerability: Remote File Access and DoS Directory Traversal Vulnerability in WireMock before 2.16.0 Directory Traversal Vulnerability in 99 Robots WP Background Takeover Advertisements Plugin Unauthenticated Bluetooth Access Vulnerability in BrilliantTS FUZE Card Stored Cross-Site Scripting Vulnerability in Crea8social 2018.2 via Post Stored Cross-Site Scripting Vulnerability in Crea8social 2018.2 via Post Comment Reflected Cross-Site Scripting Vulnerability in Crea8social 2018.2 via /search URI Stored Cross-Site Scripting Vulnerability in Crea8social 2018.2 User Profiles Remote Code Execution Vulnerability in DNNArticle Module 11 for DNN Improper Handling of Wildcard Certificates in Botan 2.2.0 - 2.4.0 (Fixed in 2.5.0) Buffer Overflow Vulnerability in DVD X Player Standard 5.5.3.9 via Crafted .plf File Bleichenbacher Vulnerability in ZyXEL ZyWALL/USG Series Devices' IKE Handshake Implementation XSS Vulnerability in IBOS 4.4.3 via Company Full Name NULL Pointer Dereference in libming 0.4.8 getInt Function in decompile.c File Excessive Iteration Denial of Service Vulnerability in ImageMagick 7.0.7-26 Q16 Arbitrary File Rename Vulnerability in DedeCMS 5.7 Heap-Based Buffer Over-Read Vulnerability in ImageMagick 7.0.7-24 Q16 Denial of Service (BSOD) Vulnerability in Jungo DriverWizard WinDriver 12.6.0 via Crafted .exe File CSV Injection Vulnerability in Open-AudIT before 2.2 Stack Exhaustion in C++ Demangling Functions in GNU libiberty Buffer Overflow Vulnerability in Samsung Mobile Devices with N(7.x) Software XSS and Arbitrary File Loading Vulnerability in Samsung Email Application (SVE-2017-10747) Remote Code Execution Vulnerability in Samsung Gallery App (SVE-2017-11105) Insecure Package Validation in Samsung Secure Folder on N(7.x) Software (SVE-2017-10932) Heap Overflow Vulnerability in Samsung Mobile Devices with M(6.0) and N(7.x) Software Out-of-Bounds Read Vulnerability in Exiv2 0.26's binaryToString Function SIGABRT vulnerability in DataBuf constructor in Exiv2 0.26 Arbitrary Web Script Injection in Gespage Software (Version 7.5.7) via user_reg.jsp Session Token Embedding in Filenames Vulnerability in Western Digital WD My Cloud v04.05.00-320 Devices Vulnerability: Unauthorized Access and Backdoor in Zyxel Multy X (AC3000 Tri-Band WiFi System) NULL Pointer Dereference Vulnerability in Kingsoft Internet Security 9+ Kernel Driver Arbitrary PHP Code Execution in Z-BlogPHP 1.5.1 Plugin Upload Component Remote Denial of Service Vulnerability in JasPer 2.0.14: Reachable Abort in jpc_dec_process_sot Function Open-AudIT Professional 2.1.1 XSS Vulnerability in Component Names Unauthenticated Remote Code Execution via Webshell Upload on AXIS P1354 IP Camera Firmware 5.90.1.1 Unauthenticated Remote Code Execution via Webshell Upload on AXIS M1033-W IP Camera Firmware 5.40.5.1 Denial of Service Vulnerability in AXIS M1033-W IP Camera Firmware 5.40.5.1 Path Traversal Vulnerability in Spark (Versions before 2.7.2) ClearText Credential Exposure in SickRage HTTP Responses Hardcoded Password Vulnerability in Prisma Industriale Checkweigher PrismaWEB 1.21 Unauthenticated Access Control Vulnerability in Contec Smart Home 4.15 Devices Stored XSS Vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 (Build 5350) NULL Pointer Dereference Vulnerability in libming through 0.4.8 XSS Vulnerability in Z-BlogPHP 1.5.1 via zb_users/plugin/AppCentre/plugin_edit.php app_id Parameter Iptanus WordPress File Upload Plugin Shortcode Attribute Mishandling Vulnerability Arbitrary Script Injection in GetSimple CMS 3.3.13 via XSS Vulnerability in uploadify.swf Arbitrary PHP Code Execution in DedeCMS 5.7 via sys_verifies.php