LanGuard reports



Supported OVAL/CVE Bulletins

<
Date Bulletin ID Title

2017-07-18  CISEC:2753  oval:org.cisecurity:def:2753: RHSA-2016:2098 -- kernel security update
  CISEC:2754  oval:org.cisecurity:def:2754: .NET Denial of Service Vulnerability
  CISEC:2749  oval:org.cisecurity:def:2749: Windows Kernel Elevation of Privilege Vulnerability
  CISEC:2751  oval:org.cisecurity:def:2751: Windows Kernel Information Disclosure Vulnerability

2017-07-17  CISEC:2733  oval:org.cisecurity:def:2733: Microsoft Exchange Open Redirect Vulnerability
  CISEC:2742  oval:org.cisecurity:def:2742: Windows Explorer Denial of Service Vulnerability
  CISEC:2738  oval:org.cisecurity:def:2738: Microsoft Office Remote Code Execution Vulnerability
  CISEC:2741  oval:org.cisecurity:def:2741: Microsoft Office Memory Corruption Vulnerability
  CISEC:2739  oval:org.cisecurity:def:2739: Microsoft Office Remote Code Execution Vulnerability
  CISEC:2734  oval:org.cisecurity:def:2734: Microsoft Exchange Cross-Site Scripting Vulnerability
  CISEC:2740  oval:org.cisecurity:def:2740: Microsoft Office Memory Corruption Vulnerability
  CISEC:2752  oval:org.cisecurity:def:2752: Microsoft Browser Security Feature Bypass
  CISEC:2736  oval:org.cisecurity:def:2736: Microsoft Exchange Cross-Site Scripting Vulnerability

2017-07-14  CISEC:2730  oval:org.cisecurity:def:2730: Office Remote Code Execution Vulnerability
  CISEC:2731  oval:org.cisecurity:def:2731: Office Remote Code Execution Vulnerability
  CISEC:2746  oval:org.cisecurity:def:2746: Win32k Elevation of Privilege Vulnerability
  CISEC:2747  oval:org.cisecurity:def:2747: Win32k Information Disclosure Vulnerability
  CISEC:2748  oval:org.cisecurity:def:2748: Win32k Elevation of Privilege Vulnerability
  CISEC:2743  oval:org.cisecurity:def:2743: Win32k Elevation of Privilege Vulnerability
  CISEC:2732  oval:org.cisecurity:def:2732: Office Remote Code Execution Vulnerability
  CISEC:2744  oval:org.cisecurity:def:2744: Win32k Elevation of Privilege Vulnerability
  CISEC:2745  oval:org.cisecurity:def:2745: Win32k Information Disclosure Vulnerability
  CISEC:2750  oval:org.cisecurity:def:2750: Win32k Elevation of Privilege Vulnerability

2017-07-07  CVE-2014-7953  Race condition in the bindBackupAgent method in the ActivityManagerService in Android 4.4.4 allows local users with adb shell access to execute arbitrary code or any valid package as system by running "pm install" with the target...
  CVE-2014-7954  Directory traversal vulnerability in the doSendObjectInfo method in frameworks/av/media/mtp/MtpServer.cpp in Android 4.4.4 allows physically proximate attackers with a direct connection to the target Android device to upload files...

2017-07-05  CISEC:2729  oval:org.cisecurity:def:2729: Office Remote Code Execution Vulnerability

2017-06-30  CISEC:2672  oval:org.cisecurity:def:2672: Windows PDF Remote Code Execution Vulnerability
  CISEC:2663  oval:org.cisecurity:def:2663: Skype for Business Remote Code Execution Vulnerability
  CISEC:2673  oval:org.cisecurity:def:2673: Microsoft PowerPoint Remote Code Execution Vulnerability
  CISEC:2669  oval:org.cisecurity:def:2669: Windows PDF Remote Code Execution Vulnerability
  CISEC:2674  oval:org.cisecurity:def:2674: Windows Remote Code Execution Vulnerability
  CISEC:2671  oval:org.cisecurity:def:2671: Windows TDX Elevation of Privilege Vulnerability
  CISEC:2675  oval:org.cisecurity:def:2675: Microsoft SharePoint XSS vulnerability
  CISEC:2664  oval:org.cisecurity:def:2664: Windows PDF Information Disclosure Vulnerability

2017-06-29  CISEC:2667  oval:org.cisecurity:def:2667: Windows Uniscribe Remote Code Execution Vulnerability
  CISEC:2666  oval:org.cisecurity:def:2666: Windows Uniscribe Information Disclosure Vulnerability
  CISEC:2662  oval:org.cisecurity:def:2662: Windows Uniscribe Information Disclosure Vulnerability
  CISEC:2665  oval:org.cisecurity:def:2665: Windows Uniscribe Remote Code Execution Vulnerability
  CISEC:2670  oval:org.cisecurity:def:2670: Windows Uniscribe Information Disclosure Vulnerability
  CISEC:2668  oval:org.cisecurity:def:2668: Windows Uniscribe Information Disclosure Vulnerability

2017-06-28  CISEC:2617  oval:org.cisecurity:def:2617: April, 2017 Security Monthly Quality Rollup for Windows 7
  CISEC:2625  oval:org.cisecurity:def:2625: April, 2017 Security Only Quality Update for Windows 7
  CISEC:2622  oval:org.cisecurity:def:2622: April, 2017 Security Monthly Quality Rollup for Windows Server 2012
  CISEC:2627  oval:org.cisecurity:def:2627: Security Update for Windows Vista, Windows Server 2008
  CISEC:2612  oval:org.cisecurity:def:2612: Security Update for Microsoft Office 2007
  CISEC:2616  oval:org.cisecurity:def:2616: April, 2017 Security Only Quality Update for Windows Server 2012
  CISEC:2620  oval:org.cisecurity:def:2620: April, 2017 Security Only Quality Update for Windows 7 for x64-based Systems
  CISEC:2621  oval:org.cisecurity:def:2621: Security Update for Windows Server 2008, Windows Vista for x64-based Systems
  CISEC:2615  oval:org.cisecurity:def:2615: April, 2017 Security Monthly Quality Rollup for Windows 7 for x64-based Systems
  CISEC:2642  oval:org.cisecurity:def:2642: Windows Kernel Information Disclosure Vulnerability
  CISEC:2641  oval:org.cisecurity:def:2641: Windows Kernel Information Disclosure Vulnerability
  CISEC:2640  oval:org.cisecurity:def:2640: Windows Kernel Information Disclosure Vulnerability
  CISEC:2634  oval:org.cisecurity:def:2634: Windows Kernel Information Disclosure Vulnerability
  CISEC:2638  oval:org.cisecurity:def:2638: Windows Kernel Information Disclosure Vulnerability
  CISEC:2631  oval:org.cisecurity:def:2631: Windows Kernel Information Disclosure Vulnerability
  CISEC:2643  oval:org.cisecurity:def:2643: Windows Kernel Information Disclosure Vulnerability
  CISEC:2639  oval:org.cisecurity:def:2639: Windows Kernel Information Disclosure Vulnerability
  CISEC:2637  oval:org.cisecurity:def:2637: Windows Kernel Information Disclosure Vulnerability
  CISEC:2630  oval:org.cisecurity:def:2630: Windows Kernel Elevation of Privilege Vulnerability
  CISEC:2632  oval:org.cisecurity:def:2632: Windows Kernel Information Disclosure Vulnerability
  CISEC:2635  oval:org.cisecurity:def:2635: Windows Kernel Information Disclosure Vulnerability
  CISEC:2636  oval:org.cisecurity:def:2636: Windows Kernel Information Disclosure Vulnerability
  CISEC:2644  oval:org.cisecurity:def:2644: Windows Kernel Information Disclosure Vulnerability
  CISEC:2629  oval:org.cisecurity:def:2629: Windows Kernel Information Disclosure Vulnerability
  CISEC:2633  oval:org.cisecurity:def:2633: Windows Kernel Information Disclosure Vulnerability

2017-06-27  CISEC:2628  oval:org.cisecurity:def:2628: Win32k Elevation of Privilege Vulnerability
  CVE-2015-3840  The MessageStatusReceiver service in the AndroidManifest.XML in Android 5.1.1 and earlier allows local users to alter sent/received statuses of SMS and MMS messages without the associated "WRITE_SMS" permission.

2017-06-23  CISEC:2567  oval:org.cisecurity:def:2567: Memory Corruption vulnerability in Adobe Flash Player versions 25.0.0.171 and earlier
  CISEC:2571  oval:org.cisecurity:def:2571: Windows Graphics Information Disclosure Vulnerability
  CISEC:2577  oval:org.cisecurity:def:2577: Windows Graphics Information Disclosure Vulnerability
  CISEC:2570  oval:org.cisecurity:def:2570: Use after free vulnerability in Adobe Flash Player versions 25.0.0.171 and earlier
  CISEC:2568  oval:org.cisecurity:def:2568: Memory Corruption vulnerability in Adobe Flash Player versions 25.0.0.171 and earlier
  CISEC:2575  oval:org.cisecurity:def:2575: Windows Graphics Information Disclosure Vulnerability
  CISEC:2576  oval:org.cisecurity:def:2576: Windows Graphics Information Disclosure Vulnerability
  CISEC:2573  oval:org.cisecurity:def:2573: Windows Graphics Remote Code Execution Vulnerability
  CISEC:2569  oval:org.cisecurity:def:2569: Memory Corruption vulnerability in Adobe Flash Player versions 25.0.0.171 and earlier
  CISEC:2572  oval:org.cisecurity:def:2572: Windows Graphics Information Disclosure Vulnerability
  CISEC:2578  oval:org.cisecurity:def:2578: Windows Graphics Information Disclosure Vulnerability
  CISEC:2574  oval:org.cisecurity:def:2574: Windows Graphics Information Disclosure Vulnerability
  CISEC:2566  oval:org.cisecurity:def:2566: Memory Corruption vulnerability in Adobe Flash Player versions 25.0.0.171 and earlier

2017-06-22  CISEC:2611  oval:org.cisecurity:def:2611: Win32k Information Disclosure Vulnerability
  CISEC:2610  oval:org.cisecurity:def:2610: Win32k Information Disclosure Vulnerability
  CISEC:2609  oval:org.cisecurity:def:2609: Win32k Information Disclosure Vulnerability
  CISEC:2608  oval:org.cisecurity:def:2608: Win32k Information Disclosure Vulnerability
  CISEC:2603  oval:org.cisecurity:def:2603: Win32k Elevation of Privilege Vulnerability
  CISEC:2604  oval:org.cisecurity:def:2604: Win32k Information Disclosure Vulnerability
  CISEC:2606  oval:org.cisecurity:def:2606: Win32k Information Disclosure Vulnerability
  CISEC:2605  oval:org.cisecurity:def:2605: Win32k Information Disclosure Vulnerability
  CISEC:2607  oval:org.cisecurity:def:2607: Win32k Elevation of Privilege Vulnerability

2017-06-21  CISEC:2538  oval:org.cisecurity:def:2538: Windows Search Remote Code Execution Vulnerability
  CISEC:2543  oval:org.cisecurity:def:2543: Windows Search Remote Code Execution Vulnerability
  CISEC:2535  oval:org.cisecurity:def:2535: URL spoofing in Omnibox
  CISEC:2542  oval:org.cisecurity:def:2542: Windows Search Information Disclosure Vulnerability

2017-06-20  CISEC:2530  oval:org.cisecurity:def:2530: Microsoft Edge Security Feature Bypass Vulnerability
  CISEC:2531  oval:org.cisecurity:def:2531: Microsoft Edge Memory Corruption Vulnerability
  CISEC:2527  oval:org.cisecurity:def:2527: Microsoft Edge Information Disclosure Vulnerability
  CISEC:2541  oval:org.cisecurity:def:2541: Use after free in Chrome Apps
  CISEC:2540  oval:org.cisecurity:def:2540: Type confusion in PDFium
  CISEC:2544  oval:org.cisecurity:def:2544: URL spoofing in Omnibox
  CISEC:2537  oval:org.cisecurity:def:2537: Type confusion in Blink
  CISEC:2525  oval:org.cisecurity:def:2525: Microsoft Edge Security Feature Bypass Vulnerability
  CISEC:2532  oval:org.cisecurity:def:2532: Microsoft Edge Memory Corruption Vulnerability
  CISEC:2526  oval:org.cisecurity:def:2526: Microsoft Edge Information Disclosure Vulnerability
  CISEC:2539  oval:org.cisecurity:def:2539: Heap use after free in Print Preview
  CISEC:2528  oval:org.cisecurity:def:2528: Microsoft Edge Security Feature Bypass Vulnerability
  CISEC:2536  oval:org.cisecurity:def:2536: URL spoofing in Omnibox

2017-06-19  CISEC:2534  oval:org.cisecurity:def:2534: Internet Explorer Memory Corruption Vulnerability
  CISEC:2529  oval:org.cisecurity:def:2529: Microsoft Browser Information Disclosure Vulnerability
  CISEC:2533  oval:org.cisecurity:def:2533: Internet Explorer Memory Corruption Vulnerability

2017-06-15  CISEC:2507  oval:org.cisecurity:def:2507: Scripting Engine Memory Corruption Vulnerability
  CISEC:2509  oval:org.cisecurity:def:2509: Scripting Engine Memory Corruption Vulnerability
  CISEC:2510  oval:org.cisecurity:def:2510: Scripting Engine Memory Corruption Vulnerability
  CISEC:2506  oval:org.cisecurity:def:2506: Scripting Engine Memory Corruption Vulnerability
  CISEC:2511  oval:org.cisecurity:def:2511: Scripting Engine Memory Corruption Vulnerability
  CISEC:2512  oval:org.cisecurity:def:2512: Scripting Engine Memory Corruption Vulnerability
  CISEC:2508  oval:org.cisecurity:def:2508: Scripting Engine Memory Corruption Vulnerability
  CISEC:2513  oval:org.cisecurity:def:2513: Scripting Engine Memory Corruption Vulnerability

2017-06-14  CISEC:2505  oval:org.cisecurity:def:2505: Vulnerable version of JetBrains TeamCity

2017-06-08  CVE-2014-7919  b/libs/gui/ISurfaceComposer.cpp in Android allows attackers to trigger a denial of service (null pointer dereference and process crash).

2017-06-06  CISEC:2432  oval:org.cisecurity:def:2432: Microsoft Malware Protection Engine Remote Code Execution Vulnerability
  CISEC:2431  oval:org.cisecurity:def:2431: Microsoft Malware Protection Engine Remote Code Execution Vulnerability
  CVE-2014-9941  In the Embedded File System in all Android releases from CAF using the Linux kernel, a Time-of-Check Time-of-Use Race Condition vulnerability could potentially exist.
  CVE-2014-9942  In Boot in all Android releases from CAF using the Linux kernel, a Use of Uninitialized Variable vulnerability could potentially exist.
  CVE-2014-9943  In Core Kernel in all Android releases from CAF using the Linux kernel, a Null Pointer Dereference vulnerability could potentially exist.
  CVE-2014-9944  In the Secure File System in all Android releases from CAF using the Linux kernel, an Integer Overflow to Buffer Overflow vulnerability could potentially exist.
  CVE-2014-9945  In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist.
  CVE-2014-9946  In Core Kernel in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist.
  CVE-2014-9947  In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure vulnerability could potentially exist.
  CVE-2014-9948  In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Validation of Array Index vulnerability could potentially exist.
  CVE-2014-9949  In TrustZone in all Android releases from CAF using the Linux kernel, an Untrusted Pointer Dereference vulnerability could potentially exist.
  CVE-2014-9923  In NAS in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist.
  CVE-2014-9924  In 1x in all Android releases from CAF using the Linux kernel, a Signed to Unsigned Conversion Error could potentially occur.
  CVE-2014-9925  In HDR in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist.
  CVE-2014-9926  In GNSS in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist.
  CVE-2014-9927  In UIM in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist.
  CVE-2014-9928  In GERAN in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist.
  CVE-2014-9929  In WCDMA in all Android releases from CAF using the Linux kernel, a Use of Out-of-range Pointer Offset vulnerability could potentially exist.
  CVE-2014-9930  In WCDMA in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist.
  CVE-2014-9950  In Core Kernel in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist.
  CVE-2014-9951  In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure Through Timing Discrepancy vulnerability could potentially exist.
  CVE-2014-9952  In the Secure File System in all Android releases from CAF using the Linux kernel, a capture-replay vulnerability could potentially exist.
  CVE-2015-3830  The stock Android browser address bar in all Android operating systems suffers from Address Bar Spoofing, which allows remote attackers to trick a victim by displaying a malicious page for legitimate domain names.
  CVE-2015-9005  In TrustZone in all Android releases from CAF using the Linux kernel, an Integer Overflow to Buffer Overflow vulnerability could potentially exist.
  CVE-2015-9006  In Resource Power Manager (RPM) in all Android releases from CAF using the Linux kernel, an Improper Access Control vulnerability could potentially exist.
  CVE-2015-9007  In TrustZone in all Android releases from CAF using the Linux kernel, a Double Free vulnerability could potentially exist.

2017-06-02  CISEC:2407  oval:org.cisecurity:def:2407: Memory corruption in V8
  CISEC:2413  oval:org.cisecurity:def:2413: Multiple out of bounds writes in ChunkDemuxer
  CISEC:2415  oval:org.cisecurity:def:2415: Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows
  CISEC:2403  oval:org.cisecurity:def:2403: Bypass of Content Security Policy in Blink
  CISEC:2411  oval:org.cisecurity:def:2411: Out of bounds write in PDFium
  CISEC:2406  oval:org.cisecurity:def:2406: Use after free in PDFium
  CISEC:2408  oval:org.cisecurity:def:2408: Use after free in PDFium
  CISEC:2410  oval:org.cisecurity:def:2410: Incorrect security UI in Omnibox
  CISEC:2404  oval:org.cisecurity:def:2404: Use after free in ANGLE
  CISEC:2412  oval:org.cisecurity:def:2412: Integer overflow in libxslt
  CISEC:2409  oval:org.cisecurity:def:2409: Use after free in PDFium
  CISEC:2414  oval:org.cisecurity:def:2414: Use after free in GuestView
  CISEC:2405  oval:org.cisecurity:def:2405: Information disclosure in V8

2017-06-01  CISEC:2428  oval:org.cisecurity:def:2428: Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux
  CISEC:2427  oval:org.cisecurity:def:2427: Google Chrome prior to 57.0.2987.100 incorrectly handled back-forward navigation
  CISEC:2401  oval:org.cisecurity:def:2401: Microsoft Malware Protection Engine Denial of Service Vulnerability
  CISEC:2417  oval:org.cisecurity:def:2417: Microsoft Malware Protection Engine Remote Code Execution Vulnerability
  CISEC:2429  oval:org.cisecurity:def:2429: V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux
  CISEC:2424  oval:org.cisecurity:def:2424: Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux
  CISEC:2416  oval:org.cisecurity:def:2416: Microsoft Malware Protection Engine Denial of Service Vulnerability
  CISEC:2422  oval:org.cisecurity:def:2422: An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux
  CISEC:2421  oval:org.cisecurity:def:2421: An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux
  CISEC:2419  oval:org.cisecurity:def:2419: Microsoft Malware Protection Engine Denial of Service Vulnerability
  CISEC:2418  oval:org.cisecurity:def:2418: Microsoft Malware Protection Engine Denial of Service Vulnerability
  CISEC:2423  oval:org.cisecurity:def:2423: Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView
  CISEC:2402  oval:org.cisecurity:def:2402: Microsoft Malware Protection Engine Denial of Service Vulnerability
  CISEC:2430  oval:org.cisecurity:def:2430: An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux
  CISEC:2425  oval:org.cisecurity:def:2425: XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux
  CISEC:2420  oval:org.cisecurity:def:2420: An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux
  CISEC:2426  oval:org.cisecurity:def:2426: An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux

2017-05-31  CISEC:2399  oval:org.cisecurity:def:2399: Microsoft Edge Elevation of Privilege Vulnerability

2017-05-26  CISEC:2393  oval:org.cisecurity:def:2393: .Net Security Feature Bypass Vulnerability
  CISEC:2397  oval:org.cisecurity:def:2397: Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability
  CISEC:2395  oval:org.cisecurity:def:2395: Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability
  CISEC:2396  oval:org.cisecurity:def:2396: Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability
  CISEC:2398  oval:org.cisecurity:def:2398: Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability

2017-05-24  CISEC:2386  oval:org.cisecurity:def:2386: Vulnerability in Adobe Flash Player versions 25.0.0.148 and earlier
  CISEC:2394  oval:org.cisecurity:def:2394: Microsoft Office Remote Code Execution Vulnerability
  CISEC:2388  oval:org.cisecurity:def:2388: Vulnerability in Adobe Flash Player versions 25.0.0.148 and earlier
  CISEC:2387  oval:org.cisecurity:def:2387: Vulnerability in Adobe Flash Player versions 25.0.0.148 and earlier

2017-05-23  CISEC:2389  oval:org.cisecurity:def:2389: Microsoft SharePoint XSS Vulnerability
  CISEC:2385  oval:org.cisecurity:def:2385: Windows GDI Information Disclosure Vulnerability
  CISEC:2381  oval:org.cisecurity:def:2381: Win32k Elevation of Privilege Vulnerability
  CISEC:2379  oval:org.cisecurity:def:2379: Windows Kernel Information Disclosure Vulnerability
  CISEC:2378  oval:org.cisecurity:def:2378: Windows Kernel Information Disclosure Vulnerability
  CISEC:2383  oval:org.cisecurity:def:2383: Win32k Information Disclosure Vulnerability
  CISEC:2392  oval:org.cisecurity:def:2392: Microsoft Office Memory Corruption Vulnerability
  CISEC:2384  oval:org.cisecurity:def:2384: Windows Kernel Information Disclosure Vulnerability
  CISEC:2380  oval:org.cisecurity:def:2380: Windows Kernel Elevation of Privilege Vulnerability
  CISEC:2377  oval:org.cisecurity:def:2377: Windows Kernel Information Disclosure Vulnerability
  CISEC:2382  oval:org.cisecurity:def:2382: Win32k Elevation of Privilege Vulnerability

2017-05-19  CISEC:2360  oval:org.cisecurity:def:2360: Scripting Engine Memory Corruption Vulnerability
  CISEC:2362  oval:org.cisecurity:def:2362: Microsoft Edge Remote Code Execution Vulnerability
  CISEC:2358  oval:org.cisecurity:def:2358: Internet Explorer Memory Corruption Vulnerability
  CISEC:2355  oval:org.cisecurity:def:2355: Scripting Engine Memory Corruption Vulnerability
  CISEC:2359  oval:org.cisecurity:def:2359: Scripting Engine Memory Corruption Vulnerability
  CISEC:2354  oval:org.cisecurity:def:2354: Scripting Engine Memory Corruption Vulnerability
  CISEC:2357  oval:org.cisecurity:def:2357: Scripting Engine Memory Corruption Vulnerability
  CISEC:2363  oval:org.cisecurity:def:2363: Microsoft Edge Memory Corruption Vulnerability
  CISEC:2364  oval:org.cisecurity:def:2364: Microsoft Edge Elevation of Privilege Vulnerability
  CISEC:2349  oval:org.cisecurity:def:2349: Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Escalation of Privilege
  CISEC:2361  oval:org.cisecurity:def:2361: Scripting Engine Memory Corruption Vulnerability
  CISEC:2356  oval:org.cisecurity:def:2356: Internet Explorer Memory Corruption Vulnerability
  CISEC:2352  oval:org.cisecurity:def:2352: Scripting Engine Memory Corruption Vulnerability
  CISEC:2365  oval:org.cisecurity:def:2365: Scripting Engine Memory Corruption Vulnerability
  CISEC:2350  oval:org.cisecurity:def:2350: Microsoft Browser Spoofing Vulnerability
  CISEC:2351  oval:org.cisecurity:def:2351: Microsoft Edge Memory Corruption Vulnerability
  CISEC:2366  oval:org.cisecurity:def:2366: Internet Explorer Security Feature Bypass Vulnerability
  CISEC:2372  oval:org.cisecurity:def:2372: Microsoft Malware Protection Engine Remote Code Execution Vulnerability
  CISEC:2353  oval:org.cisecurity:def:2353: Scripting Engine Memory Corruption Vulnerability

2017-05-16  CISEC:2375  oval:org.cisecurity:def:2375: Windows COM Elevation of Privilege Vulnerability
  CISEC:2390  oval:org.cisecurity:def:2390: Windows DNS Server Denial of Service Vulnerability
  CISEC:2391  oval:org.cisecurity:def:2391: Microsoft ActiveX Information Disclosure Vulnerability
  CISEC:2376  oval:org.cisecurity:def:2376: Windows COM Elevation of Privilege Vulnerability
  CVE-2014-9934  A PKCS#1 v1.5 signature verification routine in all Android releases from CAF using the Linux kernel may not check padding.
  CVE-2014-9931  A buffer overflow vulnerability in all Android releases from CAF using the Linux kernel can potentially occur if an OEM performs an app region size customization due to a hard-coded value.
  CVE-2014-9932  In TrustZone, an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel due to an improper address range computation.
  CVE-2014-9933  Due to missing input validation in all Android releases from CAF using the Linux kernel, HLOS can write to fuses for which it should not have access.