Arbitrary PHP Code Execution in DedeCMS 5.7 via egroup Parameter XSS Vulnerability in Twonky Server 8.5.1: Folder Name on Shared Folders Screen XSS Vulnerability in Twonky Server Language Parameter XSS Vulnerability in Joom Sky JS Jobs Extension for Joomla! Fortinet FortiOS 6.0.0 and below: Information Disclosure Vulnerability in Single Sign-On Feature Fortinet FortiAuthenticator XSS Vulnerability: Unauthorized Script Execution via CSRF Validation Failure Null Pointer Dereference Vulnerability in Fortinet FortiClientWindows 6.0.2 and Earlier: Denial of Service via NDIS Miniport Driver Fortinet FortiClient for Windows 6.0.4 and earlier Local Privilege Escalation via Named Pipe Vulnerability: Plaintext Recovery and Man-in-the-Middle Attack on RSA PKCS #1 v1.5 Encryption in Fortinet FortiOS Fortinet FortiClient for Windows 6.0.4 and earlier: Local Privilege Escalation Vulnerability Vulnerability: Plaintext Recovery and Man-in-the-Middle Attack on RSA PKCS #1 v1.5 Encryption in Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0, and 6.0.1 under VIP SSL Feature with CPx Hardcoded Cryptographic Key Vulnerability in FortiGuard Services Communication Protocol Unauthenticated File Path Manipulation Vulnerability in avatar_uploader v7.x-1.0-beta8 Critical Unauthenticated Arbitrary File Upload Vulnerability in Blueimp jQuery-File-Upload Arbitrary File Upload Vulnerability in jQuery Upload File <= 4.0.2 Unauthenticated Arbitrary File Upload Vulnerability in jQuery Picture Cut <= v1.1Beta Unauthenticated Arbitrary File Upload Vulnerability in FineUploader PHP-Traditional-Server v1.2.2 OpenResty URI Parameter Limit Bypass Vulnerability Firmware Authentication Bypass Vulnerability in T&W WIFI Repeater BE126 Devices Unsalted SHA-1 Hash Vulnerability in Sophos Endpoint Protection 10.7 Lack of Key Certification Enforcement in GnuPG 2.2.4 and 2.2.5 Reflected Cross-Site Scripting Vulnerability in iScripts SonicBB 1.0 via search.php Stored Cross-Site Scripting Vulnerability in iScripts EasyCreate 3.2.1 Site Title Field Stored Cross-Site Scripting Vulnerability in iScripts EasyCreate 3.2.1's Site Description Field XSS Vulnerability in Yahei-PHP Proberv 0.4.7 via funName Parameter NULL Pointer Dereference Vulnerability in ncmpc 0.29: Chat Message Crash and Denial of Service File Deletion Vulnerability in PAN-OS Management Web Interface XSS Vulnerability in GitLab Community and Enterprise Editions 8.4 - 10.4 Cross-Site Scripting (XSS) Vulnerability in GitLab Community and Enterprise Editions (9.2 - 10.4) Critical SQL Injection Vulnerability in Ericsson-LG iPECS NMS A.1Ac Login Portal Shell Code Injection in PGObject::Util::DBAdmin Module Arbitrary SQL Execution and PHP Code Injection in Gxlcms QY v1.0.0713 Authentication Bypass Vulnerability in FiberHome VDSL2 Modem HG 150-UB Devices Authentication Bypass Vulnerability in FiberHome VDSL2 Modem HG 150-UB Devices Arbitrary SQL Command Execution in OpenEMR v5_0_1_1 Denial of Service Vulnerability in libxml2 2.9.8 with LZMA Decompression Denial of Service Vulnerability in JasPer 2.0.14 via jpc_abstorelstepsize Function LWAPP Dissector Crash Vulnerability in Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13 Infinite Loop Vulnerability in Wireshark CQL Dissector (Versions 2.4.0 to 2.4.5) TCP Dissector Crash Vulnerability in Wireshark 2.4.0 to 2.4.5 MP4 Dissector Crash Vulnerability in Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13 IEEE 802.15.4 Dissector Crash Vulnerability Heap-based Buffer Overflow in Wireshark NBAP Dissector Vulnerability: VLAN Dissector Crash in Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13 Kerberos Dissector Crash Vulnerability in Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13 Heap-based Buffer Overflow in ADB Dissector in Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13 Memory Leak in Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13 in packet-tn3270.c Memory Leak in Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13 in packet-isup.c Memory Leak in Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13 in packet-lapd.c Memory Leak in Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13 in packet-smb2.c Memory Leak in Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13 in packet-giop.c Memory Leak in Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13 in epan/oids.c Memory Leak in Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13 in packet-multipart.c Memory Leak in Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13 in packet-h223.c Memory Leak in Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13 in packet-pcp.c Memory Leak in Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13 in ui/failure_message.c Information Disclosure and Denial of Service Vulnerability in Yubico PAM Module OS Command Injection Vulnerability in PRTG Network Monitor Clear-text Password Disclosure in Eaton UPS 9PX 8000 SP Devices Eaton UPS 9PX 8000 SP SNMP Version 3 Password Disclosure Vulnerability CSRF and XSS Vulnerabilities in Eaton UPS 9PX 8000 SP Administration Panel Stored XSS Vulnerability in Subsonic Media Server 6.1.1 Podcast Subscription Form Stored Cross-Site Scripting (XSS) Vulnerabilities in CremeCRM 1.6.12 Arbitrary Code Execution Vulnerability in D-Link DIR-868L with StarHub Firmware OS Command Injection in Main_Analysis_Content.asp on ASUS Routers SSRF (Server Side Request Forgery) in Cockpit 0.4.4 through 0.5.5 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter Exiv2 0.26 BigTiffImage Assertion Failure Vulnerability Denial of Service Vulnerability in Exiv2 0.26: Divide by Zero in BigTiffImage::printIFD Exiv2 0.26 Out-of-Bounds Read Vulnerability in IptcData::printStructure XSS Vulnerability in dsmall v20180320 via pdr_sn Parameter SQL Injection Vulnerability in zzcms 8.2 via id Parameter in dl/dl_sendsms.php Local Privilege Escalation Vulnerability in MagniComp SysInfo Remote Attack Vulnerability in BMW Telematics Control Unit (TCU) USB Device Local Attack Vulnerability in BMW Infotainment System Bluetooth Remote Attack Vulnerability in BMW Infotainment System Vulnerability: Physical Access Attack on BMW Infotainment System (HU_NBT) Remote Attack Vulnerability in BMW Telematics Control Unit (TCU) USB Device Local Attack Vulnerability in BMW Infotainment System Vulnerability: Code-Signing Bypass and Root Shell Access in BMW Infotainment System Unauthenticated Export of All Pads in Etherpad 1.5.x and 1.6.x Arbitrary Code Execution Vulnerability in Etherpad 1.6.3 Arbitrary Code Execution Vulnerability in Etherpad 1.5.x and 1.6.x XSS Vulnerability in PHP Scripts Mall Redbus Clone Script 3.0.6 via ter_from or tag parameter in results.php Stored XSS Vulnerability in register.jsp in Coremail XT3.0 Remote File Deletion Vulnerability in zzcms 8.2 Vulnerability: Incorrect Access Control in K7AntiVirus Premium 15.01.00.53 Buffer Overflow Vulnerability in K7AntiVirus Premium 15.1.0.53: Execute Arbitrary Code (Local) in K7TSMngr.exe GlobalProtect Password Hashes Disclosure Vulnerability Arbitrary JavaScript and HTML Injection in PAN-OS Session Browser Double-Free Memory Vulnerability in OpenVPN 2.4.x before 2.4.6 Arbitrary JavaScript and HTML Injection in PAN-OS Web Interface Administration Page Infinite Loop DoS Vulnerability in SMF_ParseMetaEvent Function Out-of-bounds stack write vulnerability in bta_dm_sdp_result of Android Double Free Vulnerability in bnep_data_ind of bnep_main.c Out-of-bounds Write Vulnerability in BNEP_Write of bnep_api.cc Uninitialized Data Read Vulnerability in gatts_process_attribute_req of gatt_sc.cc Out of Bounds Read Vulnerability in l2c_main.cc Out of Bounds Read Vulnerability in l2c_main.cc Out of Bounds Read Vulnerability in l2c_main.cc Remote Denial of Service Vulnerability in InboundSmsHandler.java Integer Overflow Vulnerability in hidp_process_report in Bluetooth Out of Bounds Write Vulnerability in driver_override_store of bus.c Double Free Vulnerability in driver_override_store and driver_override_show of bus.c Use-after-free vulnerability in get_futex_key in futex.c allows for local privilege escalation without additional privileges needed Bypass of User Interaction Requirements in Android-10: Local Privilege Escalation Vulnerability Out-of-Bounds Write Vulnerability in CopyToOMX of OMXNodeInstance.cpp Out-of-bounds Read Vulnerability in BNEP Data Indication Function Out-of-bounds Read Vulnerability in getstring of ID3.cpp WiFi VPN Connection Vulnerability: Local Denial of Service of Security Updates on Android Devices Resource Exhaustion Vulnerability in ih264d_video_decode of ih264d_api.c Path Traversal Vulnerability in readMetadata of Utils.cpp Allows Local Privilege Escalation Out-of-bounds Write Vulnerability in smp_br_state_machine_event of Android Out of Bounds Read Vulnerability in avct_bcb_msg_ind of avct_bcb_act.cc Out-of-bounds Write Vulnerability in avrc_proc_vendor_command of avrc_api.cc Out of Bounds Read Vulnerability in DynamicRefTable::load of ResourceTypes.cpp Potential Denial of Service Vulnerability in Android's Layout.java Out-of-bounds Read Vulnerability in avdt_msg_prs_cfg of avdt_msg.cc Out-of-bounds Read Vulnerability in BNEP Data Indication Function Out-of-bounds Read Vulnerability in sdpu_extract_attr_seq of sdp_utils.cc Contact Information Disclosure Vulnerability in BluetoothPairingController Interception of Keypresses in RootWindowContainer.java Allows Local Privilege Escalation Path Traversal Vulnerability in Attachment.java and EmlAttachmentProvider.java Allows Remote Elevation of Privilege Use-after-free vulnerability in task_get_unused_fd_flags in binder.c allows local users to escalate privileges via crafted use of the /dev/binder driver. Integer Overflow Vulnerability in ihevcd_parse_sei_payload of ihevcd_parse_headers.c Use-after-free vulnerability in avrc_pars_browsing_cmd of avrc_pars_tg.cc allows for remote escalation of privilege in Bluetooth service SELinux Permissions Bypass Vulnerability in crash_dump.te WiFi Network Information Disclosure Vulnerability Type Confusion Vulnerability in CollectValuesOrEntriesImpl of elements.cc in Android Integer Overflow Vulnerability in AMediaCodecCryptoInfo_new of NdkMediaCodec.cpp Possible Permissions Bypass in checkGrantUriPermissionLocked of ActivityManagerService.java SQL Injection Vulnerability in Android Download Manager's Content Provider Out-of-bounds Write Vulnerability in ixheaacd_real_synth_fft_p3 of ixheaacd_esbr_fft.c Out of Bounds Write Vulnerability in impeg2_fmt_conv_yuv420p_to_yuv420sp_uv_av8 Integer Overflow Vulnerability in SkSampler::Fill of SkSampler.cpp Uninitialized Data Read Vulnerability in readVector of iCrypto.cpp Factory Reset Protection Bypass Vulnerability in Android SetupWizard Out-of-bounds read vulnerability in rfc_process_mx_message of rfc_ts_frames.cc leading to remote information disclosure in Android Bluetooth service Out-of-bounds Read Vulnerability in rfc_process_mx_message of rfc_ts_frames.cc Out-of-bounds Write Vulnerability in