2017-05-15  CISEC:2333  oval:org.cisecurity:def:2333: Microsoft Office Remote Code Execution Vulnerability
  CISEC:2332  oval:org.cisecurity:def:2332: Microsoft Office Remote Code Execution Vulnerability
  CISEC:2374  oval:org.cisecurity:def:2374: Dxgkrnl.sys Elevation of Privilege Vulnerability

2017-05-14  CISEC:2369  oval:org.cisecurity:def:2369: Security Update for Windows Server 2003 for x64-based Systems
  CISEC:2367  oval:org.cisecurity:def:2367: Security Update for Windows XP
  CISEC:2370  oval:org.cisecurity:def:2370: Security Update for Windows Server 2003
  CISEC:2371  oval:org.cisecurity:def:2371: Security Update for Windows 8 for x64-based Systems
  CISEC:2368  oval:org.cisecurity:def:2368: Security Update for Windows 8

2017-05-12  CISEC:2373  oval:org.cisecurity:def:2373: Windows Hyper-V vSMB Elevation of Privilege Vulnerability

2017-05-10  CISEC:2288  oval:org.cisecurity:def:2288: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2272  oval:org.cisecurity:def:2272: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2274  oval:org.cisecurity:def:2274: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2344  oval:org.cisecurity:def:2344: Windows SMB Remote Code Execution Vulnerability
  CISEC:2339  oval:org.cisecurity:def:2339: Windows SMB Information Disclosure Vulnerability
  CISEC:2278  oval:org.cisecurity:def:2278: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2345  oval:org.cisecurity:def:2345: Windows SMB Denial of Service Vulnerability
  CISEC:2347  oval:org.cisecurity:def:2347: Windows SMB Remote Code Execution Vulnerability
  CISEC:2342  oval:org.cisecurity:def:2342: Windows SMB Remote Code Execution Vulnerability
  CISEC:2285  oval:org.cisecurity:def:2285: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2271  oval:org.cisecurity:def:2271: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2279  oval:org.cisecurity:def:2279: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2338  oval:org.cisecurity:def:2338: Windows SMB Remote Code Execution Vulnerability
  CISEC:2337  oval:org.cisecurity:def:2337: Windows SMB Information Disclosure Vulnerability
  CISEC:2334  oval:org.cisecurity:def:2334: Windows SMB Information Disclosure Vulnerability
  CISEC:2281  oval:org.cisecurity:def:2281: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2283  oval:org.cisecurity:def:2283: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2277  oval:org.cisecurity:def:2277: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2282  oval:org.cisecurity:def:2282: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2280  oval:org.cisecurity:def:2280: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2269  oval:org.cisecurity:def:2269: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2346  oval:org.cisecurity:def:2346: Windows SMB Information Disclosure Vulnerability
  CISEC:2341  oval:org.cisecurity:def:2341: Windows SMB Denial of Service Vulnerability
  CISEC:2270  oval:org.cisecurity:def:2270: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2335  oval:org.cisecurity:def:2335: Windows SMB Denial of Service Vulnerability
  CISEC:2287  oval:org.cisecurity:def:2287: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2343  oval:org.cisecurity:def:2343: Windows SMB Information Disclosure Vulnerability
  CISEC:2284  oval:org.cisecurity:def:2284: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2276  oval:org.cisecurity:def:2276: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2286  oval:org.cisecurity:def:2286: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2275  oval:org.cisecurity:def:2275: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2340  oval:org.cisecurity:def:2340: Windows SMB Information Disclosure Vulnerability
  CISEC:2273  oval:org.cisecurity:def:2273: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier
  CISEC:2336  oval:org.cisecurity:def:2336: Windows SMB Information Disclosure Vulnerability

2017-05-05  CISEC:2226  oval:org.cisecurity:def:2226: Hyper-V Remote Code Execution Vulnerability
  CISEC:2230  oval:org.cisecurity:def:2230: Hyper-V Denial of Service Vulnerability
  CISEC:2234  oval:org.cisecurity:def:2234: Hyper-V Denial of Service Vulnerability
  CISEC:2235  oval:org.cisecurity:def:2235: Scripting Engine Memory Corruption Vulnerability
  CISEC:2233  oval:org.cisecurity:def:2233: Hyper-V Denial of Service Vulnerability
  CISEC:2229  oval:org.cisecurity:def:2229: Hyper-V Remote Code Execution Vulnerability
  CISEC:2232  oval:org.cisecurity:def:2232: LDAP Elevation of Privilege Vulnerability
  CISEC:2237  oval:org.cisecurity:def:2237: Hyper-V Denial of Service Vulnerability
  CISEC:2225  oval:org.cisecurity:def:2225: Hyper-V Information Disclosure Vulnerability
  CISEC:2231  oval:org.cisecurity:def:2231: Hyper-V Information Disclosure Vulnerability
  CISEC:2227  oval:org.cisecurity:def:2227: Hyper-V Denial of Service Vulnerability
  CISEC:2238  oval:org.cisecurity:def:2238: Active Directory Denial of Service Vulnerability
  CISEC:2223  oval:org.cisecurity:def:2223: ADFS Security Feature Bypass Vulnerability
  CISEC:2228  oval:org.cisecurity:def:2228: Hyper-V Denial of Service Vulnerability
  CISEC:2224  oval:org.cisecurity:def:2224: Hyper-V Remote Code Execution Vulnerability
  CISEC:2239  oval:org.cisecurity:def:2239: Hyper-V Remote Code Execution Vulnerability
  CISEC:2236  oval:org.cisecurity:def:2236: Hyper-V Denial of Service Vulnerability

2017-05-02  CISEC:2265  oval:org.cisecurity:def:2265: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability
  CISEC:2260  oval:org.cisecurity:def:2260: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  CISEC:2243  oval:org.cisecurity:def:2243: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  CISEC:2242  oval:org.cisecurity:def:2242: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability
  CISEC:2263  oval:org.cisecurity:def:2263: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability
  CISEC:2252  oval:org.cisecurity:def:2252: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  CISEC:2254  oval:org.cisecurity:def:2254: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability
  CISEC:2267  oval:org.cisecurity:def:2267: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  CISEC:2258  oval:org.cisecurity:def:2258: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability
  CISEC:2249  oval:org.cisecurity:def:2249: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability
  CISEC:2250  oval:org.cisecurity:def:2250: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability
  CISEC:2246  oval:org.cisecurity:def:2246: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability
  CISEC:2241  oval:org.cisecurity:def:2241: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability
  CISEC:2266  oval:org.cisecurity:def:2266: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  CISEC:2253  oval:org.cisecurity:def:2253: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability
  CISEC:2257  oval:org.cisecurity:def:2257: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  CISEC:2247  oval:org.cisecurity:def:2247: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability
  CISEC:2264  oval:org.cisecurity:def:2264: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  CISEC:2244  oval:org.cisecurity:def:2244: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  CISEC:2245  oval:org.cisecurity:def:2245: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability
  CISEC:2261  oval:org.cisecurity:def:2261: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  CISEC:2248  oval:org.cisecurity:def:2248: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability
  CISEC:2256  oval:org.cisecurity:def:2256: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability
  CISEC:2255  oval:org.cisecurity:def:2255: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  CISEC:2262  oval:org.cisecurity:def:2262: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability
  CISEC:2251  oval:org.cisecurity:def:2251: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  CISEC:2240  oval:org.cisecurity:def:2240: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability
  CVE-2014-9940  The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel before 3.19 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application.
  CVE-2015-9004  kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions.

2017-04-27  CISEC:2220  oval:org.cisecurity:def:2220: Vulnerability in Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13 of Oracle Java SE (subcomponent: Networking
  CISEC:2208  oval:org.cisecurity:def:2208: Vulnerability in Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121 of Oracle Java SE (subcomponent: Security
  CISEC:2201  oval:org.cisecurity:def:2201: Vulnerability in Adobe Flash Player versions 25.0.0.127 and earlier
  CISEC:2202  oval:org.cisecurity:def:2202: Vulnerability in Adobe Flash Player versions 25.0.0.127 and earlier
  CISEC:2197  oval:org.cisecurity:def:2197: Vulnerability in Adobe Flash Player versions 25.0.0.127 and earlier
  CISEC:2214  oval:org.cisecurity:def:2214: Vulnerability in Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13 of Oracle Java SE (subcomponent: Networking
  CISEC:2213  oval:org.cisecurity:def:2213: Vulnerability in Java SE: 6u141, 7u131 and 8u121 of Oracle Java SE (subcomponent: AWT
  CISEC:2207  oval:org.cisecurity:def:2207: Vulnerability in Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121 of Oracle Java SE (subcomponent: Networking
  CISEC:2198  oval:org.cisecurity:def:2198: Vulnerability in Adobe Flash Player versions 25.0.0.127 and earlier
  CISEC:2221  oval:org.cisecurity:def:2221: Vulnerability in Java SE: 7u131 and 8u121 of Oracle Java SE (subcomponent: AWT
  CISEC:2196  oval:org.cisecurity:def:2196: Vulnerability in Adobe Flash Player versions 25.0.0.127 and earlier
  CISEC:2200  oval:org.cisecurity:def:2200: Vulnerability in Adobe Flash Player versions 25.0.0.127 and earlier
  CISEC:2206  oval:org.cisecurity:def:2206: Vulnerability in Java SE: 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13 of Oracle Java SE (subcomponent: JCE
  CISEC:2199  oval:org.cisecurity:def:2199: Vulnerability in Adobe Flash Player versions 25.0.0.127 and earlier
  CISEC:2219  oval:org.cisecurity:def:2219: Vulnerability in Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13 of Oracle Java SE (subcomponent: JAXP

2017-04-26  CISEC:2177  oval:org.cisecurity:def:2177: Vulnerability in Oracle MySQL 5.7.17 and earlier
  CISEC:2204  oval:org.cisecurity:def:2204: ATMFD.dll Information Disclosure Vulnerability
  CISEC:2215  oval:org.cisecurity:def:2215: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges
  CISEC:2218  oval:org.cisecurity:def:2218: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump
  CISEC:2192  oval:org.cisecurity:def:2192: Vulnerability in Oracle MySQL 5.6.35 and earlier and 5.7.17 and earlier
  CISEC:2183  oval:org.cisecurity:def:2183: Vulnerability in Oracle MySQL 5.6.35 and earlier and 5.7.17 and earlier
  CISEC:2210  oval:org.cisecurity:def:2210: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API
  CISEC:2174  oval:org.cisecurity:def:2174: Microsoft Office XSS Elevation of Privilege Vulnerability
  CISEC:2209  oval:org.cisecurity:def:2209: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth
  CISEC:2176  oval:org.cisecurity:def:2176: Vulnerability in Oracle MySQL 5.7.17 and earlier
  CISEC:2186  oval:org.cisecurity:def:2186: Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier and MariaDB before 5.5.55
  CISEC:2180  oval:org.cisecurity:def:2180: Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.35 and earlier
  CISEC:2184  oval:org.cisecurity:def:2184: Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier and MariaDB before 5.5.55
  CISEC:2211  oval:org.cisecurity:def:2211: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption
  CISEC:2189  oval:org.cisecurity:def:2189: Vulnerability in Oracle MySQL 5.7.17 and earlier
  CISEC:2178  oval:org.cisecurity:def:2178: Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier
  CISEC:2222  oval:org.cisecurity:def:2222: libjpeg Information Disclosure Vulnerability
  CISEC:2181  oval:org.cisecurity:def:2181: Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.20 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15
  CISEC:2216  oval:org.cisecurity:def:2216: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges
  CISEC:2179  oval:org.cisecurity:def:2179: Vulnerability in the MySQL Cluster 7.2.27 and earlier, 7.3.16 and earlier, 7.4.14 and earlier and 7.5.5 and earlier – CVE-2016-3304
  CISEC:2187  oval:org.cisecurity:def:2187: Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier and MariaDB before 5.5.55
  CISEC:2175  oval:org.cisecurity:def:2175: Microsoft Office XSS Elevation of Privilege Vulnerability
  CISEC:2193  oval:org.cisecurity:def:2193: Vulnerability in Oracle MySQL 5.7.17 and earlier
  CISEC:2190  oval:org.cisecurity:def:2190: Vulnerability in Oracle MySQL 5.7.11 to 5.7.17
  CISEC:2188  oval:org.cisecurity:def:2188: Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier
  CISEC:2217  oval:org.cisecurity:def:2217: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges
  CISEC:2185  oval:org.cisecurity:def:2185: Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier and MariaDB before 5.5.55
  CISEC:2191  oval:org.cisecurity:def:2191: Vulnerability in Oracle MySQL 5.7.17 and earlier
  CISEC:2212  oval:org.cisecurity:def:2212: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL
  CISEC:2182  oval:org.cisecurity:def:2182: Vulnerability in Oracle MySQL 5.7.17 and earlier

2017-04-24  CISEC:2205  oval:org.cisecurity:def:2205: .NET Remote Code Execution Vulnerability
  CVE-2010-1776  Find My iPhone on iOS 2.0 through 3.1.3 for iPhone 3G and later and iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later, when Find My iPhone is disabled, allows remote authenticated users with an associated MobileMe...

2017-04-20  CISEC:2195  oval:org.cisecurity:def:2195: Windows Elevation of Privilege Vulnerability
  CISEC:2171  oval:org.cisecurity:def:2171: Windows OLE Elevation of Privilege Vulnerability
  CISEC:2194  oval:org.cisecurity:def:2194: Windows Denial of Service Vulnerability
  CISEC:2173  oval:org.cisecurity:def:2173: Microsoft Office Memory Corruption Vulnerability

2017-04-19  CISEC:2169  oval:org.cisecurity:def:2169: Win32k Elevation of Privilege Vulnerability
  CISEC:2162  oval:org.cisecurity:def:2162: Win32k Information Disclosure Vulnerability
  CISEC:2170  oval:org.cisecurity:def:2170: Win32k Information Disclosure Vulnerability
  CISEC:2168  oval:org.cisecurity:def:2168: Microsoft Office Security Feature Bypass Vulnerability
  CISEC:2164  oval:org.cisecurity:def:2164: Microsoft Outlook Remote Code Execution Vulnerability
  CISEC:2163  oval:org.cisecurity:def:2163: Windows Graphics Elevation of Privilege Vulnerability
  CISEC:2161  oval:org.cisecurity:def:2161: Windows Kernel Information Disclosure Vulnerability
  CISEC:2165  oval:org.cisecurity:def:2165: Windows Graphics Component Elevation of Privilege Vulnerability

2017-04-18  CISEC:2157  oval:org.cisecurity:def:2157: Internet Explorer Elevation of Privilege Vulnerability
  CISEC:2152  oval:org.cisecurity:def:2152: Microsoft Edge Memory Corruption Vulnerability
  CISEC:2154  oval:org.cisecurity:def:2154: Microsoft Edge Memory Corruption Vulnerability
  CISEC:2153  oval:org.cisecurity:def:2153: Internet Explorer Memory Corruption Vulnerability
  CISEC:2159  oval:org.cisecurity:def:2159: Microsoft Edge Security Feature Bypass Vulnerability
  CISEC:2135  oval:org.cisecurity:def:2135: Microsoft Exchange Server Elevation of Privilege Vulnerability
  CISEC:2156  oval:org.cisecurity:def:2156: Scripting Engine Memory Corruption Vulnerability
  CISEC:2160  oval:org.cisecurity:def:2160: Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API

2017-04-17  CISEC:2158  oval:org.cisecurity:def:2158: Scripting Engine Information Disclosure Vulnerability
  CISEC:2155  oval:org.cisecurity:def:2155: Scripting Engine Memory Corruption Vulnerability

2017-04-14  CISEC:2123  oval:org.cisecurity:def:2123: Microsoft Office Memory Corruption Vulnerability
  CISEC:2120  oval:org.cisecurity:def:2120: Microsoft Office Memory Corruption Vulnerability
  CISEC:2118  oval:org.cisecurity:def:2118: Microsoft Office Memory Corruption Vulnerability
  CISEC:2117  oval:org.cisecurity:def:2117: Microsoft Office Memory Corruption Vulnerability
  CISEC:2122  oval:org.cisecurity:def:2122: Microsoft Office Denial of Service Vulnerability
  CISEC:2124  oval:org.cisecurity:def:2124: Microsoft Office Memory Corruption Vulnerability
  CISEC:2115  oval:org.cisecurity:def:2115: Microsoft Office Memory Corruption Vulnerability
  CISEC:2116  oval:org.cisecurity:def:2116: Microsoft Office Memory Corruption Vulnerability
  CISEC:2125  oval:org.cisecurity:def:2125: Microsoft SharePoint XSS Vulnerability
  CISEC:2119  oval:org.cisecurity:def:2119: Microsoft Office Information Disclosure Vulnerability
  CISEC:2121  oval:org.cisecurity:def:2121: Microsoft Office Information Disclosure Vulnerability

2017-04-13  CVE-2014-7920  mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7921.
  CVE-2014-7921  mediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7920.

2017-04-12  CISEC:2089  oval:org.cisecurity:def:2089: Windows SMB Remote Code Execution Vulnerability
  CISEC:2107  oval:org.cisecurity:def:2107: Windows DVD Maker Cross-Site Request Forgery Vulnerability
  CISEC:2101  oval:org.cisecurity:def:2101: Windows SMB Remote Code Execution Vulnerability
  CISEC:2131  oval:org.cisecurity:def:2131: iSNS Server Memory Corruption Vulnerability
  CISEC:2132  oval:org.cisecurity:def:2132: Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability
  CISEC:2094  oval:org.cisecurity:def:2094: Windows SMB Remote Code Execution Vulnerability
  CISEC:2099  oval:org.cisecurity:def:2099: Windows SMB Remote Code Execution Vulnerability
  CISEC:2095  oval:org.cisecurity:def:2095: Windows SMB Remote Code Execution Vulnerability
  CISEC:2134  oval:org.cisecurity:def:2134: Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability
  CISEC:2133  oval:org.cisecurity:def:2133: Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable buffer overflow / underflow vulnerability
  CISEC:2096  oval:org.cisecurity:def:2096: Windows SMB Remote Code Execution Vulnerability

2017-04-11  CISEC:2090  oval:org.cisecurity:def:2090: Windows Graphics Component Remote Code Execution Vulnerability
  CISEC:2128  oval:org.cisecurity:def:2128: Windows DLL Loading Remote Code Execution Vulnerability
  CISEC:2085  oval:org.cisecurity:def:2085: Vulnerability in Adobe Flash Player versions 24.0.0.221 and earlier
  CISEC:2127  oval:org.cisecurity:def:2127: SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability
  CISEC:2126  oval:org.cisecurity:def:2126: Windows DNS Query Information Disclosure Vulnerability
  CISEC:2129  oval:org.cisecurity:def:2129: Device Guard Security Feature Bypass Vulnerability
  CISEC:2106  oval:org.cisecurity:def:2106: Windows Graphics Component Remote Code Execution Vulnerability
  CISEC:2087  oval:org.cisecurity:def:2087: Vulnerability in Adobe Flash Player versions 24.0.0.221 and earlier
  CISEC:2130  oval:org.cisecurity:def:2130: Windows HelpPane Elevation of Privilege Vulnerability
  CISEC:2088  oval:org.cisecurity:def:2088: Vulnerability in Adobe Flash Player versions 24.0.0.221 and earlier
  CISEC:2086  oval:org.cisecurity:def:2086: Vulnerability in Adobe Flash Player versions 24.0.0.221 and earlier

2017-04-08  CISEC:2091  oval:org.cisecurity:def:2091: Microsoft Color Management Information Disclosure Vulnerability
  CISEC:2092  oval:org.cisecurity:def:2092: Microsoft Color Management Information Disclosure Vulnerability
  CISEC:2100  oval:org.cisecurity:def:2100: Windows Graphics Component Information Disclosure Vulnerability

2017-04-06  CISEC:2097  oval:org.cisecurity:def:2097: Windows GDI Elevation of Privilege Vulnerability
  CISEC:2093  oval:org.cisecurity:def:2093: Windows GDI Elevation of Privilege Vulnerability
  CISEC:2103  oval:org.cisecurity:def:2103: Windows GDI+ Information Disclosure Vulnerability
  CISEC:2098  oval:org.cisecurity:def:2098: Windows GDI+ Information Disclosure Vulnerability
  CISEC:2105  oval:org.cisecurity:def:2105: Windows GDI+ Information Disclosure Vulnerability
  CISEC:2104  oval:org.cisecurity:def:2104: Windows GDI Elevation of Privilege Vulnerability

2017-04-05  CISEC:2114  oval:org.cisecurity:def:2114: Microsoft IIS Server XSS Elevation of Privilege Vulnerability
  CISEC:2081  oval:org.cisecurity:def:2081: Windows DirectShow Information Disclosure Vulnerability

2017-04-04  CISEC:2080  oval:org.cisecurity:def:2080: Microsoft Active Directory Federation Services Information Disclosure Vulnerability
  CVE-2014-9922  The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c.

2017-04-03  CISEC:2078  oval:org.cisecurity:def:2078: Hyper-V vSMB Remote Code Execution Vulnerability
  CISEC:2072  oval:org.cisecurity:def:2072: Hyper-V Denial of Service Vulnerability
  CISEC:2079  oval:org.cisecurity:def:2079: Hyper-V Denial of Service Vulnerability
  CISEC:2074  oval:org.cisecurity:def:2074: Microsoft Hyper-V Network Switch Denial of Service Vulnerability
  CISEC:2077  oval:org.cisecurity:def:2077: Hyper-V Denial of Service Vulnerability
  CISEC:2073  oval:org.cisecurity:def:2073: Hyper-V Denial of Service Vulnerability
  CISEC:2070  oval:org.cisecurity:def:2070: Hyper-V Denial of Service Vulnerability
  CISEC:2071  oval:org.cisecurity:def:2071: Hyper-V Information Disclosure Vulnerability
  CISEC:2075  oval:org.cisecurity:def:2075: Hyper-V vSMB Remote Code Execution Vulnerability
  CISEC:2069  oval:org.cisecurity:def:2069: Hyper-V Remote Code Execution Vulnerability
  CISEC:2076  oval:org.cisecurity:def:2076: Hyper-V Remote Code Execution Vulnerability

2017-03-30  CISEC:2060  oval:org.cisecurity:def:2060: Windows GDI Elevation of Privilege Vulnerability

2017-03-29  CISEC:2067  oval:org.cisecurity:def:2067: Win32k Elevation of Privilege Vulnerability
  CISEC:2062  oval:org.cisecurity:def:2062: Win32k Elevation of Privilege Vulnerability
  CISEC:2068  oval:org.cisecurity:def:2068: Win32k Elevation of Privilege Vulnerability
  CISEC:2066  oval:org.cisecurity:def:2066: Win32k Elevation of Privilege Vulnerability
  CISEC:2061  oval:org.cisecurity:def:2061: Win32k Elevation of Privilege Vulnerability
  CISEC:2065  oval:org.cisecurity:def:2065: Win32k Elevation of Privilege Vulnerability
  CISEC:2064  oval:org.cisecurity:def:2064: Win32k Elevation of Privilege Vulnerability
  CISEC:2063  oval:org.cisecurity:def:2063: Win32k Elevation of Privilege Vulnerability

2017-03-24  CISEC:2037  oval:org.cisecurity:def:2037: Microsoft Edge Information Disclosure Vulnerability
  CISEC:2032  oval:org.cisecurity:def:2032: Internet Explorer Memory Corruption Vulnerability
  CISEC:2058  oval:org.cisecurity:def:2058: Windows Elevation of Privilege Vulnerability
  CISEC:2024  oval:org.cisecurity:def:2024: Scripting Engine Memory Corruption Vulnerability
  CISEC:2013  oval:org.cisecurity:def:2013: Scripting Engine Memory Corruption Vulnerability
  CISEC:2015  oval:org.cisecurity:def:2015: Microsoft Internet Explorer Memory Corruption Vulnerability
  CISEC:2006  oval:org.cisecurity:def:2006: Scripting Engine Memory Corruption Vulnerability
  CISEC:2030  oval:org.cisecurity:def:2030: Microsoft Edge Security Feature Bypass
  CISEC:2031  oval:org.cisecurity:def:2031: Scripting Engine Memory Corruption Vulnerability
  CISEC:2022  oval:org.cisecurity:def:2022: Microsoft Edge Spoofing Vulnerability
  CISEC:2005  oval:org.cisecurity:def:2005: Scripting Engine Memory Corruption Vulnerability
  CISEC:2018  oval:org.cisecurity:def:2018: Scripting Engine Memory Corruption Vulnerability
  CISEC:2019  oval:org.cisecurity:def:2019: Microsoft Browser Information Disclosure Vulnerability
  CISEC:2057  oval:org.cisecurity:def:2057: Windows Kernel Elevation of Privilege Vulnerability
  CISEC:2027  oval:org.cisecurity:def:2027: Scripting Engine Memory Corruption Vulnerability
  CISEC:2039  oval:org.cisecurity:def:2039: Microsoft Edge Security Feature Bypass
  CISEC:2025  oval:org.cisecurity:def:2025: Microsoft Edge Security Feature Bypass Vulnerability
  CISEC:2026  oval:org.cisecurity:def:2026: Microsoft Browser Memory Corruption Vulnerability
  CISEC:2016  oval:org.cisecurity:def:2016: Scripting Engine Memory Corruption Vulnerability
  CISEC:2004  oval:org.cisecurity:def:2004: Scripting Engine Memory Corruption Vulnerability
  CISEC:2036  oval:org.cisecurity:def:2036: Scripting Engine Memory Corruption Vulnerability
  CISEC:2014  oval:org.cisecurity:def:2014: Scripting Engine Memory Corruption Vulnerability
  CISEC:2017  oval:org.cisecurity:def:2017: Scripting Engine Memory Corruption Vulnerability
  CISEC:2002  oval:org.cisecurity:def:2002: Internet Explorer Information Disclosure Vulnerability
  CISEC:2011  oval:org.cisecurity:def:2011: Scripting Engine Memory Corruption Vulnerability
  CISEC:2000  oval:org.cisecurity:def:2000: Microsoft Browser Spoofing Vulnerability
  CISEC:2056  oval:org.cisecurity:def:2056: Windows Elevation of Privilege Vulnerability
  CISEC:2001  oval:org.cisecurity:def:2001: Scripting Engine Memory Corruption Vulnerability
  CISEC:2035  oval:org.cisecurity:def:2035: Microsoft Browser Spoofing Vulnerability
  CISEC:2029  oval:org.cisecurity:def:2029: Microsoft Edge Security Feature Bypass
  CISEC:2034  oval:org.cisecurity:def:2034: Microsoft Browser Information Disclosure Vulnerability
  CISEC:2021  oval:org.cisecurity:def:2021: Scripting Engine Memory Corruption Vulnerability
  CISEC:2009  oval:org.cisecurity:def:2009: Microsoft Edge Information Disclosure Vulnerability
  CISEC:2010  oval:org.cisecurity:def:2010: Microsoft PDF Memory Corruption Vulnerability
  CISEC:2028  oval:org.cisecurity:def:2028: Microsoft Edge Memory Corruption Vulnerability
  CISEC:2023  oval:org.cisecurity:def:2023: Scripting Engine Memory Corruption Vulnerability
  CISEC:2012  oval:org.cisecurity:def:2012: Scripting Engine Memory Corruption Vulnerability
  CISEC:2020  oval:org.cisecurity:def:2020: Scripting Engine Memory Corruption Vulnerability
  CISEC:2038  oval:org.cisecurity:def:2038: Scripting Engine Memory Corruption Vulnerability
  CISEC:2003  oval:org.cisecurity:def:2003: Internet Explorer Information Disclosure Vulnerability
  CISEC:2059  oval:org.cisecurity:def:2059: Windows Registry Elevation of Privilege Vulnerability
  CISEC:2033  oval:org.cisecurity:def:2033: Scripting Engine Memory Corruption Vulnerability
  CISEC:2008  oval:org.cisecurity:def:2008: Microsoft Edge Information Disclosure Vulnerability
  CISEC:2007  oval:org.cisecurity:def:2007: Internet Explorer Elevation of Privilege Vulnerability

2017-03-22  CISEC:1999  oval:org.cisecurity:def:1999: Internet Explorer Information Disclosure Vulnerability

2017-03-20  CISEC:1998  oval:org.cisecurity:def:1998: Microsoft XML Core Services Information Disclosure Vulnerability

2017-03-15  CISEC:1974  oval:org.cisecurity:def:1974: Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1978  oval:org.cisecurity:def:1978: Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1992  oval:org.cisecurity:def:1992: Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1972  oval:org.cisecurity:def:1972: Windows Uniscribe Remote Code Execution Vulnerability
  CISEC:1971  oval:org.cisecurity:def:1971: Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1982  oval:org.cisecurity:def:1982: Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1975  oval:org.cisecurity:def:1975: Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1990  oval:org.cisecurity:def:1990: Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1997  oval:org.cisecurity:def:1997: Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1976  oval:org.cisecurity:def:1976: Windows Uniscribe Remote Code Execution Vulnerability
  CISEC:1986  oval:org.cisecurity:def:1986: Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1980  oval:org.cisecurity:def:1980: Windows Uniscribe Remote Code Execution Vulnerability
  CISEC:1991  oval:org.cisecurity:def:1991: Windows Uniscribe Remote Code Execution Vulnerability
  CISEC:1985  oval:org.cisecurity:def:1985: Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1981  oval:org.cisecurity:def:1981: Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1995  oval:org.cisecurity:def:1995: Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1977  oval:org.cisecurity:def:1977: Windows Uniscribe Remote Code Execution Vulnerability
  CISEC:1989  oval:org.cisecurity:def:1989: Windows Uniscribe Remote Code Execution Vulnerability
  CISEC:1983  oval:org.cisecurity:def:1983: Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1994  oval:org.cisecurity:def:1994: Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1996  oval:org.cisecurity:def:1996: Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1970  oval:org.cisecurity:def:1970: Windows Uniscribe Remote Code Execution Vulnerability
  CISEC:1973  oval:org.cisecurity:def:1973: Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1984  oval:org.cisecurity:def:1984: Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1993  oval:org.cisecurity:def:1993: Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1988  oval:org.cisecurity:def:1988: Windows Uniscribe Remote Code Execution Vulnerability
  CISEC:1979  oval:org.cisecurity:def:1979: Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1969  oval:org.cisecurity:def:1969: Windows Uniscribe Information Disclosure Vulnerability
  CISEC:1987  oval:org.cisecurity:def:1987: Windows Uniscribe Information Disclosure Vulnerability

2017-03-10  CISEC:1945  oval:org.cisecurity:def:1945: CMS Null dereference vulnerability in OpenSSL 1.1.0 before 1.1.0c
  CISEC:1947  oval:org.cisecurity:def:1947: Encrypt-Then-Mac renegotiation crash in OpenSSL 1.1.0 before 1.1.0e
  CISEC:1944  oval:org.cisecurity:def:1944: Montgomery multiplication may produce incorrect results in OpenSSL 1.0.2 before 1.0.2k, and 1.1.0 before 1.1.0c
  CISEC:1943  oval:org.cisecurity:def:1943: Truncated packet could crash via OOB read in OpenSSL 1.0.2 before 1.0.2k, and 1.1.0 before 1.1.0d
  CISEC:1946  oval:org.cisecurity:def:1946: ChaCha20/Poly1305 heap-buffer-overflow in OpenSSL 1.1.0 before 1.1.0c

2017-03-09  CISEC:1942  oval:org.cisecurity:def:1942: UI spoofing

2017-03-08  CISEC:1953  oval:org.cisecurity:def:1953: Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux
  CISEC:1952  oval:org.cisecurity:def:1952: PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux
  CISEC:1951  oval:org.cisecurity:def:1951: Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux
  CISEC:1954  oval:org.cisecurity:def:1954: A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux

2017-03-03  CISEC:1928  oval:org.cisecurity:def:1928: Vulnerability in certificate parser in OpenSSL 1.0.1 before 1.0.1u, and 1.0.2 before 1.0.2i
  CISEC:1950  oval:org.cisecurity:def:1950: Vulnerability in OpenSSL 1.1.0 before 1.1.0d and OpenSSL 1.0.2 before 1.0.2k
  CISEC:1948  oval:org.cisecurity:def:1948: statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length
  CISEC:1930  oval:org.cisecurity:def:1930: Vulnerability in statem/statem.c in OpenSSL 1.1.0a
  CISEC:1929  oval:org.cisecurity:def:1929: Multiple memory leaks in OpenSSL 1.0.1 before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a
  CISEC:1927  oval:org.cisecurity:def:1927: Vulnerability in the state-machine implementation in OpenSSL 1.1.0 before 1.1.0a
  CISEC:1949  oval:org.cisecurity:def:1949: Vulnerability in OpenSSL 1.1.0 before 1.1.0d
  CISEC:1926  oval:org.cisecurity:def:1926: Vulnerability in the ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a
  CISEC:1931  oval:org.cisecurity:def:1931: Vulnerability in crypto/x509/x509_vfy.c in OpenSSL 1.0.2i

2017-02-24  CISEC:1891  oval:org.cisecurity:def:1891: Vulnerability in Adobe Flash Player versions 24.0.0.194 and earlier
  CISEC:1895  oval:org.cisecurity:def:1895: Vulnerability in Adobe Flash Player versions 24.0.0.194 and earlier
  CISEC:1893  oval:org.cisecurity:def:1893: Vulnerability in Adobe Flash Player versions 24.0.0.194 and earlier
  CISEC:1884  oval:org.cisecurity:def:1884: UI spoofing
  CISEC:1894  oval:org.cisecurity:def:1894: Vulnerability in Adobe Flash Player versions 24.0.0.194 and earlier
  CISEC:1890  oval:org.cisecurity:def:1890: Vulnerability in Adobe Flash Player versions 24.0.0.194 and earlier
  CISEC:1885  oval:org.cisecurity:def:1885: Heap overflow in FFmpeg
  CISEC:1892  oval:org.cisecurity:def:1892: Vulnerability in Adobe Flash Player versions 24.0.0.194 and earlier

2017-02-22  CISEC:1901  oval:org.cisecurity:def:1901: The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results
  CISEC:1907  oval:org.cisecurity:def:1907: OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks
  CISEC:1905  oval:org.cisecurity:def:1905: The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service -...
  CISEC:1902  oval:org.cisecurity:def:1902: The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations
  CISEC:1900  oval:org.cisecurity:def:1900: The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages
  CISEC:1904  oval:org.cisecurity:def:1904: Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service
  CISEC:1903  oval:org.cisecurity:def:1903: The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length
  CISEC:1906  oval:org.cisecurity:def:1906: The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number

2017-02-21  CISEC:1910  oval:org.cisecurity:def:1910: Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability
  CISEC:1909  oval:org.cisecurity:def:1909: Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable integer overflow vulnerability
  CISEC:1908  oval:org.cisecurity:def:1908: Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability
  CISEC:1911  oval:org.cisecurity:def:1911: Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability
  CISEC:1912  oval:org.cisecurity:def:1912: Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability

2017-02-17  CISEC:1858  oval:org.cisecurity:def:1858: Heap overflow in FFmpeg
  CISEC:1862  oval:org.cisecurity:def:1862: Universal XSS in chrome://apps
  CISEC:1857  oval:org.cisecurity:def:1857: Bypass of Content Security Policy in Blink
  CISEC:1860  oval:org.cisecurity:def:1860: Use after free in Extensions
  CISEC:1855  oval:org.cisecurity:def:1855: Universal XSS in chrome://downloads
  CISEC:1856  oval:org.cisecurity:def:1856: Use after free in Renderer
  CISEC:1859  oval:org.cisecurity:def:1859: Type confusion in metrics

2017-02-16  CISEC:1869  oval:org.cisecurity:def:1869: Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability
  CISEC:1870  oval:org.cisecurity:def:1870: Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability

2017-02-15  CISEC:1866  oval:org.cisecurity:def:1866: Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android
  CISEC:1850  oval:org.cisecurity:def:1850: Vulnerability in the MySQL Cluster 7.2.25 and earlier, 7.3.14 and earlier and 7.4.12 and earlier – CVE-2016-3323
  CISEC:1844  oval:org.cisecurity:def:1844: Vulnerability in the MySQL Cluster 7.2.25 and earlier, 7.3.14 and earlier and 7.4.12 and earlier – CVE-2016-3322
  CISEC:1865  oval:org.cisecurity:def:1865: Heap buffer overflow during image processing in Skia in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android
  CISEC:1868  oval:org.cisecurity:def:1868: Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android
  CISEC:1864  oval:org.cisecurity:def:1864: A heap buffer overflow in V8 in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android
  CISEC:1846  oval:org.cisecurity:def:1846: Vulnerability in the MySQL Cluster 7.2.26 and earlier, 7.3.14 and earlier and 7.4.12 and earlier
  CISEC:1867  oval:org.cisecurity:def:1867: Google Chrome prior to 56.0.2924.76 for Windows insufficiently sanitized DevTools URLs
  CISEC:1863  oval:org.cisecurity:def:1863: Google Chrome prior to 56.0.2924.76 for Linux incorrectly handled new tab page navigations in non-selected tabs
  CISEC:1847  oval:org.cisecurity:def:1847: Vulnerability in the MySQL Cluster 7.2.19 and earlier, 7.3.8 and earlier and 7.4.5 and earlier – CVE-2016-3321

2017-02-13  CISEC:1853  oval:org.cisecurity:def:1853: Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, resolved promises in an inappropriate context
  CISEC:1854  oval:org.cisecurity:def:1854: Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed attacker controlled JavaScript to be run during the invocation of a private script method
  CISEC:1851  oval:org.cisecurity:def:1851: Vulnerability in Java SE 6u131, 7u121 and 8u112; and Java SE Embedded 8u111
  CISEC:1852  oval:org.cisecurity:def:1852: WebRTC in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to perform proper bounds checking

2017-02-10  CISEC:1824  oval:org.cisecurity:def:1824: Cross-site scripting (XSS) vulnerability in MQ XR WebSockets Listener in WMQ Telemetry in IBM WebSphere MQ 7.5 before 7.5.0.5, and 8.0 before 8.0.0.2
  CISEC:1816  oval:org.cisecurity:def:1816: Vulnerability in MySQL Server 5.5.53 and earlier
  CISEC:1818  oval:org.cisecurity:def:1818: Vulnerability in MySQL Server 5.5.53 and earlier, 5.6.34 and earlier, and 5.7.16 and earlier
  CISEC:1814  oval:org.cisecurity:def:1814: Vulnerability in MySQL Server 5.5.53 and earlier
  CISEC:1819  oval:org.cisecurity:def:1819: Vulnerability in MySQL Server 5.5.53 and earlier, 5.6.34 and earlier, and 5.7.16 and earlier
  CISEC:1817  oval:org.cisecurity:def:1817: Vulnerability in MySQL Server 5.5.53 and earlier
  CISEC:1815  oval:org.cisecurity:def:1815: Vulnerability in MySQL Server 5.5.53 and earlier, 5.6.34 and earlier, and 5.7.16 and earlier
  CISEC:1825  oval:org.cisecurity:def:1825: Vulnerability in MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4
  CISEC:1823  oval:org.cisecurity:def:1823: Vulnerability in cluster repository manager in IBM WebSphere MQ 7.5 before 7.5.0.5, and 8.0 before 8.0.0.2
  CISEC:1822  oval:org.cisecurity:def:1822: Vulnerability in MQ Explorer in IBM WebSphere MQ before 8.0.0.3
  CISEC:1813  oval:org.cisecurity:def:1813: Vulnerability in MySQL Server 5.6.34 and earlier. and 5.7.16 and earlier

2017-02-09  CISEC:1837  oval:org.cisecurity:def:1837: Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled object owner relationships
  CISEC:1841  oval:org.cisecurity:def:1841: Cross-site scripting
  CISEC:1840  oval:org.cisecurity:def:1840: Directory traversal vulnerability in Atlassian JIRA before 6.0.5
  CISEC:1836  oval:org.cisecurity:def:1836: Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled the sequence of events when closing a page
  CISEC:1839  oval:org.cisecurity:def:1839: Cross-site scripting
  CISEC:1842  oval:org.cisecurity:def:1842: Directory traversal vulnerability in Atlassian JIRA before 6.0.4

2017-02-08  CISEC:1835  oval:org.cisecurity:def:1835: Vulnerability in IBM WebSphere MQ 7.0.1 before 7.0.1.13

2017-02-07  CISEC:1830  oval:org.cisecurity:def:1830: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging
  CISEC:1826  oval:org.cisecurity:def:1826: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment
  CISEC:1833  oval:org.cisecurity:def:1833: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication
  CISEC:1831  oval:org.cisecurity:def:1831: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging
  CISEC:1827  oval:org.cisecurity:def:1827: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control
  CISEC:1829  oval:org.cisecurity:def:1829: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
  CISEC:1832  oval:org.cisecurity:def:1832: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
  CVE-2014-9914  Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect expectations...