sdp_copy_raw_data of sdp_discovery.cc Out of Bounds Read Vulnerability in mca_ccb_hdl_req of mca_cact.cc Out-of-Bound Read Vulnerability in avrc_msg_cback of avrc_api.cc Out-of-bounds Read Vulnerability in bta_av_proc_meta_cmd of bta_av_act.cc Out of Bounds Read Vulnerability in smp_process_keypress_notification of smp_act.cc Out of Bounds Read Vulnerability in smp_proc_master_id of Android Bluetooth Stack Out of Bounds Read Vulnerability in smp_proc_enc_info of Android Bluetooth Stack Uninitialized Data Vulnerability in ipSecSetEncapSocketOwner of XfrmController.cpp Double Free Vulnerability in copy_process of fork.c in Android Kernel Use After Free Vulnerability in sdcardfs_open of file.c Memory Corruption Vulnerability in sdcardfs_create and sdcardfs_mkdir of inode.c Out of Bounds Write Vulnerability in hid_debug_events_read of Android Kernel Use-after-free vulnerability in pppol2tp_connect in the Android kernel allows for local privilege escalation Out-of-bounds Write Vulnerability in NFC LLCP Build SDREQ TLV Race condition vulnerability in easelcomm_hw_build_scatterlist in Android kernel allows local attackers to escalate privileges via an out-of-bounds write. Out-of-bounds Write Vulnerability in parseMPEGCCData of NuPlayer2CCDecoder.cpp Possible Out-of-Bounds Write Vulnerability in StatsLogEventWrapper.java in Android Parcel Serialization/Deserialization Mismatch Vulnerability in Android Insufficient Protection of Overlay Windows in Android System UI Allows Local Privilege Escalation Possible Permissions Bypass in Android SliceBroadcastReceiver for com.android.settings.slice.action.WIFI_CHANGED Improperly Configured Device Location Disclosure Vulnerability in Android Out-of-bounds Write Vulnerability in vorbis_book_decodev_set of codebook.c Out of Bounds Write Vulnerability in ixheaacd_over_lap_add1_armv8 of ixheaacd_overlap_add1.s Out of Bounds Write Vulnerability in ixheaacd_individual_ch_stream of ixheaacd_channel.c Out-of-Bounds Write Vulnerability in ixheaacd_tns_ar_filter_dec of ixheaacd_aac_tns.c Out-of-Bounds Write Vulnerability in AudioSpecificConfig_Parse of tpdec_asc.cpp Out of Bounds Write Vulnerability in ixheaacd_extract_frame_info_ld of ixheaacd_env_extr.c Potential Out-of-Bounds Write Read Vulnerability in ixheaacd_dec_data_init of ixheaacd_create.c Out-of-bounds Write Vulnerability in ixheaacd_mps_getstridemap of ixheaacd_mps_parse.c Out-of-Bounds Write Vulnerability in ixheaacd_reset_acelp_data_fix of ixheaacd_lpc.c Out of Bounds Write Vulnerability in libFDK: Remote Code Execution in Android Out-of-Bounds Write Vulnerability in CAacDecoder_DecodeFrame of aacdecode.cpp Out-of-bounds Read Vulnerability in V4L2SliceVideoDecodeAccelerator::Dequeue of v4l2_slice_video_decode_accelerator.cc Race condition vulnerability in ClearKey CAS descrambler allows for local privilege escalation without additional execution privileges (Android) Out-of-bounds Read Vulnerability in avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.c Out-of-bounds read vulnerability in avrc_pars_vendor_rsp of avcr_pars_ct.cc in Android Out-of-bounds Read Vulnerability in avrc_pars_vendor_rsp of avrc_pars_ct.cc Data Partition Not Wiped During Factory Reset Vulnerability Out-of-Bounds Read Vulnerability in Bluetooth Service of Android Out-of-Bound Write Vulnerability in BTA_HdRegisterApp of Android Improper Input Validation in unflatten of GraphicBuffer.cpp Allows for Local Privilege Escalation in Android Missing URI Validation in ContentProvider.java Allows Permission Bypass and Local Information Disclosure Out-of-bounds Write Vulnerability in lppTransposer of lpp_tran.cpp Out of Bounds Write Vulnerability