2017-02-03  CISEC:1800  oval:org.cisecurity:def:1800: Vulnerability in Oracle Java SE 6u131, 7u121, and 8u112; Java SE Embedded 8u111; and JRockit R28 3.12
  CISEC:1801  oval:org.cisecurity:def:1801: Vulnerability in Oracle Java SE 6u131, 7u121, and 8u112; and Java SE Embedded 8u111
  CISEC:1802  oval:org.cisecurity:def:1802: Vulnerability in Oracle Java SE 7u121, and 8u112; Java SE Embedded 8u111

2017-02-01  CISEC:1799  oval:org.cisecurity:def:1799: Vulnerability in IBM WebSphere MQ 8.0 before 8.0.0.5
  CISEC:1798  oval:org.cisecurity:def:1798: Vulnerability in IBM WebSphere MQ 8.0 before 8.0.0.5

2017-01-31  CISEC:1789  oval:org.cisecurity:def:1789: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking
  CISEC:1795  oval:org.cisecurity:def:1795: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML
  CISEC:1778  oval:org.cisecurity:def:1778: Vulnerability in Oracle Java SE 6u131, 7u121, and 8u112; Java SE Embedded 8u111; and JRockit R28 3.12
  CISEC:1797  oval:org.cisecurity:def:1797: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL
  CISEC:1779  oval:org.cisecurity:def:1779: Vulnerability in Oracle Java SE 6u131, 7u121, and 8u112; Java SE Embedded 8u111; and JRockit R28 3.12
  CISEC:1796  oval:org.cisecurity:def:1796: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB
  CISEC:1777  oval:org.cisecurity:def:1777: Vulnerability in Oracle Java SE 7u121, and 8u112; Java SE Embedded 8u111
  CISEC:1791  oval:org.cisecurity:def:1791: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking
  CISEC:1790  oval:org.cisecurity:def:1790: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking

2017-01-30  CISEC:1780  oval:org.cisecurity:def:1780: Vulnerability in IBM WebSphere MQ 7.5 before 7.5.0.7 and 8.0 before 8.0.0.5

2017-01-27  CISEC:1776  oval:org.cisecurity:def:1776: Vulnerability in Oracle Java SE 7u121, and 8u112; Java SE Embedded 8u111
  CISEC:1775  oval:org.cisecurity:def:1775: Vulnerability in Oracle Java SE 6u131, 7u121, and 8u112; Java SE Embedded 8u111

2017-01-26  CISEC:1773  oval:org.cisecurity:def:1773: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL
  CISEC:1772  oval:org.cisecurity:def:1772: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging
  CISEC:1774  oval:org.cisecurity:def:1774: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption

2017-01-25  CISEC:1747  oval:org.cisecurity:def:1747: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  CISEC:1745  oval:org.cisecurity:def:1745: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  CISEC:1746  oval:org.cisecurity:def:1746: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  CISEC:1744  oval:org.cisecurity:def:1744: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  CISEC:1748  oval:org.cisecurity:def:1748: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  CISEC:1749  oval:org.cisecurity:def:1749: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  CISEC:1751  oval:org.cisecurity:def:1751: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  CISEC:1750  oval:org.cisecurity:def:1750: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier

2017-01-24  CISEC:1770  oval:org.cisecurity:def:1770: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries
  CISEC:1771  oval:org.cisecurity:def:1771: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control
  CISEC:1769  oval:org.cisecurity:def:1769: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAAS

2017-01-19  CISEC:1765  oval:org.cisecurity:def:1765: Vulnerability in SSL 3.0 as used in OpenSSL through 1.0.1i

2017-01-18  CISEC:1731  oval:org.cisecurity:def:1731: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  CISEC:1729  oval:org.cisecurity:def:1729: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  CISEC:1727  oval:org.cisecurity:def:1727: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  CISEC:1728  oval:org.cisecurity:def:1728: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  CISEC:1732  oval:org.cisecurity:def:1732: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  CISEC:1730  oval:org.cisecurity:def:1730: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier
  CVE-2014-9909  An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires...
  CVE-2014-9910  An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires...

2017-01-17  CISEC:1720  oval:org.cisecurity:def:1720: EPHEMERAL coder vulnerability in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1
  CISEC:1722  oval:org.cisecurity:def:1722: Vulnerability in Adobe Flash Player versions 24.0.0.186 and earlier
  CISEC:1725  oval:org.cisecurity:def:1725: Vulnerability in Adobe Flash Player versions 24.0.0.186 and earlier
  CISEC:1721  oval:org.cisecurity:def:1721: Vulnerability in Adobe Flash Player versions 24.0.0.186 and earlier
  CISEC:1723  oval:org.cisecurity:def:1723: Vulnerability in Adobe Flash Player versions 24.0.0.186 and earlier
  CISEC:1726  oval:org.cisecurity:def:1726: Vulnerability in Adobe Flash Player versions 24.0.0.186 and earlier
  CISEC:1724  oval:org.cisecurity:def:1724: Vulnerability in Adobe Flash Player versions 24.0.0.186 and earlier
  CISEC:1719  oval:org.cisecurity:def:1719: EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coder vulnerability in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1

2017-01-12  CISEC:1735  oval:org.cisecurity:def:1735: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability
  CISEC:1710  oval:org.cisecurity:def:1710: Vulnerability in Adobe Flash Player versions 24.0.0.186 and earlier
  CISEC:1739  oval:org.cisecurity:def:1739: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability
  CISEC:1737  oval:org.cisecurity:def:1737: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have a security bypass vulnerability
  CISEC:1740  oval:org.cisecurity:def:1740: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability
  CISEC:1742  oval:org.cisecurity:def:1742: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability
  CISEC:1738  oval:org.cisecurity:def:1738: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability
  CISEC:1713  oval:org.cisecurity:def:1713: Vulnerability in Adobe Flash Player versions 24.0.0.186 and earlier
  CISEC:1716  oval:org.cisecurity:def:1716: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability
  CISEC:1717  oval:org.cisecurity:def:1717: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability
  CISEC:1741  oval:org.cisecurity:def:1741: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability
  CISEC:1733  oval:org.cisecurity:def:1733: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow / underflow vulnerability
  CISEC:1709  oval:org.cisecurity:def:1709: Vulnerability in Adobe Flash Player versions 24.0.0.186 and earlier
  CISEC:1715  oval:org.cisecurity:def:1715: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability
  CISEC:1743  oval:org.cisecurity:def:1743: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability
  CISEC:1714  oval:org.cisecurity:def:1714: Vulnerability in Adobe Flash Player versions 24.0.0.186 and earlier
  CISEC:1712  oval:org.cisecurity:def:1712: Vulnerability in Adobe Flash Player versions 24.0.0.186 and earlier
  CISEC:1718  oval:org.cisecurity:def:1718: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability
  CISEC:1734  oval:org.cisecurity:def:1734: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability
  CISEC:1736  oval:org.cisecurity:def:1736: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow / underflow vulnerability
  CISEC:1711  oval:org.cisecurity:def:1711: Vulnerability in Adobe Flash Player versions 24.0.0.186 and earlier

2017-01-11  CISEC:1707  oval:org.cisecurity:def:1707: Microsoft Office Memory Corruption Vulnerability
  CISEC:1706  oval:org.cisecurity:def:1706: Microsoft Edge Elevation of Privilege Vulnerability

2017-01-10  CISEC:1705  oval:org.cisecurity:def:1705: Local Security Authority Subsystem Service Denial of Service Vulnerability

2017-01-09  CISEC:1703  oval:org.cisecurity:def:1703: Vulnerability in Samsung Security Manager

2017-01-08  CISEC:1704  oval:org.cisecurity:def:1704: Remove OneDrive option located in the navigation panel of File Explorer on Windows 10.

2017-01-05  CISEC:1685  oval:org.cisecurity:def:1685: Integer overflow in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160
  CISEC:1686  oval:org.cisecurity:def:1686: Heap-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228

2017-01-04  CISEC:1691  oval:org.cisecurity:def:1691: Vulnerability in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18

2017-01-03  CISEC:1684  oval:org.cisecurity:def:1684: Microsoft Office Memory Corruption Vulnerability

2016-12-30  CISEC:1653  oval:org.cisecurity:def:1653: Secure Kernel Mode Elevation of Privilege Vulnerability
  CISEC:1651  oval:org.cisecurity:def:1651: Windows Uniscribe Remote Code Execution Vulnerability
  CISEC:1652  oval:org.cisecurity:def:1652: .NET Information Disclosure Vulnerability
  CISEC:1676  oval:org.cisecurity:def:1676: Vulnerability in NVIDIA Graphics Driver

2016-12-29  CISEC:1650  oval:org.cisecurity:def:1650: Microsoft Browser Security Feature Bypass
  CISEC:1648  oval:org.cisecurity:def:1648: Scripting Engine Memory Corruption Vulnerability
  CISEC:1649  oval:org.cisecurity:def:1649: Microsoft Browser Information Disclosure Vulnerability
  CISEC:1647  oval:org.cisecurity:def:1647: Microsoft Browser – Memory Corruption Vulnerability

2016-12-28  CISEC:1689  oval:org.cisecurity:def:1689: Microsoft Office Information Disclosure Vulnerability
  CISEC:1688  oval:org.cisecurity:def:1688: Microsoft Office Security Feature Bypass Vulnerability
  CISEC:1687  oval:org.cisecurity:def:1687: Microsoft Office Information Disclosure Vulnerability

2016-12-21  CISEC:1640  oval:org.cisecurity:def:1640: Microsoft Office Information Disclosure Vulnerability
  CISEC:1639  oval:org.cisecurity:def:1639: Microsoft Office Memory Corruption Vulnerability
  CISEC:1644  oval:org.cisecurity:def:1644: Microsoft Office Security Feature Bypass Vulnerability
  CISEC:1641  oval:org.cisecurity:def:1641: Microsoft Office Information Disclosure Vulnerability
  CISEC:1643  oval:org.cisecurity:def:1643: Microsoft Office Security Feature Bypass Vulnerability
  CISEC:1637  oval:org.cisecurity:def:1637: Microsoft Office Information Disclosure Vulnerability
  CISEC:1642  oval:org.cisecurity:def:1642: Microsoft Office Information Disclosure Vulnerability
  CISEC:1638  oval:org.cisecurity:def:1638: Microsoft Office OLE DLL Side Loading Vulnerability

2016-12-20  CISEC:1626  oval:org.cisecurity:def:1626: Scripting Engine Memory Corruption Vulnerability
  CISEC:1634  oval:org.cisecurity:def:1634: Internet Explorer Memory Corruption Vulnerability
  CISEC:1629  oval:org.cisecurity:def:1629: Scripting Engine Memory Corruption Vulnerability
  CISEC:1625  oval:org.cisecurity:def:1625: Microsoft Edge Information Disclosure Vulnerability
  CISEC:1630  oval:org.cisecurity:def:1630: Microsoft Edge Memory Corruption Vulnerability
  CISEC:1627  oval:org.cisecurity:def:1627: Windows Hyperlink Object Library Information Disclosure Vulnerability
  CISEC:1631  oval:org.cisecurity:def:1631: Scripting Engine Memory Corruption Vulnerability
  CISEC:1635  oval:org.cisecurity:def:1635: Microsoft Edge Information Disclosure Vulnerability
  CISEC:1632  oval:org.cisecurity:def:1632: Internet Explorer Information Disclosure Vulnerability
  CISEC:1628  oval:org.cisecurity:def:1628: Scripting Engine Memory Corruption Vulnerability
  CISEC:1633  oval:org.cisecurity:def:1633: Scripting Engine Memory Corruption Vulnerability
  CISEC:1636  oval:org.cisecurity:def:1636: Microsoft Office Memory Corruption Vulnerability

2016-12-16  CISEC:1608  oval:org.cisecurity:def:1608: Vulnerability in Adobe Flash Player versions 23.0.0.207 and earlier
  CISEC:1606  oval:org.cisecurity:def:1606: Vulnerability in Adobe Flash Player versions 23.0.0.207 and earlier
  CISEC:1611  oval:org.cisecurity:def:1611: Vulnerability in Adobe Flash Player versions 23.0.0.207 and earlier
  CISEC:1607  oval:org.cisecurity:def:1607: Vulnerability in Adobe Flash Player versions 23.0.0.207 and earlier
  CISEC:1614  oval:org.cisecurity:def:1614: Windows Installer Elevation of Privilege Vulnerability
  CISEC:1605  oval:org.cisecurity:def:1605: Vulnerability in Adobe Flash Player versions 23.0.0.207 and earlier
  CISEC:1610  oval:org.cisecurity:def:1610: Vulnerability in Adobe Flash Player versions 23.0.0.207 and earlier
  CISEC:1609  oval:org.cisecurity:def:1609: Vulnerability in Adobe Flash Player versions 23.0.0.207 and earlier
  CISEC:1612  oval:org.cisecurity:def:1612: Vulnerability in Adobe Flash Player versions 23.0.0.207 and earlier

2016-12-15  CISEC:1613  oval:org.cisecurity:def:1613: Windows Crypto Driver Information Disclosure Vulnerability
  CISEC:1681  oval:org.cisecurity:def:1681: Windows Kernel Memory Address Information Disclosure Vulnerability
  CISEC:1680  oval:org.cisecurity:def:1680: Windows Common Log File System Driver Information Disclosure Vulnerability
  CISEC:1645  oval:org.cisecurity:def:1645: Win32k Elevation of Privilege Vulnerability
  CISEC:1646  oval:org.cisecurity:def:1646: Win32k Elevation of Privilege Vulnerability

2016-12-14  CISEC:1594  oval:org.cisecurity:def:1594: Vulnerability in Adobe Flash Player version 23.0.0.207 and earlier
  CISEC:1593  oval:org.cisecurity:def:1593: Vulnerability in Adobe Flash Player version 23.0.0.207 and earlier
  CISEC:1597  oval:org.cisecurity:def:1597: Vulnerability in Adobe Flash Player version 23.0.0.207 and earlier
  CISEC:1602  oval:org.cisecurity:def:1602: GDI Information Disclosure Vulnerability
  CISEC:1601  oval:org.cisecurity:def:1601: Vulnerability in Adobe Flash Player version 23.0.0.207 and earlier
  CISEC:1596  oval:org.cisecurity:def:1596: Vulnerability in Adobe Flash Player version 23.0.0.207 and earlier
  CISEC:1600  oval:org.cisecurity:def:1600: Vulnerability in Adobe Flash Player version 23.0.0.207 and earlier
  CISEC:1604  oval:org.cisecurity:def:1604: Windows Graphics Remote Code Execution Vulnerability
  CISEC:1603  oval:org.cisecurity:def:1603: Windows Graphics Remote Code Execution Vulnerability
  CISEC:1598  oval:org.cisecurity:def:1598: Vulnerability in Adobe Flash Player version 23.0.0.207 and earlier
  CISEC:1595  oval:org.cisecurity:def:1595: Vulnerability in Adobe Flash Player version 23.0.0.207 and earlier
  CISEC:1599  oval:org.cisecurity:def:1599: Vulnerability in Adobe Flash Player version 23.0.0.207 and earlier

2016-12-09  CISEC:1556  oval:org.cisecurity:def:1556: Local file disclosure in DevTools
  CISEC:1559  oval:org.cisecurity:def:1559: CSP Referrer disclosure
  CISEC:1562  oval:org.cisecurity:def:1562: Private property access in V8
  CISEC:1555  oval:org.cisecurity:def:1555: Use after free in PDFium
  CISEC:1563  oval:org.cisecurity:def:1563: Universal XSS in Blink
  CISEC:1561  oval:org.cisecurity:def:1561: Universal XSS in Blink
  CISEC:1567  oval:org.cisecurity:def:1567: Out of bounds write in Blink
  CISEC:1565  oval:org.cisecurity:def:1565: Out of bounds write in PDFium
  CISEC:1560  oval:org.cisecurity:def:1560: Same-origin bypass in PDFium
  CISEC:1554  oval:org.cisecurity:def:1554: Universal XSS in Blink
  CISEC:1558  oval:org.cisecurity:def:1558: Vulnerability in Google Chrome before 55.0.2883.75
  CISEC:1566  oval:org.cisecurity:def:1566: Use after free in PDFium
  CISEC:1564  oval:org.cisecurity:def:1564: Use after free in V8
  CISEC:1557  oval:org.cisecurity:def:1557: Universal XSS in Blink

2016-12-08  CISEC:1551  oval:org.cisecurity:def:1551: MSL coder vulnerability in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1
  CISEC:1552  oval:org.cisecurity:def:1552: LABEL coder vulnerability in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1
  CVE-2015-8967  arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access.

2016-12-07  CISEC:1576  oval:org.cisecurity:def:1576: A timing attack on denormalized floating point arithmetic in SVG filters in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  CISEC:1580  oval:org.cisecurity:def:1580: Type confusion in libGLESv2 in ANGLE in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  CISEC:1514  oval:org.cisecurity:def:1514: SQL Server Agent Elevation of Privilege Vulnerability
  CISEC:1577  oval:org.cisecurity:def:1577: Incorrect handling of invalid URLs in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  CISEC:1513  oval:org.cisecurity:def:1513: SQL RDBMS Engine EoP vulnerability
  CISEC:1570  oval:org.cisecurity:def:1570: The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  CISEC:1568  oval:org.cisecurity:def:1568: Integer overflow in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  CISEC:1573  oval:org.cisecurity:def:1573: Google Chrome prior to 55.0.2883.75 for Windows mishandled downloaded files
  CISEC:1575  oval:org.cisecurity:def:1575: PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  CISEC:1578  oval:org.cisecurity:def:1578: A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  CISEC:1574  oval:org.cisecurity:def:1574: The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  CISEC:1569  oval:org.cisecurity:def:1569: Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  CISEC:1572  oval:org.cisecurity:def:1572: A heap use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows
  CISEC:1579  oval:org.cisecurity:def:1579: A use after free in webaudio in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux
  CISEC:1571  oval:org.cisecurity:def:1571: Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows

2016-12-06  CISEC:1553  oval:org.cisecurity:def:1553: Cisco IP Communicator 8.6(4) allows remote attackers to cause a denial of service

2016-12-02  CISEC:1517  oval:org.cisecurity:def:1517: Secure Boot Component Vulnerability
  CISEC:1516  oval:org.cisecurity:def:1516: Windows Kernel Elevation of Privilege Vulnerability

2016-12-01  CISEC:1500  oval:org.cisecurity:def:1500: VHD Driver Elevation of Privilege Vulnerability
  CISEC:1499  oval:org.cisecurity:def:1499: VHD Driver Elevation of Privilege Vulnerability
  CISEC:1501  oval:org.cisecurity:def:1501: VHD Driver Elevation of Privilege Vulnerability
  CISEC:1498  oval:org.cisecurity:def:1498: VHD Driver Elevation of Privilege Vulnerability

2016-11-30  CISEC:1483  oval:org.cisecurity:def:1483: Windows Bowser.sys Information Disclosure Vulnerability - CVE- 2016-7218
  CISEC:1486  oval:org.cisecurity:def:1486: Win32k Information Disclosure Vulnerability
  CISEC:1487  oval:org.cisecurity:def:1487: Win32k Elevation of Privilege Vulnerability
  CISEC:1484  oval:org.cisecurity:def:1484: Win32k Elevation of Privilege Vulnerability
  CISEC:1485  oval:org.cisecurity:def:1485: Win32k Elevation of Privilege Vulnerability

2016-11-29  CISEC:1496  oval:org.cisecurity:def:1496: Windows NTLM Elevation of Privilege Vulnerability
  CISEC:1497  oval:org.cisecurity:def:1497: Local Security Authority Subsystem Service Denial of Service Vulnerability
  CISEC:1480  oval:org.cisecurity:def:1480: Virtual Secure Mode Information Disclosure Vulnerability
  CISEC:1478  oval:org.cisecurity:def:1478: Open Type Font Remote Code Execution Vulnerability
  CISEC:1479  oval:org.cisecurity:def:1479: Open Type Font Information Disclosure Vulnerability

2016-11-28  CISEC:1477  oval:org.cisecurity:def:1477: Microsoft Video Control Remote Code Execution Vulnerability
  CISEC:1481  oval:org.cisecurity:def:1481: Media Foundation Memory Corruption Vulnerability
  CISEC:1482  oval:org.cisecurity:def:1482: Windows Animation Manager Memory Corruption Vulnerability

2016-11-25  CISEC:1452  oval:org.cisecurity:def:1452: Microsoft Office Denial of Service Vulnerability
  CISEC:1454  oval:org.cisecurity:def:1454: Microsoft Office Memory Corruption Vulnerability
  CISEC:1476  oval:org.cisecurity:def:1476: Task Scheduler Elevation of Privilege Vulnerability
  CISEC:1451  oval:org.cisecurity:def:1451: Microsoft Office Information Disclosure Vulnerability
  CISEC:1450  oval:org.cisecurity:def:1450: Microsoft Office Memory Corruption Vulnerability
  CISEC:1453  oval:org.cisecurity:def:1453: Microsoft Office Memory Corruption Vulnerability

2016-11-24  CISEC:1459  oval:org.cisecurity:def:1459: Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:1456  oval:org.cisecurity:def:1456: Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:1474  oval:org.cisecurity:def:1474: Windows Remote Code Execution Vulnerability
  CISEC:1458  oval:org.cisecurity:def:1458: Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:1464  oval:org.cisecurity:def:1464: Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:1457  oval:org.cisecurity:def:1457: Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:1462  oval:org.cisecurity:def:1462: Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:1455  oval:org.cisecurity:def:1455: Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:1463  oval:org.cisecurity:def:1463: Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:1461  oval:org.cisecurity:def:1461: Windows Common Log File System Driver Elevation of Privilege Vulnerability
  CISEC:1475  oval:org.cisecurity:def:1475: Windows IME Elevation of Privilege Vulnerability
  CISEC:1460  oval:org.cisecurity:def:1460: Windows Common Log File System Driver Elevation of Privilege Vulnerability

2016-11-22  CISEC:1468  oval:org.cisecurity:def:1468: Microsoft Browser Memory Corruption Vulnerability
  CISEC:1471  oval:org.cisecurity:def:1471: Scripting Engine Memory Corruption Vulnerability
  CISEC:1466  oval:org.cisecurity:def:1466: Microsoft Browser Information Disclosure Vulnerability
  CISEC:1470  oval:org.cisecurity:def:1470: Scripting Engine Memory Corruption Vulnerability
  CISEC:1472  oval:org.cisecurity:def:1472: Scripting Engine Memory Corruption Vulnerability
  CISEC:1473  oval:org.cisecurity:def:1473: Scripting Engine Memory Corruption Vulnerability
  CISEC:1469  oval:org.cisecurity:def:1469: Microsoft Browser Information Disclosure Vulnerability
  CISEC:1467  oval:org.cisecurity:def:1467: Microsoft Edge Information Disclosure Vulnerability
  CISEC:1465  oval:org.cisecurity:def:1465: Microsoft Edge Spoofing Vulnerability

2016-11-18  CISEC:1447  oval:org.cisecurity:def:1447: Microsoft Office Memory Corruption Vulnerability
  CISEC:1448  oval:org.cisecurity:def:1448: Microsoft Office Memory Corruption Vulnerability
  CISEC:1446  oval:org.cisecurity:def:1446: Microsoft Office Memory Corruption Vulnerability
  CISEC:1449  oval:org.cisecurity:def:1449: Microsoft Office Memory Corruption Vulnerability
  CISEC:1445  oval:org.cisecurity:def:1445: Microsoft Office Memory Corruption Vulnerability

2016-11-17  CISEC:1426  oval:org.cisecurity:def:1426: Microsoft Office Memory Corruption Vulnerability

2016-11-16  CISEC:1427  oval:org.cisecurity:def:1427: Scripting Engine Memory Corruption Vulnerability
  CISEC:1429  oval:org.cisecurity:def:1429: Scripting Engine Memory Corruption Vulnerability
  CISEC:1425  oval:org.cisecurity:def:1425: Microsoft Office Memory Corruption Vulnerability
  CISEC:1428  oval:org.cisecurity:def:1428: Scripting Engine Memory Corruption Vulnerability
  CISEC:1430  oval:org.cisecurity:def:1430: Scripting Engine Memory Corruption Vulnerability