in CAacDecoder_Init of aacdecoder.cpp in Android Out-of-Bound Write Vulnerability in CAacDecoder_Init of aacdecoder.cpp in Android Out-of-bounds Write Vulnerability in ihevcd_sao_shift_ctb of ihevcd_sao.c Double Free Vulnerability in MasteringMetadata::Parse of mkvparser.cc in Android Media File Disclosure Vulnerability in Android's IMediaExtractor.cp Out of Bounds Write Vulnerability in l2c_lcc_proc_pdu of l2c_fcr.cc Integer Overflow Vulnerability in ParsePayloadHeader of payload_metadata.cc in Android Uninitialized Data Vulnerability in really_install_package of install.cpp Out-of-bounds Write Vulnerability in rw_t2t_handle_tlv_detect of rw_t2t_ndef.cc Out-of-bounds Write Vulnerability in cryptfs.cpp Out-of-Bounds Write Vulnerability in HID_DevAddRecord of hidd_api.cc Out-of-Bound Read Vulnerability in llcp_util_parse_connect of Android Out-of-Bound Read Vulnerability in bta_ag_do_disc of bta_ag_sdp.cc Out-of-Bound Read Vulnerability in llcp_util_parse_cc of Android Out-of-Bound Read Vulnerability in llcp_util_parse_link_params of llcp_util.cc Integer Overflow Vulnerability in readBytes of xltdecwbxml.c in Android Out-of-bounds Read Vulnerability in Bluetooth Service Search Response Handling Pixel Devices Vulnerability: Verified Boot Certificate Fingerprint Reuse Memory Corruption Vulnerability in sk_clone_lock of sock.c Out-of-Bound Write Vulnerability in impd_init_drc_decode_post_config of impd_drc_gain_decoder.c in Android Out-of-Bound Write Vulnerability in impd_parse_drc_ext_v1 of impd_drc_dynamic_payload.c in Android Out-of-Bound Write Vulnerability in impd_parse_loud_eq_instructions of impd_drc_dynamic_payload.c Out of Bounds Write Vulnerability in impd_drc_parse_coeff of impd_drc_static_payload.c in Android Out of Bounds Write Vulnerability in impd_parse_filt_block of impd_drc_dynamic_payload.c in Android Out of Bounds Write Vulnerability in impd_parse_split_drc_characteristic of impd_drc_static_payload.c in Android Out-of-Bounds Write Vulnerability in impd_parse_dwnmix_instructions of impd_drc_static_payload.c in Android Out-of-Bounds Write Vulnerability in impd_parse_parametric_drc_instructions of impd_drc_static_payload.c in Android Out-of-Bounds Write Vulnerability in impd_parametric_drc_parse_gain_set_params of impd_drc_static_payload.c in Android Out-of-bounds Write Vulnerability in ixheaacd_adts_crc_start_reg of ixheaacd_adts_crc_check.c HTC Bootloader Elevation of Privilege Vulnerability in Android Kernel WiFi RSSI and SSID Information Disclosure Vulnerability Bypass of Unknown Source Warning in Android Package Installer Out-of-bounds write vulnerability in bta_ag_parse_cmer of Android Bluetooth Server Out of Bounds Write Vulnerability in NFC Configuration Status Setting Out of Bounds Write Vulnerability in NFC Routing (Android) Race condition vulnerability allows local privilege escalation in Android Confused Deputy Vulnerability in ContactPhotoUtils.java Allows Unauthorized File Access Out of Bounds Read Vulnerability in avdt_scb_hdl_report of Android Bluetooth Stack Out-of-bounds Read Vulnerability in Android Wi-Fi Driver Out-of-bounds Read Vulnerability in add_attr of sdp_discovery.c in Android Out-of-bounds Read Vulnerability in Android Bluetooth HID Profile Handling Out-of-bounds Read Vulnerability in mca_ccb_hdl_rsp of Android Out of Bounds Read Vulnerability in llcp_dlc_proc_i_pdu of Android NFC Out of Bounds Read Vulnerability in Android NFC (CVE-2019-9506) Integer Overflow Vulnerability in OCaml's caml_ba_deserialize Function Vulnerability: Unauthorized Access to Private Issue Details in MantisBT Bypassing Screen Locker in Open Whisper Signal App for iOS Out-of-array