2016-11-15  CISEC:1412  oval:org.cisecurity:def:1412: Vulnerability in Adobe Flash Player versions 23.0.0.205 and earlier
  CISEC:1420  oval:org.cisecurity:def:1420: Microsoft Browser Memory Corruption Vulnerability
  CISEC:1411  oval:org.cisecurity:def:1411: Vulnerability in Adobe Flash Player versions 23.0.0.205 and earlier
  CISEC:1413  oval:org.cisecurity:def:1413: Vulnerability in Adobe Flash Player versions 23.0.0.205 and earlier
  CISEC:1422  oval:org.cisecurity:def:1422: Microsoft Browser Memory Corruption Vulnerability
  CISEC:1415  oval:org.cisecurity:def:1415: Vulnerability in Adobe Flash Player versions 23.0.0.205 and earlier
  CISEC:1414  oval:org.cisecurity:def:1414: Vulnerability in Adobe Flash Player versions 23.0.0.205 and earlier
  CISEC:1423  oval:org.cisecurity:def:1423: Microsoft Browser Memory Corruption Vulnerability
  CISEC:1421  oval:org.cisecurity:def:1421: Microsoft Browser Memory Corruption Vulnerability

2016-11-14  CISEC:1407  oval:org.cisecurity:def:1407: Windows Journal RCE Vulnerability
  CISEC:1410  oval:org.cisecurity:def:1410: Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 and 14.x and 15.x before 15.0.0.246
  CISEC:1409  oval:org.cisecurity:def:1409: Windows Journal RCE Vulnerability
  CISEC:1408  oval:org.cisecurity:def:1408: Windows Journal Integer Overflow RCE Vulnerability
  CISEC:1405  oval:org.cisecurity:def:1405: Graphics Component Buffer Overflow Vulnerability
  CISEC:1418  oval:org.cisecurity:def:1418: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability
  CISEC:1419  oval:org.cisecurity:def:1419: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability
  CISEC:1416  oval:org.cisecurity:def:1416: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability
  CISEC:1417  oval:org.cisecurity:def:1417: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability

2016-11-10  CISEC:1382  oval:org.cisecurity:def:1382: Memory Corruption Vulnerability
  CISEC:1390  oval:org.cisecurity:def:1390: Memory Corruption Vulnerability
  CISEC:1391  oval:org.cisecurity:def:1391: Memory Corruption Vulnerability
  CISEC:1387  oval:org.cisecurity:def:1387: Memory Corruption Vulnerability
  CISEC:1404  oval:org.cisecurity:def:1404: Vulnerability in Symantec Anti-Virus Engine
  CISEC:1386  oval:org.cisecurity:def:1386: Memory Corruption Vulnerability
  CISEC:1384  oval:org.cisecurity:def:1384: Memory Corruption Vulnerability
  CISEC:1389  oval:org.cisecurity:def:1389: Memory Corruption Vulnerability
  CISEC:1385  oval:org.cisecurity:def:1385: Memory Corruption Vulnerability
  CISEC:1380  oval:org.cisecurity:def:1380: Memory Corruption Vulnerability
  CISEC:1381  oval:org.cisecurity:def:1381: Memory Corruption Vulnerability
  CISEC:1388  oval:org.cisecurity:def:1388: Memory Corruption Vulnerability
  CISEC:1383  oval:org.cisecurity:def:1383: Memory Corruption Vulnerability
  CISEC:1392  oval:org.cisecurity:def:1392: Memory Corruption Vulnerability

2016-11-08  CISEC:1394  oval:org.cisecurity:def:1394: Internet Explorer Information Disclosure Vulnerability

2016-11-07  CISEC:1393  oval:org.cisecurity:def:1393: Windows Graphics Component RCE Vulnerability
  CISEC:1374  oval:org.cisecurity:def:1374: Microsoft Office RCE Vulnerability
  CISEC:1375  oval:org.cisecurity:def:1375: Microsoft Office Memory Corruption Vulnerability
  CISEC:1378  oval:org.cisecurity:def:1378: Scripting Engine Remote Code Execution Vulnerability

2016-11-04  CISEC:1344  oval:org.cisecurity:def:1344: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 -...
  CISEC:1351  oval:org.cisecurity:def:1351: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 -...
  CISEC:1349  oval:org.cisecurity:def:1349: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 -...
  CISEC:1347  oval:org.cisecurity:def:1347: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 -...
  CISEC:1350  oval:org.cisecurity:def:1350: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 -...
  CISEC:1352  oval:org.cisecurity:def:1352: Vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241
  CISEC:1354  oval:org.cisecurity:def:1354: Vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241
  CISEC:1345  oval:org.cisecurity:def:1345: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 -...
  CISEC:1353  oval:org.cisecurity:def:1353: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 -...
  CISEC:1346  oval:org.cisecurity:def:1346: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 -...
  CISEC:1355  oval:org.cisecurity:def:1355: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 -...
  CISEC:1348  oval:org.cisecurity:def:1348: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 -...

2016-11-02  CISEC:1369  oval:org.cisecurity:def:1369: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  CISEC:1366  oval:org.cisecurity:def:1366: Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  CISEC:1332  oval:org.cisecurity:def:1332: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 -...
  CISEC:1365  oval:org.cisecurity:def:1365: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  CISEC:1367  oval:org.cisecurity:def:1367: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  CISEC:1371  oval:org.cisecurity:def:1371: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  CISEC:1363  oval:org.cisecurity:def:1363: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  CISEC:1359  oval:org.cisecurity:def:1359: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  CISEC:1358  oval:org.cisecurity:def:1358: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  CISEC:1370  oval:org.cisecurity:def:1370: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  CISEC:1364  oval:org.cisecurity:def:1364: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  CISEC:1372  oval:org.cisecurity:def:1372: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  CISEC:1356  oval:org.cisecurity:def:1356: Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  CISEC:1368  oval:org.cisecurity:def:1368: Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  CISEC:1357  oval:org.cisecurity:def:1357: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  CISEC:1331  oval:org.cisecurity:def:1331: Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows
  CISEC:1360  oval:org.cisecurity:def:1360: Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  CISEC:1373  oval:org.cisecurity:def:1373: Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  CISEC:1362  oval:org.cisecurity:def:1362: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  CISEC:1361  oval:org.cisecurity:def:1361: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows

2016-10-27  CISEC:1316  oval:org.cisecurity:def:1316: Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15
  CISEC:1315  oval:org.cisecurity:def:1315: Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier
  CISEC:1314  oval:org.cisecurity:def:1314: Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15

2016-10-26  CISEC:1310  oval:org.cisecurity:def:1310: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
  CISEC:1308  oval:org.cisecurity:def:1308: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
  CISEC:1309  oval:org.cisecurity:def:1309: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
  CISEC:1307  oval:org.cisecurity:def:1307: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier

2016-10-25  CISEC:1312  oval:org.cisecurity:def:1312: Vulnerability in Oracle MySQL 5.6.29 and earlier, 5.7.11 and earlier
  CISEC:1311  oval:org.cisecurity:def:1311: Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12
  CISEC:1313  oval:org.cisecurity:def:1313: Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14

2016-10-21  CISEC:1304  oval:org.cisecurity:def:1304: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
  CISEC:1306  oval:org.cisecurity:def:1306: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
  CISEC:1302  oval:org.cisecurity:def:1302: Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14
  CISEC:1301  oval:org.cisecurity:def:1301: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
  CISEC:1305  oval:org.cisecurity:def:1305: Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15
  CISEC:1303  oval:org.cisecurity:def:1303: Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier

2016-10-19  CISEC:1286  oval:org.cisecurity:def:1286: Vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3
  CISEC:1284  oval:org.cisecurity:def:1284: SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1
  CISEC:1288  oval:org.cisecurity:def:1288: Vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3
  CISEC:1285  oval:org.cisecurity:def:1285: Vulnerability in SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4
  CISEC:1287  oval:org.cisecurity:def:1287: Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1
  CISEC:1283  oval:org.cisecurity:def:1283: Untrusted search path vulnerability in the client in Symantec Endpoint Protection 12.1 before 12.1-RU6-MP1

2016-10-18  CISEC:1294  oval:org.cisecurity:def:1294: Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14
  CISEC:1290  oval:org.cisecurity:def:1290: Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier
  CISEC:1293  oval:org.cisecurity:def:1293: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
  CISEC:1291  oval:org.cisecurity:def:1291: Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier
  CISEC:1292  oval:org.cisecurity:def:1292: Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14
  CISEC:1289  oval:org.cisecurity:def:1289: Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15
  CISEC:1296  oval:org.cisecurity:def:1296: Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier
  CISEC:1295  oval:org.cisecurity:def:1295: Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier

2016-10-17  CISEC:1300  oval:org.cisecurity:def:1300: The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges
  CISEC:1299  oval:org.cisecurity:def:1299: The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files
  CISEC:1298  oval:org.cisecurity:def:1298: The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication
  CISEC:1297  oval:org.cisecurity:def:1297: An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files

2016-10-14  CISEC:1267  oval:org.cisecurity:def:1267: CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4
  CISEC:1266  oval:org.cisecurity:def:1266: Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2
  CISEC:1268  oval:org.cisecurity:def:1268: Vulnerability in Client Intrusion Detection System (CIDS) driver before 15.0.6 in Symantec Endpoint Protection (SEP) and before 15.1.2 in Norton Security

2016-10-13  CISEC:1252  oval:org.cisecurity:def:1252: Vulnerability in Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239, Adobe AIR before 15.0.0.293
  CISEC:1265  oval:org.cisecurity:def:1265: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products
  CISEC:1253  oval:org.cisecurity:def:1253: Vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK and Compiler before 15.0.0.356
  CISEC:1254  oval:org.cisecurity:def:1254: Vulnerability in Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287
  CISEC:1242  oval:org.cisecurity:def:1242: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60
  CISEC:1264  oval:org.cisecurity:def:1264: Untrusted search path vulnerability in python.exe in Python through 3.5.0
  CISEC:1251  oval:org.cisecurity:def:1251: Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK and Compiler before 15.0.0.302
  CISEC:1241  oval:org.cisecurity:def:1241: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33

2016-10-12  CISEC:1256  oval:org.cisecurity:def:1256: The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails
  CISEC:1249  oval:org.cisecurity:def:1249: SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4
  CISEC:1250  oval:org.cisecurity:def:1250: Untrusted search path vulnerability in the client in Symantec Endpoint Protection (SEP) 12.1 before 12.1-RU6-MP3
  CISEC:1248  oval:org.cisecurity:def:1248: Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4
  CISEC:1255  oval:org.cisecurity:def:1255: The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3

2016-10-11  CISEC:1246  oval:org.cisecurity:def:1246: Integer overflow in Adobe Flash Player before 18.0.0.232 on Windows
  CISEC:1245  oval:org.cisecurity:def:1245: Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows
  CISEC:1247  oval:org.cisecurity:def:1247: Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
  CISEC:1243  oval:org.cisecurity:def:1243: Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows
  CISEC:1244  oval:org.cisecurity:def:1244: Double free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows

2016-10-10  CISEC:1262  oval:org.cisecurity:def:1262: Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and Java SE Embedded 8u91
  CISEC:1240  oval:org.cisecurity:def:1240: Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8
  CISEC:1239  oval:org.cisecurity:def:1239: Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65
  CISEC:1261  oval:org.cisecurity:def:1261: Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; and Java SE Embedded 8u91
  CISEC:1259  oval:org.cisecurity:def:1259: Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10
  CISEC:1257  oval:org.cisecurity:def:1257: Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92
  CISEC:1260  oval:org.cisecurity:def:1260: Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10
  CISEC:1263  oval:org.cisecurity:def:1263: Unspecified vulnerability in Oracle Java SE 7u101 and 8u92
  CISEC:1238  oval:org.cisecurity:def:1238: Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 8u66; Java SE Embedded 8u65; and JRockit R28.3.8
  CISEC:1258  oval:org.cisecurity:def:1258: Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10
  CVE-2015-8951  Multiple use-after-free vulnerabilities in sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm sound driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices allow attackers to gain privileges via a...
  CVE-2015-8955  arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving events that are mishandled during...
  CVE-2015-8956  The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind...

2016-10-06  CVE-2015-0721  Cisco NX-OS 4.0 through 7.3 on Multilayer Director and Nexus 1000V, 2000, 3000, 3500, 4000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote authenticated users to bypass intended AAA restrictions and obtain privileged CLI access...
  CVE-2015-6393  Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via malformed IPv4 DHCP packets to the DHCPv4 relay...

2016-10-05  CISEC:1234  oval:org.cisecurity:def:1234: Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91
  CISEC:1232  oval:org.cisecurity:def:1232: Unspecified vulnerability in Oracle Java SE 7u101 and 8u92
  CISEC:1237  oval:org.cisecurity:def:1237: Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91
  CISEC:1235  oval:org.cisecurity:def:1235: Unspecified vulnerability in Oracle Java SE 8u92
  CISEC:1233  oval:org.cisecurity:def:1233: Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91
  CISEC:1236  oval:org.cisecurity:def:1236: Unspecified vulnerability in Oracle Java SE 7u101 and 8u92
  CVE-2015-6392  Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via crafted IPv4 DHCP packets to the (1) DHCPv4 relay agent or...

2016-10-04  CISEC:1218  oval:org.cisecurity:def:1218: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1219  oval:org.cisecurity:def:1219: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050

2016-09-29  CISEC:1230  oval:org.cisecurity:def:1230: Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65
  CISEC:1229  oval:org.cisecurity:def:1229: Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65
  CISEC:1231  oval:org.cisecurity:def:1231: Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65

2016-09-27  CISEC:1182  oval:org.cisecurity:def:1182: Arbitrary Memory Read in v8
  CISEC:1199  oval:org.cisecurity:def:1199: Vulnerability in Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17
  CISEC:1181  oval:org.cisecurity:def:1181: Use after free in Blink
  CISEC:1180  oval:org.cisecurity:def:1180: Use after free in Blink

2016-09-22  CISEC:1171  oval:org.cisecurity:def:1171: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
  CISEC:1177  oval:org.cisecurity:def:1177: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
  CISEC:1170  oval:org.cisecurity:def:1170: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
  CISEC:1176  oval:org.cisecurity:def:1176: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
  CISEC:1196  oval:org.cisecurity:def:1196: browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests
  CISEC:1172  oval:org.cisecurity:def:1172: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
  CISEC:1168  oval:org.cisecurity:def:1168: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
  CISEC:1198  oval:org.cisecurity:def:1198: Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service
  CISEC:1175  oval:org.cisecurity:def:1175: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
  CISEC:1173  oval:org.cisecurity:def:1173: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
  CISEC:1179  oval:org.cisecurity:def:1179: Vulnerability in Adobe AIR SDK and Compiler before 23.0.0.257
  CISEC:1174  oval:org.cisecurity:def:1174: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
  CISEC:1197  oval:org.cisecurity:def:1197: The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype
  CISEC:1167  oval:org.cisecurity:def:1167: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
  CISEC:1166  oval:org.cisecurity:def:1166: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
  CISEC:1169  oval:org.cisecurity:def:1169: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
  CISEC:1178  oval:org.cisecurity:def:1178: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
  CVE-2014-2146  The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access...

2016-09-21  CISEC:1165  oval:org.cisecurity:def:1165: Vulnerability in Adobe Flash Player 21.0.0.197 and earlier
  CISEC:1163  oval:org.cisecurity:def:1163: Microsoft Browser Information Disclosure Vulnerability
  CISEC:1164  oval:org.cisecurity:def:1164: Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182

2016-09-19  CISEC:1192  oval:org.cisecurity:def:1192: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
  CISEC:1189  oval:org.cisecurity:def:1189: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
  CISEC:1195  oval:org.cisecurity:def:1195: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
  CISEC:1194  oval:org.cisecurity:def:1194: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
  CISEC:1185  oval:org.cisecurity:def:1185: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
  CISEC:1186  oval:org.cisecurity:def:1186: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
  CISEC:1191  oval:org.cisecurity:def:1191: Integer overflow in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
  CISEC:1183  oval:org.cisecurity:def:1183: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
  CISEC:1190  oval:org.cisecurity:def:1190: Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
  CISEC:1188  oval:org.cisecurity:def:1188: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
  CISEC:1184  oval:org.cisecurity:def:1184: Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
  CISEC:1193  oval:org.cisecurity:def:1193: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
  CISEC:1187  oval:org.cisecurity:def:1187: Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows

2016-09-13  CISEC:1129  oval:org.cisecurity:def:1129: Use after free in Blink
  CISEC:1135  oval:org.cisecurity:def:1135: Heap overflow in PDFium
  CISEC:1137  oval:org.cisecurity:def:1137: Script injection in extensions
  CISEC:1128  oval:org.cisecurity:def:1128: Universal XSS in Blink
  CISEC:1130  oval:org.cisecurity:def:1130: Universal XSS in Blink
  CISEC:1131  oval:org.cisecurity:def:1131: Use after destruction in Blink
  CISEC:1132  oval:org.cisecurity:def:1132: Use after free in PDFium
  CISEC:1134  oval:org.cisecurity:def:1134: Heap overflow in PDFium
  CISEC:1136  oval:org.cisecurity:def:1136: Address bar spoofing
  CISEC:1133  oval:org.cisecurity:def:1133: Use after free in event bindings

2016-09-06  CISEC:1144  oval:org.cisecurity:def:1144: Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows
  CISEC:1141  oval:org.cisecurity:def:1141: The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows
  CISEC:1143  oval:org.cisecurity:def:1143: Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows
  CISEC:1138  oval:org.cisecurity:def:1138: The download implementation in Google Chrome before 53.0.2785.89 on Windows
  CISEC:1147  oval:org.cisecurity:def:1147: The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows
  CISEC:1139  oval:org.cisecurity:def:1139: The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows
  CISEC:1146  oval:org.cisecurity:def:1146: Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows
  CISEC:1127  oval:org.cisecurity:def:1127: Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows
  CISEC:1145  oval:org.cisecurity:def:1145: The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows
  CISEC:1142  oval:org.cisecurity:def:1142: Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows
  CISEC:1140  oval:org.cisecurity:def:1140: Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows

2016-08-24  CISEC:1077  oval:org.cisecurity:def:1077: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1088  oval:org.cisecurity:def:1088: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1074  oval:org.cisecurity:def:1074: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1079  oval:org.cisecurity:def:1079: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1084  oval:org.cisecurity:def:1084: Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1080  oval:org.cisecurity:def:1080: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1083  oval:org.cisecurity:def:1083: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1085  oval:org.cisecurity:def:1085: Integer overflow in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1078  oval:org.cisecurity:def:1078: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1075  oval:org.cisecurity:def:1075: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1081  oval:org.cisecurity:def:1081: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1087  oval:org.cisecurity:def:1087: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1076  oval:org.cisecurity:def:1076: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1082  oval:org.cisecurity:def:1082: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1086  oval:org.cisecurity:def:1086: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050

2016-08-23  CISEC:1101  oval:org.cisecurity:def:1101: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:1104  oval:org.cisecurity:def:1104: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:1119  oval:org.cisecurity:def:1119: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:1124  oval:org.cisecurity:def:1124: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:1120  oval:org.cisecurity:def:1120: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:1123  oval:org.cisecurity:def:1123: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:1106  oval:org.cisecurity:def:1106: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:1108  oval:org.cisecurity:def:1108: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:1107  oval:org.cisecurity:def:1107: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:1113  oval:org.cisecurity:def:1113: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:1102  oval:org.cisecurity:def:1102: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:1122  oval:org.cisecurity:def:1122: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:1105  oval:org.cisecurity:def:1105: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:1111  oval:org.cisecurity:def:1111: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:1118  oval:org.cisecurity:def:1118: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:1110  oval:org.cisecurity:def:1110: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:1115  oval:org.cisecurity:def:1115: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:1116  oval:org.cisecurity:def:1116: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:1125  oval:org.cisecurity:def:1125: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:1112  oval:org.cisecurity:def:1112: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:1126  oval:org.cisecurity:def:1126: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:1121  oval:org.cisecurity:def:1121: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:1109  oval:org.cisecurity:def:1109: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:1117  oval:org.cisecurity:def:1117: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:1114  oval:org.cisecurity:def:1114: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:1103  oval:org.cisecurity:def:1103: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209

2016-08-22  CISEC:1066  oval:org.cisecurity:def:1066: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1093  oval:org.cisecurity:def:1093: Heap-based buffer overflow in the ByteArray::Get method in data/byte_array.cc in Google sfntly before 2016-06-10, as used in Google Chrome before 52.0.2743.82
  CISEC:1061  oval:org.cisecurity:def:1061: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1064  oval:org.cisecurity:def:1064: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1067  oval:org.cisecurity:def:1067: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1070  oval:org.cisecurity:def:1070: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1090  oval:org.cisecurity:def:1090: objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82
  CISEC:1065  oval:org.cisecurity:def:1065: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1059  oval:org.cisecurity:def:1059: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1094  oval:org.cisecurity:def:1094: Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82
  CISEC:1063  oval:org.cisecurity:def:1063: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1091  oval:org.cisecurity:def:1091: Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82
  CISEC:1062  oval:org.cisecurity:def:1062: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1058  oval:org.cisecurity:def:1058: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1060  oval:org.cisecurity:def:1060: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1057  oval:org.cisecurity:def:1057: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1089  oval:org.cisecurity:def:1089: The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process
  CISEC:1096  oval:org.cisecurity:def:1096: The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82
  CISEC:1095  oval:org.cisecurity:def:1095: Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.82
  CISEC:1097  oval:org.cisecurity:def:1097: WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82
  CISEC:1068  oval:org.cisecurity:def:1068: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1069  oval:org.cisecurity:def:1069: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1092  oval:org.cisecurity:def:1092: The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82

2016-08-19  CISEC:1055  oval:org.cisecurity:def:1055: Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116
  CISEC:1053  oval:org.cisecurity:def:1053: The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116
  CISEC:1056  oval:org.cisecurity:def:1056: Blink, as used in Google Chrome before 52.0.2743.116, allows remote attackers to spoof the address bar
  CISEC:1054  oval:org.cisecurity:def:1054: Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116

2016-08-18  CISEC:1039  oval:org.cisecurity:def:1039: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:992  oval:org.cisecurity:def:992: Use after free in extensions
  CISEC:1043  oval:org.cisecurity:def:1043: Heap-based buffer overflow in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:1046  oval:org.cisecurity:def:1046: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:1049  oval:org.cisecurity:def:1049: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:1047  oval:org.cisecurity:def:1047: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:1037  oval:org.cisecurity:def:1037: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:1044  oval:org.cisecurity:def:1044: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:994  oval:org.cisecurity:def:994: Parameter sanitization failure in DevTools
  CISEC:1035  oval:org.cisecurity:def:1035: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:1040  oval:org.cisecurity:def:1040: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:1033  oval:org.cisecurity:def:1033: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:996  oval:org.cisecurity:def:996: URL leakage via PAC script
  CISEC:991  oval:org.cisecurity:def:991: Content-Security-Policy bypass
  CISEC:1052  oval:org.cisecurity:def:1052: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:989  oval:org.cisecurity:def:989: Parameter sanitization failure in DevTools
  CISEC:1042  oval:org.cisecurity:def:1042: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:988  oval:org.cisecurity:def:988: Origin confusion in proxy authentication
  CISEC:997  oval:org.cisecurity:def:997: URL spoofing
  CISEC:1028  oval:org.cisecurity:def:1028: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:1036  oval:org.cisecurity:def:1036: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:987  oval:org.cisecurity:def:987: Various fixes from internal audits, fuzzing and other initiatives
  CISEC:1051  oval:org.cisecurity:def:1051: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:1034  oval:org.cisecurity:def:1034: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:1031  oval:org.cisecurity:def:1031: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:993  oval:org.cisecurity:def:993: Limited same-origin bypass in Service Workers
  CISEC:1038  oval:org.cisecurity:def:1038: Race condition in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:986  oval:org.cisecurity:def:986: Same origin bypass for images in Blink
  CISEC:1041  oval:org.cisecurity:def:1041: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:1027  oval:org.cisecurity:def:1027: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:1029  oval:org.cisecurity:def:1029: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:1050  oval:org.cisecurity:def:1050: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:1048  oval:org.cisecurity:def:1048: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:1032  oval:org.cisecurity:def:1032: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:1026  oval:org.cisecurity:def:1026: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
  CISEC:1030  oval:org.cisecurity:def:1030: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:995  oval:org.cisecurity:def:995: Use-after-free in libxml
  CISEC:1045  oval:org.cisecurity:def:1045: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
  CISEC:990  oval:org.cisecurity:def:990: History sniffing with HSTS and CSP

2016-08-07  CVE-2015-3854  packages/SystemUI/src/com/android/systemui/power/PowerNotificationWarnings.java in Android 5.x allows attackers to bypass a DEVICE_POWER permission requirement via a broadcast intent with the PNW.stopSaver action, aka internal bug...

2016-08-06  CVE-2014-9863  Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android...
  CVE-2014-9864  drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal...
  CVE-2014-9865  drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly restrict user-space input, which allows attackers to gain privileges via a crafted application, aka...
  CVE-2014-9866  drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate a certain parameter, which allows attackers to gain privileges via...
  CVE-2014-9867  drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate the number of streams, which allows attackers to gain privileges...
  CVE-2014-9868  drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via an application that provides a crafted...
  CVE-2014-9869  drivers/media/platform/msm/camera_v2/isp/msm_isp_stats_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain index values, which allows attackers to gain privileges...
  CVE-2014-9870  The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allows local users to gain privileges...
  CVE-2014-9871  Multiple buffer overflows in drivers/media/platform/msm/camera_v2/isp/msm_isp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted...
  CVE-2014-9872  The diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ensure unique identifiers in a DCI client table, which allows attackers to gain privileges via a crafted application, aka Android...
  CVE-2014-9873  Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application,...
  CVE-2014-9874  Buffer overflow in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, related to arch/arm/mach-msm/qdsp6v2/audio_utils.c and...
  CVE-2014-9875  drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application that sends short DCI request packets, aka Android internal...
  CVE-2014-9876  drivers/char/diag/diagfwd.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices mishandles certain integer values, which allows attackers to gain privileges via a crafted application,...
  CVE-2014-9877  drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices mishandles a user-space pointer, which allows attackers to gain privileges...
  CVE-2014-9878  drivers/mmc/card/mmc_block_test.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not reject kernel-space buffer addresses, which allows attackers to gain privileges via a crafted application, aka...
  CVE-2014-9879  The mdss mdp3 driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate user-space data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769221...
  CVE-2014-9880  drivers/video/msm/vidc/common/enc/venc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate VEN_IOCTL_GET_SEQUENCE_HDR ioctl calls, which allows attackers to gain privileges via a...
  CVE-2014-9881  drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices uses an incorrect integer data type, which allows attackers to gain privileges or cause a denial of service (buffer...
  CVE-2014-9882  Buffer overflow in drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28769546...
  CVE-2014-9883  Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application,...
  CVE-2014-9884  drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain pointers, which allows attackers to gain privileges via a crafted application, aka Android...
  CVE-2014-9885  Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application that provides format string...
  CVE-2014-9886  arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to gain privileges via a crafted...
  CVE-2014-9887  drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain length values, which allows attackers to gain privileges via a crafted application, aka Android...
  CVE-2014-9889  drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate CPP frame messages, which allows attackers to gain privileges via a crafted...
  CVE-2014-9890  Off-by-one error in drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application that...
  CVE-2014-9891  drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain buffer addresses, which allows attackers to gain privileges via a crafted application that makes an ioctl...
  CVE-2014-9892  The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which...
  CVE-2014-9893  drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not properly determine the size of Gamut LUT data, which allows attackers to obtain sensitive information via a...
  CVE-2014-9894  drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not ensure that certain name strings end in a '\0' character, which allows attackers to obtain sensitive information via a...
  CVE-2014-9895  drivers/media/media-device.c in the Linux kernel before 3.11, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize certain data structures, which allows local users to obtain sensitive...
  CVE-2014-9896  drivers/char/adsprpc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate parameters and return values, which allows attackers to obtain sensitive information via a...
  CVE-2014-9897  sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain user-space data, which allows attackers to obtain sensitive information via a crafted...
  CVE-2014-9898  arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to obtain sensitive information...
  CVE-2014-9899  drivers/usb/host/ehci-msm2.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices omits certain minimum calculations before copying data, which allows attackers to obtain sensitive information via a crafted...
  CVE-2014-9900  The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to...
  CVE-2015-8937  drivers/char/diag/diagchar_core.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 6, and 7 (2013) devices mishandles a socket process, which allows attackers to gain privileges via a crafted application, aka...
  CVE-2015-8938  The MSM camera driver in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug...
  CVE-2015-8939  drivers/video/msm/mdp4_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate r stages, g stages, or b stages data, which allows attackers to gain privileges via a crafted...
  CVE-2015-8940  Integer overflow in sound/soc/msm/qdsp6v2/q6lsm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28813987 and...
  CVE-2015-8941  drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices does not properly validate array indexes, which allows attackers to gain privileges...
  CVE-2015-8942  drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate the stream state, which allows attackers to gain privileges via a crafted...
  CVE-2015-8943  drivers/video/msm/mdss/mdss_mdp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not verify that a mapping exists before proceeding with an unmap operation, which allows attackers to gain...
  CVE-2015-8944  The ioresources_init function in kernel/resource.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices, uses weak permissions for /proc/iomem, which allows local users to obtain...

2016-08-05  CVE-2014-9901  The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices makes incorrect snprintf calls, which allows remote attackers to cause a denial of service (device hang or reboot) via crafted frames, aka Android...
  CVE-2014-9902  Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices allows remote attackers to execute arbitrary code via a crafted Information Element (IE) in...

2016-08-01  CISEC:983  oval:org.cisecurity:def:983: MIME message modification memory corruption
  CISEC:982  oval:org.cisecurity:def:982: ZIP decompression memory access violation
  CISEC:984  oval:org.cisecurity:def:984: TNEF integer overflow

2016-07-26  CISEC:979  oval:org.cisecurity:def:979: Vulnerability in Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5
  CISEC:978  oval:org.cisecurity:def:978: Vulnerability in Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5
  CISEC:980  oval:org.cisecurity:def:980: Buffer overflow in Dec2LHA.dll in the AntiVirus Decomposer engine in Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5
  CISEC:981  oval:org.cisecurity:def:981: Buffer overflow in Dec2SS.dll in the AntiVirus Decomposer engine in Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5

2016-07-10  CVE-2013-7457  Unspecified vulnerability in the Qualcomm components in Android before 2016-07-05 allows attackers to gain privileges via a crafted application.
  CVE-2014-9786  Heap-based buffer overflow in drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a...
  CVE-2014-9787  Integer overflow in drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28571496 and...
  CVE-2014-9788  Multiple buffer overflows in the voice drivers in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28573112 and Qualcomm...
  CVE-2014-9789  The (1) alloc and (2) free APIs in arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices do not validate parameters, which allows attackers to gain privileges via a...
  CVE-2014-9790  drivers/mmc/core/debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate pointers used in read and write operations, which allows attackers to gain privileges via a crafted...
  CVE-2014-9792  arch/arm/mach-msm/ipc_router.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices uses an incorrect integer data type, which allows attackers to gain privileges via a crafted application, aka Android internal...
  CVE-2014-9793  platform/msm_shared/mmc.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices mishandles the power-on write-protect feature, which allows attackers to gain privileges via a crafted application, aka...
  CVE-2014-9795  app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices does not properly check for an integer overflow, which allows attackers to bypass intended access restrictions via crafted start and size...
  CVE-2014-9779  arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to obtain sensitive information from kernel memory via a crafted offset, aka Android internal bug...
  CVE-2014-9780  drivers/video/msm/mdss/mdp3_ctrl.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5, 5X, and 6P devices does not validate start and length values, which allows attackers to gain privileges via a crafted application,...
  CVE-2014-9781  Buffer overflow in drivers/video/fbcmap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28410333 and Qualcomm...
  CVE-2014-9782  drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate direction and step parameters, which allows attackers to...
  CVE-2014-9783  drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate certain values, which allows attackers to gain privileges via a crafted...
  CVE-2014-9784  Multiple buffer overflows in drivers/char/diag/diag_debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal...
  CVE-2014-9785  drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate addresses before copying data, which allows attackers to gain privileges via a crafted application, aka...
  CVE-2014-9777  The vid_dec_set_meta_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows attackers...
  CVE-2014-9778  The vid_dec_set_h264_mv_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows...
  CVE-2014-9796  app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the page size in the kernel header, which allows attackers to bypass intended access restrictions via a...
  CVE-2014-9798  platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 devices does not check the relationship between tags addresses and aboot addresses, which allows attackers to cause a denial of service...
  CVE-2014-9799  The makefile in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices omits the -fno-strict-overflow option to gcc, which might allow attackers to gain privileges via a crafted application that...
  CVE-2014-9800  Integer overflow in lib/heap/heap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28822150 and Qualcomm...
  CVE-2014-9801  Multiple integer overflows in lib/libfdt/fdt_rw.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28822060 and Qualcomm...
  CVE-2014-9802  Multiple integer overflows in lib/libfdt/fdt.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28821965...
  CVE-2014-9803  arch/arm64/include/asm/pgtable.h in the Linux kernel before 3.15-rc5-next-20140519, as used in Android before 2016-07-05 on Nexus 5X and 6P devices, mishandles execute-only pages, which allows attackers to gain privileges via a...
  CVE-2015-8888  Integer overflow in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to bypass intended access restrictions via a crafted block count and block size of a sparse header, aka...
  CVE-2015-8889  The aboot implementation in the Qualcomm components in Android before 2016-07-05 on Nexus 6P devices omits the recovery PIN feature, which has unspecified impact and attack vectors, aka Android internal bug 28822677 and Qualcomm...
  CVE-2015-8890  platform/msm_shared/partition_parser.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate certain GUID Partition Table (GPT) data, which allows attackers to bypass intended...
  CVE-2015-8891  Multiple integer overflows in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to bypass intended access restrictions via a crafted image, aka Android internal...
  CVE-2015-8892  platform/msm_shared/boot_verifier.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to bypass intended access restrictions via a digest with trailing data, aka Android internal bug...
  CVE-2015-8893  app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to cause a denial of service (OS outage or buffer over-read) via a crafted application, aka Android internal...

2016-07-08  CISEC:423  oval:org.cisecurity:def:423: DLL Loading Remote Code Execution Vulnerability

2016-07-07  CISEC:961  oval:org.cisecurity:def:961: Remote Desktop Protocol
  CISEC:960  oval:org.cisecurity:def:960: WebDAV Elevation of Privilege Vulnerability

2016-07-05  CISEC:948  oval:org.cisecurity:def:948: Windows DLL Loading Denial of Service Vulnerability
  CISEC:959  oval:org.cisecurity:def:959: Windows Kerberos Security Feature Bypass
  CISEC:930  oval:org.cisecurity:def:930: Silverlight Runtime Remote Code Execution Vulnerability

2016-07-04  CISEC:929  oval:org.cisecurity:def:929: Windows Media Parsing Remote Code Execution Vulnerability
  CISEC:947  oval:org.cisecurity:def:947: Windows OLE Memory Remote Code Execution Vulnerability
  CISEC:945  oval:org.cisecurity:def:945: Windows Media Parsing Remote Code Execution Vulnerability
  CISEC:946  oval:org.cisecurity:def:946: Windows OLE Memory Remote Code Execution Vulnerability

2016-07-03  CISEC:963  oval:org.cisecurity:def:963: SAP Adaptive Server Enterprise (ASE) before 15.7 SP132 and 16.0 before 16.0 SP01 allows remote attackers to bypass the challenge and response mechanism and obtain access to the probe account via a crafted response, aka...

2016-06-23  CISEC:887  oval:org.cisecurity:def:887: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  CISEC:985  oval:org.cisecurity:def:985: Vulnerability in Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207
  CISEC:921  oval:org.cisecurity:def:921: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  CISEC:917  oval:org.cisecurity:def:917: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  CISEC:888  oval:org.cisecurity:def:888: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  CISEC:914  oval:org.cisecurity:def:914: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  CISEC:896  oval:org.cisecurity:def:896: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  CISEC:901  oval:org.cisecurity:def:901: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  CISEC:913  oval:org.cisecurity:def:913: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  CISEC:928  oval:org.cisecurity:def:928: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  CISEC:920  oval:org.cisecurity:def:920: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  CISEC:919  oval:org.cisecurity:def:919: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  CISEC:897  oval:org.cisecurity:def:897: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  CISEC:923  oval:org.cisecurity:def:923: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  CISEC:927  oval:org.cisecurity:def:927: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  CISEC:906  oval:org.cisecurity:def:906: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  CISEC:903  oval:org.cisecurity:def:903: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  CISEC:899  oval:org.cisecurity:def:899: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  CISEC:916  oval:org.cisecurity:def:916: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  CISEC:904  oval:org.cisecurity:def:904: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  CISEC:895  oval:org.cisecurity:def:895: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  CISEC:893  oval:org.cisecurity:def:893: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  CISEC:908  oval:org.cisecurity:def:908: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  CISEC:911  oval:org.cisecurity:def:911: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  CISEC:918  oval:org.cisecurity:def:918: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  CISEC:915  oval:org.cisecurity:def:915: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  CISEC:902  oval:org.cisecurity:def:902: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  CISEC:925  oval:org.cisecurity:def:925: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  CISEC:910  oval:org.cisecurity:def:910: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  CISEC:924  oval:org.cisecurity:def:924: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  CISEC:922  oval:org.cisecurity:def:922: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  CISEC:890  oval:org.cisecurity:def:890: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  CISEC:886  oval:org.cisecurity:def:886: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  CISEC:905  oval:org.cisecurity:def:905: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  CISEC:912  oval:org.cisecurity:def:912: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  CISEC:926  oval:org.cisecurity:def:926: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
  CISEC:892  oval:org.cisecurity:def:892: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier

2016-06-22  CISEC:894  oval:org.cisecurity:def:894: Oracle Outside In Libraries Elevation of Privilege Vulnerabilities
  CISEC:944  oval:org.cisecurity:def:944: ATMFD.DLL Elevation of Privilege Vulnerability
  CISEC:940  oval:org.cisecurity:def:940: Windows Virtual PCI Information Disclosure Vulnerability
  CISEC:907  oval:org.cisecurity:def:907: Oracle Outside In Libraries Elevation of Privilege Vulnerabilities
  CISEC:909  oval:org.cisecurity:def:909: Oracle Outside In Libraries Elevation of Privilege Vulnerabilities
  CISEC:943  oval:org.cisecurity:def:943: Win32k Elevation of Privilege Vulnerability
  CISEC:884  oval:org.cisecurity:def:884: Windows Search Component Denial of Service Vulnerability
  CISEC:942  oval:org.cisecurity:def:942: Windows Graphics Component Information Disclosure Vulnerability
  CISEC:885  oval:org.cisecurity:def:885: Microsoft Exchange Information Disclosure Vulnerability
  CVE-2015-6289  Cisco IOS 15.5(3)M on Integrated Services Router (ISR) 800, 819, and 829 devices allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets on the SSH port, aka Bug ID CSCuu13476.

2016-06-21  CISEC:941  oval:org.cisecurity:def:941: Win32k Elevation of Privilege Vulnerability
  CISEC:879  oval:org.cisecurity:def:879: Microsoft Office OLE DLL Side Loading Vulnerability
  CISEC:877  oval:org.cisecurity:def:877: Microsoft Office Information Disclosure Vulnerability
  CISEC:874  oval:org.cisecurity:def:874: Microsoft Office Memory Corruption Vulnerability
  CISEC:939  oval:org.cisecurity:def:939: Win32k Elevation of Privilege Vulnerability
  CISEC:876  oval:org.cisecurity:def:876: Microsoft Office Memory Corruption Vulnerability

2016-06-20  CISEC:883  oval:org.cisecurity:def:883: Windows Netlogon Memory Corruption Remote Code Execution Vulnerability
  CISEC:882  oval:org.cisecurity:def:882: Active Directory Denial of Service Vulnerability
  CISEC:880  oval:org.cisecurity:def:880: Windows Diagnostics Hub Elevation of Privilege Vulnerability
  CISEC:881  oval:org.cisecurity:def:881: Windows SMB Server Elevation of Privilege Vulnerability

2016-06-17  CISEC:873  oval:org.cisecurity:def:873: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier

2016-06-16  CISEC:871  oval:org.cisecurity:def:871: Windows DNS Server Use After Free Vulnerability
  CISEC:859  oval:org.cisecurity:def:859: Group Policy Elevation of Privilege Vulnerability
  CISEC:866  oval:org.cisecurity:def:866: Windows WPAD Proxy Discovery Elevation of Privilege Vulnerability
  CISEC:861  oval:org.cisecurity:def:861: WPAD Elevation of Privilege Vulnerability

2016-06-15  CISEC:830  oval:org.cisecurity:def:830: Scripting Engine Memory Corruption Vulnerability
  CISEC:828  oval:org.cisecurity:def:828: Scripting Engine Memory Corruption Vulnerability
  CISEC:829  oval:org.cisecurity:def:829: Scripting Engine Memory Corruption Vulnerability
  CISEC:867  oval:org.cisecurity:def:867: Internet Explorer Memory Corruption Vulnerability
  CISEC:827  oval:org.cisecurity:def:827: Scripting Engine Memory Corruption Vulnerability
  CISEC:872  oval:org.cisecurity:def:872: Scripting Engine Memory Corruption Vulnerability
  CISEC:826  oval:org.cisecurity:def:826: Scripting Engine Memory Corruption Vulnerability
  CISEC:870  oval:org.cisecurity:def:870: Windows PDF Information Disclosure Vulnerability
  CISEC:864  oval:org.cisecurity:def:864: Microsoft Edge Security Feature Bypass
  CISEC:862  oval:org.cisecurity:def:862: Scripting Engine Memory Corruption Vulnerability
  CISEC:860  oval:org.cisecurity:def:860: Windows PDF Remote Code Execution Vulnerability
  CISEC:858  oval:org.cisecurity:def:858: Internet Explorer Memory Corruption Vulnerability
  CISEC:863  oval:org.cisecurity:def:863: Scripting Engine Memory Corruption Vulnerability
  CISEC:868  oval:org.cisecurity:def:868: Windows PDF Information Disclosure Vulnerability
  CISEC:869  oval:org.cisecurity:def:869: Internet Explorer XSS Filter Vulnerability
  CISEC:865  oval:org.cisecurity:def:865: Internet Explorer Memory Corruption Vulnerability

2016-06-08  CISEC:801  oval:org.cisecurity:def:801: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  CISEC:795  oval:org.cisecurity:def:795: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  CISEC:819  oval:org.cisecurity:def:819: Scripting Engine Memory Corruption Vulnerability
  CISEC:793  oval:org.cisecurity:def:793: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  CISEC:800  oval:org.cisecurity:def:800: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  CISEC:797  oval:org.cisecurity:def:797: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  CISEC:818  oval:org.cisecurity:def:818: Scripting Engine Memory Corruption Vulnerability
  CISEC:799  oval:org.cisecurity:def:799: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  CISEC:796  oval:org.cisecurity:def:796: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  CISEC:794  oval:org.cisecurity:def:794: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  CISEC:817  oval:org.cisecurity:def:817: Scripting Engine Memory Corruption Vulnerability
  CISEC:798  oval:org.cisecurity:def:798: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier

2016-06-07  CISEC:807  oval:org.cisecurity:def:807: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  CISEC:810  oval:org.cisecurity:def:810: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  CISEC:815  oval:org.cisecurity:def:815: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  CISEC:802  oval:org.cisecurity:def:802: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  CISEC:811  oval:org.cisecurity:def:811: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  CISEC:816  oval:org.cisecurity:def:816: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  CISEC:805  oval:org.cisecurity:def:805: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  CISEC:808  oval:org.cisecurity:def:808: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  CISEC:814  oval:org.cisecurity:def:814: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  CISEC:809  oval:org.cisecurity:def:809: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  CISEC:803  oval:org.cisecurity:def:803: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  CISEC:813  oval:org.cisecurity:def:813: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  CISEC:812  oval:org.cisecurity:def:812: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  CISEC:804  oval:org.cisecurity:def:804: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
  CISEC:806  oval:org.cisecurity:def:806: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier

2016-06-06  CISEC:786  oval:org.cisecurity:def:786: Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79
  CISEC:790  oval:org.cisecurity:def:790: Cross-origin bypass in Blink
  CISEC:785  oval:org.cisecurity:def:785: Out-of-bounds read in Skia
  CISEC:824  oval:org.cisecurity:def:824: EVP_EncryptUpdate overflow
  CISEC:787  oval:org.cisecurity:def:787: Use-after-free in Autofill
  CISEC:821  oval:org.cisecurity:def:821: Memory corruption in the ASN.1 encoder
  CISEC:788  oval:org.cisecurity:def:788: Parameter sanitization failure in DevTools
  CISEC:820  oval:org.cisecurity:def:820: Padding oracle in AES-NI CBC MAC check
  CISEC:822  oval:org.cisecurity:def:822: ASN.1 BIO excessive memory allocation
  CISEC:792  oval:org.cisecurity:def:792: Cross-origin bypass in extension bindings
  CISEC:791  oval:org.cisecurity:def:791: Use-after-free in Extensions
  CISEC:825  oval:org.cisecurity:def:825: EVP_EncodeUpdate overflow
  CISEC:789  oval:org.cisecurity:def:789: Information leak in Extension bindings
  CISEC:823  oval:org.cisecurity:def:823: EBCDIC overread