Access Vulnerability in FFmpeg's Export Function Replay Attack Vulnerability in CyberArk Password Vault (CVE-2020-XXXX) Arbitrary Code Execution via Serialized .NET Object in CyberArk Password Vault Web Access REST API XSS Vulnerability in Iptanus WordPress File Upload Plugin Critical Vulnerability in Etherpad Lite Allows Unauthorized Admin Access MX (IMAP) Injection Vulnerability in Roundcube Archive Plugin Arbitrary PHP Code Execution in Gxlcms QY v1.0.0713 TplAction.class.php Arbitrary PHP Code Execution Vulnerability in Gxlcms QY v1.0.0713 Upload Function XML Entity Expansion Denial of Service Vulnerability in Pulse Secure Pulse Connect Secure Arbitrary File Deletion Vulnerability in Gxlcms QY v1.0.0713 Arbitrary File Read Vulnerability in Gxlcms QY v1.0.0713 SQL Injection Vulnerability in Gxlcms QY v1.0.0713 Privilege Escalation Vulnerability in freeSSHd Version 1.3.1 CSRF Vulnerability in Kotti Local Roles Implementation XSS Vulnerability in PHP Scripts Mall Match Clone Script 1.0.4 via searchbyid.php Unquoted Service Path Vulnerability in NAVER Whale Off-by-one Error in Botan TLS-CBC Ciphertext Processing Arbitrary web script injection through crafted IMG element in CKEditor Enhanced Image plugin (CVE-2018-1000811) Numeric Username Vulnerability in runV 1.0.0 for Docker Stored XSS Vulnerability in WP Live Chat Support Plugin Arbitrary Code Execution Vulnerability in SonicWall GMS Virtual Appliance SonicWall SonicOS Certificate Download Vulnerability Denial of Service Vulnerability in QPDF through 8.0.2 Web-accessible backdoor in Tp-shop 2.0.5 through 2.0.8 allows SSRF and remote command execution Server Side Request Forgery in K2 SmartForms 4.6.11 via Modified Hostname in Identity STS Forms Scripts URL Directory Traversal Vulnerability in CMS Made Simple 2.2.7 Allows File Existence and Checksum Disclosure Physical Path Leakage in idreamsoft iCMS through 7.0.7 via Invalid Nickname Field CSRF Vulnerability in idreamsoft iCMS 7.0.7 SQL Injection in idreamsoft iCMS 7.0.7 via pid Array Parameter Cross-Site Scripting (XSS) Vulnerability in idreamsoft iCMS 7.0.7 via nickname field in admincp.php CSRF Vulnerability in WUZHI CMS 4.1.0 Allows Unauthorized Admin Account Addition CSRF Vulnerability in WUZHI CMS 4.1.0 Allows Unauthorized User Account Addition MetInfo 6.0 save.php Cross-Site Scripting (XSS) Vulnerability Arbitrary Password Change Vulnerability in MetInfo 6.0 Arbitrary Code Execution Vulnerability in Foxit Reader 8.3.2.25013 Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.0.29935 (ZDI-CAN-5370) Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.0.29935 Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.0.29935 (ZDI-CAN-5372) Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.0.29935 (ZDI-CAN-5373) Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.0.29935 (ZDI-CAN-5374) Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.0.29935 (ZDI-CAN-5375) Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.0.29935 (ZDI-CAN-5376) Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.0.29935 (ZDI-CAN-5377) Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.0.29935 (ZDI-CAN-5379) Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.0.29935 (ZDI-CAN-5382) Remote Code Execution Vulnerability in Foxit Reader 9.0.0.29935 via setTimeOut Method Arbitrary Code Execution via BMP Image Parsing in Foxit Reader 9.0.0.29935 Remote Code Execution Vulnerability in Foxit Reader 9.0.0.29935 Arbitrary Code Execution via TIFF Parsing in Foxit Reader 9.0.0.29935 Remote Code Execution Vulnerability in Foxit Reader 9.0.0.29935 Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.0.29935 (ZDI-CAN-5414) Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.1049 (ZDI-CAN-5527) Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.1049 (ZDI-CAN-5528) Arbitrary Code Execution via XFA Button Handling in Foxit Reader 9.0.1.1049 Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.1049 Arbitrary Code Execution via XFA Button Title Attribute in Foxit Reader 9.0.1.1049 Arbitrary Code Execution via XFA Button Element in Foxit Reader 9.0.1.1049 Arbitrary Code Execution via Text Annotations in Foxit Reader 9.0.1.1049 Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.1049 (ZDI-CAN-5432) Arbitrary Code Execution via textColor Field Attribute Parsing in Foxit Reader 9.0.1.1049 Remote Code Execution Vulnerability in Foxit Reader 9.0.1.1049 (ZDI-CAN-5434) Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.1049 Remote Code Execution Vulnerability in Foxit Reader 9.0.1.1049 via JPEG2000 Image Parsing Remote Code Execution Vulnerability in Foxit Reader 9.0.1.1049 via OCG Object Name Parsing Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.1049 (ZDI-CAN-5569) Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.1049 (ZDI-CAN-5570) Arbitrary Code Execution via Format Actions in Foxit Reader 9.0.1.1049 Remote Code Execution Vulnerability in Foxit Reader 9.0.1.1049 via Keystroke Actions of TextBox Objects Arbitrary Code Execution in Foxit Reader 9.0.1.1049 via XFA boundItem Method Arbitrary Code Execution via XFA execEvent Method in Foxit Reader 9.0.1.1049 Remote Code Execution Vulnerability in Foxit Reader 9.0.1.104 (ZDI-CAN-5754) Remote Code Execution Vulnerability in Foxit Reader 9.0.1.1049 (ZDI-CAN-5755) Remote Code Execution Vulnerability in Foxit Reader 9.0.1.1049 via ePub File Parsing Arbitrary Code Execution Vulnerability in Foxit Reader 9.0.1.1049 (ZDI-CAN-5895) Arbitrary Code Execution via Shift Event Handling in Foxit Reader 9.0.1.1049 Remote Code Execution Vulnerability in Foxit Reader 9.0.0.29935 via U3D Texture Parsing Remote Code Execution Vulnerability in Foxit Reader 9.0.0.29935 via U3D Modifier Chain Objects (ZDI-CAN-5427) Remote Code Execution Vulnerability in Foxit Reader 9.0.0.29935 via U3D File Parsing (ZDI-CAN-5428) Remote Code Execution Vulnerability in Foxit Reader 9.0.0.29935 via U3D Texture Continuation Objects (ZDI-CAN-5429) Remote Code Execution Vulnerability in Foxit Reader 9.0.0.29935 via U3D File Parsing Remote Code Execution Vulnerability in Foxit Reader 9.0.0.29935 via U3D File Parsing (ZDI-CAN-5431) Arbitrary Code Execution via Texture Width Parsing in Foxit Reader 9.0.0.29935 Remote Code Execution Vulnerability in Foxit Reader 9.0.0.29935 via U3D File Parsing Remote Code Execution Vulnerability in Foxit Reader 9.0.0.29935 via U3D Texture Image Channels Parsing MetInfo 6.0 Front Page XSS Vulnerability via Feedback Message XSS Vulnerability in Zulip Server Frontend Markdown Processor XSS Vulnerability in Zulip Server Versions 1.5.x - 1.7.x Buffer Over-read Vulnerability in ARM mbed TLS Buffer Over-read Vulnerability in ARM mbed TLS XSS Vulnerability in Zulip Server's Topic Typeahead with Stream Names Cross-Site Scripting (XSS) Vulnerability in Frog CMS 0.9.5 via /admin/?/user/add Name or Username Parameter XSS Vulnerability in Frog CMS 0.9.5 via File or Directory Name Field XSS Vulnerability in YUNUCMS 1.0.7: Content Title on Admin News Center Page Authentication Bypass Vulnerability in TBK DVR4104 and DVR4216 Devices and Re-branded Versions Stack Exhaustion in C++ Demangling Functions in GNU libiberty Arbitrary Script Injection in Open-Xchange OX App Suite Mail Compose Sensitive Information Disclosure in Open-Xchange OX App Suite API XSS Vulnerability in Zulip Server User Uploads