2016-06-03  CISEC:784  oval:org.cisecurity:def:784: Secondary Logon Elevation of Privilege Vulnerability

2016-06-01  CISEC:774  oval:org.cisecurity:def:774: Windows DLL Loading Remote Code Execution Vulnerability
  CISEC:775  oval:org.cisecurity:def:775: Windows Kernel Elevation of Privilege Vulnerability
  CISEC:776  oval:org.cisecurity:def:776: Windows Media Center Remote Code Execution Vulnerability

2016-05-31  CISEC:772  oval:org.cisecurity:def:772: Microsoft Office Malformed EPS File Vulnerability
  CISEC:773  oval:org.cisecurity:def:773: Microsoft Office Memory Corruption Vulnerability

2016-05-30  CISEC:782  oval:org.cisecurity:def:782: Microsoft Office Memory Corruption Vulnerability
  CISEC:771  oval:org.cisecurity:def:771: RPC Network Data Representation Engine Remote Code Execution Vulnerability
  CISEC:783  oval:org.cisecurity:def:783: Cross-origin bypass in extension bindings

2016-05-26  CISEC:769  oval:org.cisecurity:def:769: Microsoft Office Graphics RCE Vulnerability

2016-05-24  CISEC:768  oval:org.cisecurity:def:768: Microsoft Office Memory Corruption Vulnerability

2016-05-23  CISEC:780  oval:org.cisecurity:def:780: Windows Graphics Component Information Disclosure Vulnerability
  CISEC:779  oval:org.cisecurity:def:779: Windows Graphics Component Information Disclosure Vulnerability
  CISEC:781  oval:org.cisecurity:def:781: Windows Graphics Component RCE Vulnerability

2016-05-20  CISEC:695  oval:org.cisecurity:def:695: Hypervisor Code Integrity Security Feature Bypass
  CISEC:766  oval:org.cisecurity:def:766: Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability
  CISEC:767  oval:org.cisecurity:def:767: Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability
  CISEC:731  oval:org.cisecurity:def:731: Double free vulnerability in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g

2016-05-19  CISEC:737  oval:org.cisecurity:def:737: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:736  oval:org.cisecurity:def:736: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:718  oval:org.cisecurity:def:718: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:701  oval:org.cisecurity:def:701: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:720  oval:org.cisecurity:def:720: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:733  oval:org.cisecurity:def:733: Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2
  CISEC:727  oval:org.cisecurity:def:727: Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier
  CISEC:722  oval:org.cisecurity:def:722: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:715  oval:org.cisecurity:def:715: Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier
  CISEC:729  oval:org.cisecurity:def:729: Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier
  CISEC:712  oval:org.cisecurity:def:712: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:713  oval:org.cisecurity:def:713: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:721  oval:org.cisecurity:def:721: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:717  oval:org.cisecurity:def:717: Unspecified vulnerability in Oracle Java SE 8u77
  CISEC:735  oval:org.cisecurity:def:735: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:723  oval:org.cisecurity:def:723: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:705  oval:org.cisecurity:def:705: Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier
  CISEC:710  oval:org.cisecurity:def:710: Unspecified vulnerability in Oracle Virtualization VirtualBox before 5.0.18
  CISEC:703  oval:org.cisecurity:def:703: Unspecified vulnerability in Oracle Java SE 8u77
  CISEC:711  oval:org.cisecurity:def:711: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:732  oval:org.cisecurity:def:732: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:709  oval:org.cisecurity:def:709: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:700  oval:org.cisecurity:def:700: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
  CISEC:724  oval:org.cisecurity:def:724: Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier
  CISEC:730  oval:org.cisecurity:def:730: Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier
  CISEC:716  oval:org.cisecurity:def:716: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77

2016-05-18  CISEC:745  oval:org.cisecurity:def:745: Windows Imaging Component Memory Corruption Vulnerability

2016-05-17  CISEC:631  oval:org.cisecurity:def:631: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:648  oval:org.cisecurity:def:648: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:639  oval:org.cisecurity:def:639: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:640  oval:org.cisecurity:def:640: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:744  oval:org.cisecurity:def:744: Direct3D Use After Free Vulnerability
  CISEC:664  oval:org.cisecurity:def:664: Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:686  oval:org.cisecurity:def:686: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:692  oval:org.cisecurity:def:692: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:683  oval:org.cisecurity:def:683: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:608  oval:org.cisecurity:def:608: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:663  oval:org.cisecurity:def:663: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:689  oval:org.cisecurity:def:689: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:619  oval:org.cisecurity:def:619: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:613  oval:org.cisecurity:def:613: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:615  oval:org.cisecurity:def:615: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:614  oval:org.cisecurity:def:614: Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:630  oval:org.cisecurity:def:630: Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:741  oval:org.cisecurity:def:741: Internet Explorer Security Feature Bypass
  CISEC:650  oval:org.cisecurity:def:650: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:688  oval:org.cisecurity:def:688: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:764  oval:org.cisecurity:def:764: Win32k Elevation of Privilege Vulnerability
  CISEC:761  oval:org.cisecurity:def:761: Win32k Elevation of Privilege Vulnerability
  CISEC:657  oval:org.cisecurity:def:657: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:609  oval:org.cisecurity:def:609: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:763  oval:org.cisecurity:def:763: Win32k Elevation of Privilege Vulnerability
  CISEC:743  oval:org.cisecurity:def:743: Internet Explorer Information Disclosure Vulnerability
  CISEC:760  oval:org.cisecurity:def:760: Win32k Elevation of Privilege Vulnerability
  CISEC:762  oval:org.cisecurity:def:762: Win32k Information Disclosure Vulnerability
  CISEC:742  oval:org.cisecurity:def:742: Microsoft Browser Memory Corruption Vulnerability
  CISEC:661  oval:org.cisecurity:def:661: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:616  oval:org.cisecurity:def:616: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039

2016-05-16  CISEC:605  oval:org.cisecurity:def:605: Vulnerability in Google Chrome before 50.0.2661.102
  CISEC:740  oval:org.cisecurity:def:740: Windows Journal Memory Corruption Vulnerability
  CISEC:607  oval:org.cisecurity:def:607: Vulnerability in Google Chrome before 50.0.2661.102
  CISEC:606  oval:org.cisecurity:def:606: Vulnerability in Google Chrome before 50.0.2661.102
  CISEC:604  oval:org.cisecurity:def:604: Vulnerability in Google Chrome before 50.0.2661.102
  CISEC:739  oval:org.cisecurity:def:739: TLS/SSL Information Disclosure Vulnerability

2016-05-12  CISEC:638  oval:org.cisecurity:def:638: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:653  oval:org.cisecurity:def:653: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:649  oval:org.cisecurity:def:649: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:675  oval:org.cisecurity:def:675: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:634  oval:org.cisecurity:def:634: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:655  oval:org.cisecurity:def:655: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:642  oval:org.cisecurity:def:642: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:682  oval:org.cisecurity:def:682: Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:656  oval:org.cisecurity:def:656: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:690  oval:org.cisecurity:def:690: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:646  oval:org.cisecurity:def:646: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:635  oval:org.cisecurity:def:635: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:611  oval:org.cisecurity:def:611: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:678  oval:org.cisecurity:def:678: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:671  oval:org.cisecurity:def:671: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:621  oval:org.cisecurity:def:621: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:647  oval:org.cisecurity:def:647: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:665  oval:org.cisecurity:def:665: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:636  oval:org.cisecurity:def:636: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:628  oval:org.cisecurity:def:628: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:667  oval:org.cisecurity:def:667: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:633  oval:org.cisecurity:def:633: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:662  oval:org.cisecurity:def:662: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:645  oval:org.cisecurity:def:645: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:612  oval:org.cisecurity:def:612: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:694  oval:org.cisecurity:def:694: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:681  oval:org.cisecurity:def:681: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:624  oval:org.cisecurity:def:624: Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:632  oval:org.cisecurity:def:632: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:618  oval:org.cisecurity:def:618: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:641  oval:org.cisecurity:def:641: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:679  oval:org.cisecurity:def:679: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:510  oval:org.cisecurity:def:510: Remote Desktop Protocol Drive Redirection Information Disclosure Vulnerability
  CISEC:660  oval:org.cisecurity:def:660: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:672  oval:org.cisecurity:def:672: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:652  oval:org.cisecurity:def:652: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:617  oval:org.cisecurity:def:617: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:674  oval:org.cisecurity:def:674: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:680  oval:org.cisecurity:def:680: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:625  oval:org.cisecurity:def:625: Integer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:668  oval:org.cisecurity:def:668: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:670  oval:org.cisecurity:def:670: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:637  oval:org.cisecurity:def:637: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:658  oval:org.cisecurity:def:658: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:673  oval:org.cisecurity:def:673: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:643  oval:org.cisecurity:def:643: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:626  oval:org.cisecurity:def:626: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:623  oval:org.cisecurity:def:623: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:644  oval:org.cisecurity:def:644: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:691  oval:org.cisecurity:def:691: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:669  oval:org.cisecurity:def:669: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:685  oval:org.cisecurity:def:685: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:610  oval:org.cisecurity:def:610: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:654  oval:org.cisecurity:def:654: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:629  oval:org.cisecurity:def:629: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:620  oval:org.cisecurity:def:620: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:651  oval:org.cisecurity:def:651: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:676  oval:org.cisecurity:def:676: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:693  oval:org.cisecurity:def:693: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:659  oval:org.cisecurity:def:659: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
  CISEC:666  oval:org.cisecurity:def:666: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039

2016-05-11  CISEC:507  oval:org.cisecurity:def:507: Scripting Engine Memory Corruption Vulnerability
  CISEC:513  oval:org.cisecurity:def:513: Adobe Flash Player Remote Code Execution Vulnerability
  CISEC:520  oval:org.cisecurity:def:520: Windows Shell Remote Code Execution Vulnerability
  CISEC:509  oval:org.cisecurity:def:509: Scripting Engine Memory Corruption Vulnerability

2016-05-10  CISEC:512  oval:org.cisecurity:def:512: Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74

2016-05-05  CISEC:501  oval:org.cisecurity:def:501: Windows OLE Remote Code Execution Vulnerability

2016-05-04  CISEC:497  oval:org.cisecurity:def:497: Windows CSRSS Security Feature Bypass Vulnerability

2016-05-03  CISEC:498  oval:org.cisecurity:def:498: Microsoft Office Memory Corruption Vulnerability
  CISEC:499  oval:org.cisecurity:def:499: .NET Framework Remote Code Execution Vulnerability

2016-05-02  CISEC:504  oval:org.cisecurity:def:504: Microsoft Office Memory Corruption Vulnerability
  CISEC:502  oval:org.cisecurity:def:502: Microsoft Office Memory Corruption Vulnerability
  CISEC:622  oval:org.cisecurity:def:622: Double free vulnerability in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056
  CISEC:503  oval:org.cisecurity:def:503: Microsoft Office Memory Corruption Vulnerability

2016-04-26  CISEC:500  oval:org.cisecurity:def:500: Graphics Memory Corruption Vulnerability

2016-04-25  CISEC:475  oval:org.cisecurity:def:475: Windows SAM and LSAD Downgrade Vulnerability

2016-04-22  CISEC:477  oval:org.cisecurity:def:477: MSXML Remote Code Execution Vulnerability
  CISEC:515  oval:org.cisecurity:def:515: Microsoft Edge Elevation of Privilege Vulnerability
  CISEC:511  oval:org.cisecurity:def:511: Microsoft Edge Memory Corruption Vulnerability
  CISEC:505  oval:org.cisecurity:def:505: Microsoft Edge Elevation of Privilege Vulnerability
  CISEC:508  oval:org.cisecurity:def:508: Microsoft Edge Memory Corruption Vulnerability
  CISEC:519  oval:org.cisecurity:def:519: Microsoft Edge Memory Corruption Vulnerability

2016-04-21  CISEC:479  oval:org.cisecurity:def:479: Win32k Elevation of Privilege Vulnerability
  CISEC:476  oval:org.cisecurity:def:476: Win32k Elevation of Privilege Vulnerability
  CISEC:480  oval:org.cisecurity:def:480: Win32k Elevation of Privilege Vulnerability

2016-04-20  CISEC:464  oval:org.cisecurity:def:464: DLL Loading Remote Code Execution Vulnerability
  CISEC:474  oval:org.cisecurity:def:474: Internet Explorer Memory Corruption Vulnerability
  CISEC:472  oval:org.cisecurity:def:472: Internet Explorer Information Disclosure Vulnerability
  CISEC:470  oval:org.cisecurity:def:470: Internet Explorer Memory Corruption Vulnerability
  CISEC:466  oval:org.cisecurity:def:466: Internet Explorer Memory Corruption Vulnerability
  CISEC:514  oval:org.cisecurity:def:514: Microsoft Browser Memory Corruption Vulnerability
  CISEC:465  oval:org.cisecurity:def:465: Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 and 14.x through 18.0.0.203

2016-04-19  CISEC:467  oval:org.cisecurity:def:467: Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows

2016-04-18  CISEC:471  oval:org.cisecurity:def:471: Use-after-free vulnerability in the ByteArray class in the ActionScript 3

2016-04-11  CISEC:458  oval:org.cisecurity:def:458: Use-after-free vulnerability in the BitmapData class in the ActionScript 3

2016-04-08  CISEC:454  oval:org.cisecurity:def:454: Windows Journal DoS Vulnerability
  CISEC:452  oval:org.cisecurity:def:452: Windows Journal DoS Vulnerability

2016-04-05  CISEC:473  oval:org.cisecurity:def:473: Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194

2016-03-31  CISEC:463  oval:org.cisecurity:def:463: Microsoft Office Memory Corruption Vulnerability
  CISEC:450  oval:org.cisecurity:def:450: OpenType Font Parsing Vulnerability

2016-03-30  CISEC:468  oval:org.cisecurity:def:468: Scripting Engine Memory Corruption Vulnerability
  CISEC:451  oval:org.cisecurity:def:451: Memory Corruption Vulnerability

2016-03-08  CISEC:430  oval:org.cisecurity:def:430: Internet Explorer Memory Corruption Vulnerability
  CISEC:429  oval:org.cisecurity:def:429: Internet Explorer Memory Corruption Vulnerability
  CISEC:426  oval:org.cisecurity:def:426: Internet Explorer Memory Corruption Vulnerability
  CISEC:432  oval:org.cisecurity:def:432: Internet Explorer Memory Corruption Vulnerability
  CISEC:428  oval:org.cisecurity:def:428: Internet Explorer Memory Corruption Vulnerability
  CISEC:425  oval:org.cisecurity:def:425: Internet Explorer Memory Corruption Vulnerability
  CISEC:427  oval:org.cisecurity:def:427: Internet Explorer Memory Corruption Vulnerability
  CISEC:433  oval:org.cisecurity:def:433: Internet Explorer Memory Corruption Vulnerability
  CISEC:447  oval:org.cisecurity:def:447: Scripting Engine Memory Corruption Vulnerability
  CISEC:431  oval:org.cisecurity:def:431: Internet Explorer Memory Corruption Vulnerability

2016-03-07  CISEC:417  oval:org.cisecurity:def:417: Internet Explorer Memory Corruption Vulnerability
  CISEC:424  oval:org.cisecurity:def:424: Internet Explorer Information Disclosure Vulnerability
  CISEC:419  oval:org.cisecurity:def:419: Internet Explorer Elevation of Privilege Vulnerability
  CISEC:422  oval:org.cisecurity:def:422: Microsoft Browser Memory Corruption Vulnerability
  CISEC:421  oval:org.cisecurity:def:421: Internet Explorer Memory Corruption Vulnerability
  CISEC:418  oval:org.cisecurity:def:418: Microsoft Browser Spoofing Vulnerability
  CISEC:420  oval:org.cisecurity:def:420: Internet Explorer Memory Corruption Vulnerability
  CISEC:413  oval:org.cisecurity:def:413: Microsoft Browser Memory Corruption Vulnerability
  CISEC:415  oval:org.cisecurity:def:415: Internet Explorer Elevation of Privilege Vulnerability
  CISEC:412  oval:org.cisecurity:def:412: Internet Explorer Memory Corruption Vulnerability
  CISEC:416  oval:org.cisecurity:def:416: Internet Explorer Memory Corruption Vulnerability
  CISEC:414  oval:org.cisecurity:def:414: Microsoft Browser Memory Corruption Vulnerability

2016-03-03  CISEC:448  oval:org.cisecurity:def:448: Internet Explorer Elevation of Privilege Vulnerability
  CISEC:411  oval:org.cisecurity:def:411: Scripting Engine Memory Corruption Vulnerability
  CVE-2015-6260  Cisco NX-OS 7.1(1)N1(1) on Nexus 5500, 5600, and 6000 devices does not properly validate PDUs in SNMP packets, which allows remote attackers to cause a denial of service (SNMP application restart) via a crafted packet, aka Bug ID CSCut84645.

2016-02-24  CISEC:409  oval:org.cisecurity:def:409: Windows Kernel Memory Information Disclosure Vulnerability

2016-02-16  CISEC:410  oval:org.cisecurity:def:410: Windows Kernel Memory Information Disclosure Vulnerability
  CISEC:392  oval:org.cisecurity:def:392: Windows Kernel Memory Elevation of Privilege Vulnerability

2016-02-11  CISEC:390  oval:org.cisecurity:def:390: Windows Graphics Memory Remote Code Execution Vulnerability
  CISEC:389  oval:org.cisecurity:def:389: Windows Graphics Memory Remote Code Execution Vulnerability

2016-02-09  CISEC:386  oval:org.cisecurity:def:386: Internet Explorer Memory Corruption Vulnerability
  CISEC:385  oval:org.cisecurity:def:385: Internet Explorer Memory Corruption Vulnerability
  CISEC:388  oval:org.cisecurity:def:388: Internet Explorer Memory Corruption Vulnerability
  CISEC:387  oval:org.cisecurity:def:387: Internet Explorer Memory Corruption Vulnerability

2016-02-07  CVE-2015-6398  Cisco Nexus 9000 Application Centric Infrastructure (ACI) Mode switches with software before 11.0(1c) allow remote attackers to cause a denial of service (device reload) via an IPv4 ICMP packet with the IP Record Route option, aka Bug ID CSCuq57512.

2016-02-03  CISEC:391  oval:org.cisecurity:def:391: Windows Kernel Memory Elevation of Privilege Vulnerability

2016-02-01  CISEC:381  oval:org.cisecurity:def:381: Internet Explorer Memory Corruption Vulnerability

2016-01-22  CISEC:376  oval:org.cisecurity:def:376: Internet Explorer Memory Corruption Vulnerability

2016-01-14  CVE-2015-6314  Cisco Wireless LAN Controller (WLC) devices with software 7.6.x, 8.0 before 8.0.121.0, and 8.1 before 8.1.131.0 allow remote attackers to change configuration settings via unspecified vectors, aka Bug ID CSCuw06153.

2016-01-08  CVE-2015-7754  Juniper ScreenOS before 6.3.0r21, when ssh-pka is configured and enabled, allows remote attackers to cause a denial of service (system crash) or execute arbitrary code via crafted SSH negotiation.

2016-01-07  CVE-2015-6433  SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767.

2016-01-06  CVE-2015-5310  Wi-Fi in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows remote attackers to obtain sensitive Wi-Fi information by leveraging access to the local physical environment, aka internal bug 25266660.
  CVE-2015-6636  mediaserver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 25070493 and 24686670.
  CVE-2015-6637  The MediaTek misc-sd driver in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 25307013.
  CVE-2015-6638  The Imagination Technologies driver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 24673908.
  CVE-2015-6639  The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875.
  CVE-2015-6640  The prctl_set_vma_anon_name function in kernel/sys.c in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 does not ensure that only one vma is accessed in a certain update action, which allows attackers to gain privileges or...
  CVE-2015-6641  Bluetooth in Android 6.0 before 2016-01-01 allows remote attackers to obtain sensitive Contacts information by leveraging pairing, aka internal bug 23607427.
  CVE-2015-6642  The kernel in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining...
  CVE-2015-6643  Setup Wizard in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows physically proximate attackers to modify settings or bypass a reset protection mechanism via unspecified vectors, aka internal bug 25290269.
  CVE-2015-6644  Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146.
  CVE-2015-6645  SyncManager in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to cause a denial of service (continuous rebooting) via a crafted application, aka internal bug 23591205.
  CVE-2015-6646  The System V IPC implementation in the kernel in Android before 6.0 2016-01-01 allows attackers to cause a denial of service (global kernel resource consumption) by leveraging improper interaction between IPC resource allocation and...
  CVE-2015-6647  The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24441554.

2016-01-04  CVE-2015-6432  Cisco IOS XR 4.2.0, 4.3.0, 5.0.0, 5.1.0, 5.2.0, 5.2.2, 5.2.4, 5.3.0, and 5.3.2 does not properly restrict the number of Path Computation Elements (PCEs) for OSPF LSA opaque area updates, which allows remote attackers to cause a denial of service...

2015-12-28  CISEC:333  oval:org.cisecurity:def:333: Internet Explorer Memory Corruption Vulnerability

2015-12-22  CVE-2015-6431  Cisco IOS XE 16.1.1 allows remote attackers to cause a denial of service (device reload) via a packet with the 00-00-00-00-00-00 source MAC address, aka Bug ID CSCux48405.

2015-12-19  CVE-2015-7755  Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before...
  CVE-2015-7756  The encryption implementation in Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18...
  CVE-2015-6429  The IKEv1 state machine in Cisco IOS 15.4 through 15.6 and IOS XE 3.15 through 3.17 allows remote attackers to cause a denial of service (IPsec connection termination) via a crafted IKEv1 packet to a tunnel endpoint, aka Bug ID CSCuw08236.

2015-12-18  CISEC:311  oval:org.cisecurity:def:311: Internet Explorer Memory Corruption Vulnerability

2015-12-16  CVE-2015-6425  The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session tokens, aka Bug ID CSCul83786.

2015-12-15  CVE-2015-4206  Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remote attackers to bypass an XSS protection mechanism via a crafted parameter, aka Bug ID CSCuu15266.
  CVE-2015-6359  The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS 15.3(3)S0.1 on ASR devices mishandles internal tables, which allows remote attackers to cause a denial of service (memory consumption or device crash) via a flood of...

2015-12-11  CVE-2015-7037  Directory traversal vulnerability in Mobile Backup in Photos in Apple iOS before 9.2 allows attackers to read arbitrary files via a crafted pathname.
  CVE-2015-7050  WebKit in Apple iOS before 9.2 and Safari before 9.0.2 misparses content extensions, which allows remote attackers to obtain sensitive browsing-history information via a crafted web site.
  CVE-2015-7062  Apple OS X before 10.11.2 and tvOS before 9.1 allow local users to bypass intended configuration-profile installation restrictions via unspecified vectors.
  CVE-2015-7069  Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary code in a privileged context via an app that provides a crafted pathname, a different vulnerability than CVE-2015-7070.
  CVE-2015-7070  Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary code in a privileged context via an app that provides a crafted pathname, a different vulnerability than CVE-2015-7069.
  CVE-2015-7080  Siri in Apple iOS before 9.2 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state.
  CVE-2015-7081  iBooks in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to read arbitrary files via an iBooks file containing an XML external entity declaration in conjunction with an entity reference, related to an XML...
  CVE-2015-7094  CFNetwork HTTPProtocol in Apple iOS before 9.2 and OS X before 10.11.2 allows man-in-the-middle attackers to bypass the HSTS protection mechanism via a crafted URL.
  CVE-2015-7107  QuickLook in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file.
  CVE-2015-7109  IOAcceleratorFamily in Apple OS X before 10.11.2 and tvOS before 9.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
  CVE-2015-7110  The Disk Images component in Apple OS X before 10.11.2 and tvOS before 9.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted disk image.

2015-12-08  CVE-2015-6616  mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 24630158 and...
  CVE-2015-6617  Skia, as used in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23648740.
  CVE-2015-6618  Bluetooth in Android 4.4 and 5.x before 5.1.1 LMY48Z allows user-assisted remote attackers to execute arbitrary code by leveraging access to the local physical environment, aka internal bug 24595992.
  CVE-2015-6619  The kernel in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, aka internal bug 23520714.
  CVE-2015-6620  libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bugs 24123723 and...
  CVE-2015-6621  SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23909438.
  CVE-2015-6622  The Native Frameworks Library in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as...
  CVE-2015-6623  Wi-Fi in Android 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24872703.
  CVE-2015-6624  System Server in Android 6.0 before 2015-12-01 allows attackers to obtain sensitive information via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23999740.
  CVE-2015-6625  System Server in Android 6.0 before 2015-12-01 allows attackers to obtain sensitive information and consequently gain privileges via a crafted application, aka internal bug 23936840.
  CVE-2015-6626  libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by...
  CVE-2015-6627  The Audio component in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information via a crafted audio file, as demonstrated by obtaining Signature or SignatureOrSystem access, aka...
  CVE-2015-6628  Media Framework in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining...
  CVE-2015-6629  Wi-Fi in Android 5.x before 5.1.1 LMY48Z allows attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 22667667.
  CVE-2015-6630  SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to read screenshots and consequently gain privileges via a crafted application, aka internal bug 19121797.
  CVE-2015-6631  libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by...
  CVE-2015-6632  libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by...
  CVE-2015-6633  The display drivers in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23987307.
  CVE-2015-6634  The display drivers in Android before 5.1.1 LMY48Z allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24163261.
  CVE-2015-8505  mediaserver in Android before 5.1.1 LMY48Z allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 17769851, a different vulnerability than...
  CVE-2015-8506  mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24441553, a different...
  CVE-2015-8507  mediaserver in Android 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24157524, a different vulnerability than...

2015-12-05  CVE-2015-6783  The FindStartOffsetOfFileInZipFile function in crazy_linker_zip.cpp in crazy_linker (aka Crazy Linker) in Android 5.x and 6.x, as used in Google Chrome before 47.0.2526.73, improperly searches for an EOCD record, which allows...

2015-12-04  CVE-2015-6394  The kernel in Cisco NX-OS 5.2(9)N1(1) on Nexus 5000 devices allows local users to cause a denial of service (device crash) via crafted USB parameters, aka Bug ID CSCus89408.

2015-12-02  CVE-2015-6383  Cisco IOS XE 15.4(3)S on ASR 1000 devices improperly loads software packages, which allows local users to bypass license restrictions and obtain certain root privileges by using the CLI to enter crafted filenames, aka Bug ID CSCuv93130.

2015-12-01  CVE-2015-6385  The publish-event event-manager feature in Cisco IOS 15.5(2)S and 15.5(3)S on Cloud Services Router 1000V devices allows local users to execute arbitrary commands with root privileges by leveraging administrative access to enter crafted environment...

2015-11-21  CVE-2015-5787  The kernel in Apple iOS before 8.4.1 does not properly restrict debugging features, which allows attackers to bypass background-execution limitations via a crafted app.
  CVE-2015-5859  The CFNetwork HTTPProtocol component in Apple iOS before 9 and OS X before 10.11 does not properly recognize the HSTS preload list during a Safari private-browsing session, which makes it easier for remote attackers to obtain...
  CVE-2015-7036  The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API...
  CVE-2015-6375  The debug-logging (aka debug cns) feature in Cisco Networking Services (CNS) for IOS 15.2(2)E3 allows local users to obtain sensitive information by reading an unspecified file, aka Bug ID CSCux18010.

2015-11-13  CVE-2015-6365  Cisco IOS 15.2(04)M and 15.4(03)M lets physical-interface ACLs supersede virtual PPP interface ACLs, which allows remote authenticated users to bypass intended network-traffic restrictions in opportunistic circumstances by using PPP, aka Bug ID...

2015-11-12  CVE-2015-6366  Cisco IOS 15.2(04)M6 and 15.4(03)S lets physical-interface ACLs supersede tunnel-interface ACLs, which allows remote attackers to bypass intended network-traffic restrictions in opportunistic circumstances by using a tunnel, aka Bug ID CSCur01042.

2015-11-03  CVE-2015-6608  mediaserver in Android 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 19779574,...
  CVE-2015-6609  libutils in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22953624.
  CVE-2015-6610  libstagefright in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka internal bug 23707088.
  CVE-2015-6611  mediaserver in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs...
  CVE-2015-6612  libmedia in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges via a crafted application, aka internal bug 23540426.
  CVE-2015-6613  Bluetooth in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to send commands to a debugging port, and consequently gain privileges, via a crafted application, as demonstrated by obtaining Signature or...
  CVE-2015-6614  Telephony in Android 5.x before 5.1.1 LMY48X allows attackers to gain privileges, and consequently bypass intended network-interface restrictions, perform expensive data transfers, or cause a denial of service (call-reception outage...
  CVE-2015-8072  mediaserver in Android 4.4 through 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug...
  CVE-2015-8073  mediaserver in Android 4.4 and 5.1 before 5.1.1 LMY48X allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 14388161, a different vulnerability...
  CVE-2015-8074  mediaserver in Android before 5.1.1 LMY48X allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs 23540907 and 23515142, a...

2015-10-31  CVE-2015-6343  The SIP implementation in Cisco IOS 15.5(3)M on Cisco Unified Border Element (CUBE) devices allows remote attackers to cause a denial of service via crafted SIP messages, aka Bug ID CSCuv79202.

2015-10-24  CVE-2015-6341  The Web Management GUI on Cisco Wireless LAN Controller (WLC) devices with software 7.4(140.0) and 8.0(120.0) allows remote attackers to cause a denial of service (client disconnection) via unspecified vectors, aka Bug ID CSCuw10610.

2015-10-23  CVE-2015-5924  The OpenGL implementation in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
  CVE-2015-5928  WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site,...
  CVE-2015-5929  WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site,...
  CVE-2015-5930  WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site,...
  CVE-2015-5940  The Accelerate Framework component in Apple iOS before 9.1 and OS X before 10.11.1, when multi-threading is enabled, omits certain validation and locking steps, which allows remote attackers to execute arbitrary code or cause a...
  CVE-2015-6975  CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability...
  CVE-2015-6976  FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6977,...
  CVE-2015-6977  FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,...
  CVE-2015-6981  WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2015-6982  WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2015-6983  Double free vulnerability in Apple iOS before 9.1 and OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that accesses AtomicBufferedFile descriptors.
  CVE-2015-6986  com.apple.driver.AppleVXD393 in the Graphics Driver subsystem in Apple iOS before 9.1 allows attackers to execute arbitrary code via a crafted app that leverages an unspecified "type confusion."
  CVE-2015-6988  The kernel in Apple iOS before 9.1 and OS X before 10.11.1 does not initialize an unspecified data structure, which allows remote attackers to execute arbitrary code via vectors involving an unknown network-connectivity requirement.
  CVE-2015-6990  FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,...
  CVE-2015-6991  FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,...
  CVE-2015-6992  CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability...
  CVE-2015-6993  FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,...
  CVE-2015-6994  The kernel in Apple iOS before 9.1 and OS X before 10.11.1 mishandles reuse of virtual memory, which allows attackers to cause a denial of service via a crafted app.
  CVE-2015-6995  The Disk Images component in Apple iOS before 9.1 and OS X before 10.11.1 misparses images, which allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app.
  CVE-2015-6999  The OCSP client in Apple iOS before 9.1 does not check for certificate expiry, which allows remote attackers to spoof a valid certificate by leveraging access to a revoked certificate.
  CVE-2015-7000  Notification Center in Apple iOS before 9.1 mishandles changes to "Show on Lock Screen" settings, which allows physically proximate attackers to obtain sensitive information by looking for a (1) Phone or (2) Messages notification on...
  CVE-2015-7002  WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site,...
  CVE-2015-7004  The kernel in Apple iOS before 9.1 allows attackers to cause a denial of service via a crafted app.
  CVE-2015-7005  WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  CVE-2015-7008  FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,...
  CVE-2015-7009  FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,...
  CVE-2015-7010  FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,...
  CVE-2015-7012  WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site,...
  CVE-2015-7013  WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2015-7014  WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site,...
  CVE-2015-7017  CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability...
  CVE-2015-7018  FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,...
  CVE-2015-7022  The Telephony subsystem in Apple iOS before 9.1 allows attackers to obtain sensitive call-status information via a crafted app.
  CVE-2015-7023  CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors.

2015-10-19  CVE-2015-7748  Juniper chassis with Trio (Trinity) chipset line cards and Junos OS 13.3 before 13.3R8, 14.1 before 14.1R6, 14.2 before 14.2R5, and 15.1 before 15.1R2 allow remote attackers to cause a denial of service (MPC line card crash) via a crafted uBFD packet.
  CVE-2015-7749  The PFE daemon in Juniper vSRX virtual firewalls with Junos OS before 15.1X49-D20 allows remote attackers to cause a denial of service via an unspecified connection request to the "host-OS."
  CVE-2015-7750  The L2TP packet processing functionality in Juniper Netscreen and ScreenOS Firewall products with ScreenOS before 6.3.0r13-dnd1, 6.3.0r14 through 6.3.0r18 before 6.3.0r18-dnc1, and 6.3.0r19 allows remote attackers to cause a denial of service via a...
  CVE-2015-7751  Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D35, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X50 before...
  CVE-2015-7752  The SSH server in Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D35, 13.3 before 13.3R6, 14.1 before 14.1R5,...

2015-10-16  CVE-2014-6449  Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R8, 13.3 before 13.3R7, 14.1 before 14.1R5, and 14.2 before 14.2R1 do not properly handle...
  CVE-2014-6450  Juniper Junos OS before 11.4R12-S4, 12.1X44 before 12.1X44-D41, 12.1X46 before 12.1X46-D26, 12.1X47 before 12.1X47-D11/D15, 12.2 before 12.2R9, 12.2X50 before 12.2X50-D70, 12.3 before 12.3R8, 12.3X48 before 12.3X48-D10, 12.3X50 before 12.3X50-D42,...
  CVE-2014-6451  J-Web in Juniper vSRX virtual firewalls with Junos OS before 15.1X49-D20 allows remote attackers to cause a denial of service (system reboot) via unspecified vectors.

2015-10-11  CVE-2015-6263  The RADIUS client implementation in Cisco IOS 15.4(3)M2.2, when a shared RADIUS secret is configured, allows remote RADIUS servers to cause a denial of service (device reload) via malformed answers, aka Bug ID CSCuu59324.

2015-10-09  CVE-2015-5923  Apple iOS before 9.0.2 does not properly restrict the options available on the lock screen, which allows physically proximate attackers to read contact data or view photos via unspecified vectors.

2015-10-08  CVE-2015-6311  Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0), 7.3(101.0), and 7.4(1.19) allow remote attackers to cause a denial of service (device outage) by sending malformed 802.11i management data to a managed access point, aka Bug ID...

2015-10-06  CVE-2015-3862  mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22954006.
  CVE-2015-3865  The Runtime subsystem in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23050463.
  CVE-2015-3867  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23213430.
  CVE-2015-3868  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23270724.
  CVE-2015-3869  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23036083.
  CVE-2015-3870  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22771132.
  CVE-2015-3823  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 21335999.
  CVE-2015-3847  Bluetooth in Android before 5.1.1 LMY48T allows attackers to remove stored SMS messages via a crafted application, aka internal bug 22343270.
  CVE-2015-3871  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23031033.
  CVE-2015-3872  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23346388.
  CVE-2015-3873  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23016072, 23248776, 23247055, 22845824,...
  CVE-2015-3874  The Sonivox components in Android before 5.1.1 LMY48T allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23335715, 23307276, and 23286323.
  CVE-2015-3875  libutils in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22952485.
  CVE-2015-3877  Skia, as used in Android before 5.1.1 LMY48T, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20723696.
  CVE-2015-3878  Media Projection in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to bypass an intended screen-recording warning feature and obtain sensitive screen-snapshot information via a crafted application that...
  CVE-2015-3879  Media Player Framework in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bug 23223325.
  CVE-2015-6596  mediaserver in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bugs 20731946 and 20719651, a different vulnerability than CVE-2015-7717.
  CVE-2015-6598  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23306638.
  CVE-2015-6599  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23416608.
  CVE-2015-6600  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22882938.
  CVE-2015-6601  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22935234.
  CVE-2015-6603  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23227354.
  CVE-2015-6604  libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23129786.
  CVE-2015-6605  mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bugs 20915134 and 23142203, a different vulnerability than CVE-2015-7718.
  CVE-2015-6606  The Secure Element Evaluation Kit (aka SEEK or SmartCard API) plugin in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access,...
  CVE-2015-7716  libstagefright in Android 5.x before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20721050, a different vulnerability than...
  CVE-2015-7717  mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 19573085, a different vulnerability than CVE-2015-6596.
  CVE-2015-7718  mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22278703, a different vulnerability than CVE-2015-6605.

2015-10-02  CVE-2015-6308  Cisco NX-OS 6.0(2)U6(0.46) on N3K devices allows remote authenticated users to cause a denial of service (temporary SNMP outage) via an SNMP request for an OID that does not exist, aka Bug ID CSCuw36684.

2015-10-01  CVE-2015-3876  libstagefright in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file.
  CVE-2015-6602  libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x.

2015-09-30  CVE-2014-7915  Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15328708.
  CVE-2014-7916  Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342751.
  CVE-2014-7917  Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342615.
  CVE-2015-3860  packages/Keyguard/res/layout/keyguard_password_view.xml in Lockscreen in Android 5.x before 5.1.1 LMY48M does not restrict the number of characters in the passwordEntry input field, which allows physically proximate attackers to...
  CVE-2015-3861  Multiple integer overflows in the addVorbisCodecInfo function in matroska/MatroskaExtractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allow remote attackers to cause a denial of service (device...
  CVE-2015-3863  Multiple integer overflows in the Blob class in keystore/keystore.cpp in Keystore in Android before 5.1.1 LMY48M allow attackers to execute arbitrary code and read arbitrary Keystore keys via an application that uses a crafted blob...
  CVE-2015-3864  Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted MPEG-4 data, aka...
  CVE-2015-1528  Integer overflow in the native_handle_create function in libcutils/native_handle.c in Android before 5.1.1 LMY48M allows attackers to obtain a different application's privileges or cause a denial of service (Binder heap memory...
  CVE-2015-1536  Integer overflow in the Bitmap_createFromParcel function in core/jni/android/graphics/Bitmap.cpp in Android before 5.1.1 LMY48I allows attackers to cause a denial of service (system_server crash) or obtain sensitive system_server...
  CVE-2015-1538  Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an...
  CVE-2015-1539  Multiple integer underflows in the ESDS::parseESDescriptor function in ESDS.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via crafted ESDS atoms, aka internal bug 20139950, a...
  CVE-2015-1541  The AppWidgetServiceImpl implementation in com/android/server/appwidget/AppWidgetServiceImpl.java in the Settings application in Android before 5.1.1 LMY48I allows attackers to obtain a URI permission via an application that sends an...
  CVE-2015-3824  The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly restrict size addition, which allows remote attackers to execute arbitrary code or cause a denial of...
  CVE-2015-3826  The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote...
  CVE-2015-3827  The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not validate the relationship between chunk sizes and skip sizes, which allows remote attackers to execute arbitrary...
  CVE-2015-3828  The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote...
  CVE-2015-3829  Off-by-one error in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and...
  CVE-2015-3831  Buffer overflow in the readAt function in BpMediaHTTPConnection in media/libmedia/IMediaHTTPConnection.cpp in the mediaserver service in Android before 5.1.1 LMY48I allows attackers to execute arbitrary code via a crafted...
  CVE-2015-3832  Multiple buffer overflows in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via invalid size values of NAL units in MP4 data, aka internal bug 19641538.
  CVE-2015-3833  The getRunningAppProcesses function in services/core/java/com/android/server/am/ActivityManagerService.java in Android before 5.1.1 LMY48I allows attackers to bypass intended getRecentTasks restrictions and discover the name of the...
  CVE-2015-3834  Multiple integer overflows in the BnHDCP::onTransact function in media/libmedia/IHDCP.cpp in libstagefright in Android before 5.1.1 LMY48I allow attackers to execute arbitrary code via a crafted application that uses HDCP encryption,...
  CVE-2015-3835  Buffer overflow in the OMXNodeInstance::emptyBuffer function in omx/OMXNodeInstance.cpp in libstagefright in Android before 5.1.1 LMY48I allows attackers to execute arbitrary code via a crafted application, aka internal bug 20634516.
  CVE-2015-3836  The Parse_wave function in arm-wt-22k/lib_src/eas_mdls.c in the Sonivox DLS-to-EAS converter in Android before 5.1.1 LMY48I does not reject a negative value for a certain size field, which allows remote attackers to execute arbitrary...
  CVE-2015-3837  The OpenSSLX509Certificate class in org/conscrypt/OpenSSLX509Certificate.java in Android before 5.1.1 LMY48I improperly includes certain context data during serialization and deserialization, which allows attackers to execute...
  CVE-2015-3842  Multiple heap-based buffer overflows in libeffects in the Audio Policy Service in mediaserver in Android before 5.1.1 LMY48I allow attackers to execute arbitrary code via a crafted application, aka internal bug 21953516.
  CVE-2015-3843  The SIM Toolkit (STK) framework in Android before 5.1.1 LMY48I allows attackers to (1) intercept or (2) emulate unspecified Telephony STK SIM commands via an application that sends a crafted Intent, related to...
  CVE-2015-3844  The getProcessRecordLocked method in services/core/java/com/android/server/am/ActivityManagerService.java in ActivityManager in Android before 5.1.1 LMY48I allows attackers to trigger incorrect process loading via a crafted...
  CVE-2015-3845  The Parcel::appendFrom function in libs/binder/Parcel.cpp in Binder in Android before 5.1.1 LMY48M does not consider parcel boundaries during identification of binder objects in an append operation, which allows attackers to obtain a...
  CVE-2015-3849  The Region_createFromParcel function in core/jni/android/graphics/Region.cpp in Region in Android before 5.1.1 LMY48M does not check the return values of certain read operations, which allows attackers to execute arbitrary code via...
  CVE-2015-3858  The checkDestination function in internal/telephony/SMSDispatcher.java in Android before 5.1.1 LMY48M relies on an obsolete permission name for an authorization check, which allows attackers to bypass an intended user-confirmation...
  CVE-2015-6575  SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly consider integer promotion, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory...

2015-09-27  CVE-2015-6278  The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E before 3.7.2E; 3.9S and 3.10S before 3.10.6S;...
  CVE-2015-6279  The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E before 3.7.2E; 3.9S and 3.10S before 3.10.6S;...
  CVE-2015-6280  The SSHv2 functionality in Cisco IOS 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.6E before 3.6.3E, 3.7E before 3.7.1E, 3.10S before 3.10.6S, 3.11S before 3.11.4S, 3.12S before 3.12.3S, 3.13S before 3.13.3S, and 3.14S before 3.14.1S does not properly...

2015-09-25  CVE-2015-6282  Cisco IOS XE 2.x and 3.x before 3.10.6S, 3.11.xS through 3.13.xS before 3.13.3S, and 3.14.xS through 3.15.xS before 3.15.1S allows remote attackers to cause a denial of service (device reload) via IPv4 packets that require NAT and MPLS actions, aka...
  CVE-2015-6302  The RADIUS functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.0(250.0) and 7.0(252.0) allows remote attackers to disconnect arbitrary sessions via crafted Disconnect-Request UDP packets, aka Bug ID CSCuw29419.

2015-09-20  CVE-2015-6295  Cisco NX-OS 6.1(2)I3(4) and 7.0(3)I1(1) on Nexus 9000 (N9K) devices allows remote attackers to cause a denial of service (CPU consumption or control-plane instability) or trigger unintended traffic forwarding via a Layer 2 packet with a reserved...

2015-09-18  CVE-2014-8611  The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a...
  CVE-2015-5788  The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element.
  CVE-2015-5789  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5790  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5791  WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2015-5792  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5793  WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2015-5794  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5795  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5796  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5797  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-3801  The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified vectors.
  CVE-2015-5764  The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5765 and CVE-2015-5767.
  CVE-2015-5765  The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5767.
  CVE-2015-5767  The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5765.
  CVE-2015-5799  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5800  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5801  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5802  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5803  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5804  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5805  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5806  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5807  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5809  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5810  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5811  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5812  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5813  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5814  WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2015-5816  WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2015-5817  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5818  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5819  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5820  WebKit in Apple iOS before 9 allows remote attackers to trigger a dialing action via a crafted (1) tel://, (2) facetime://, or (3) facetime-audio:// URL.
  CVE-2015-5821  WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2015-5822  WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2015-5823  WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2015-5825  WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information about the browser history, mouse movement, or network traffic via...
  CVE-2015-5826  WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a...
  CVE-2015-5827  WebKit in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain an object reference via vectors involving a (1) custom event, (2) message event, or (3) pop state event.
  CVE-2015-5831  NetworkExtension in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows attackers to obtain sensitive memory-layout information via a crafted app.
  CVE-2015-5832  The iTunes Store component in Apple iOS before 9 does not properly delete AppleID credentials from the keychain upon a signout action, which might allow physically proximate attackers to obtain sensitive information via unspecified...
  CVE-2015-5835  Apple iOS before 9 allows attackers to obtain sensitive information about inter-app communication via a crafted app that conducts an interception attack involving an unspecified URL scheme.
  CVE-2015-5838  SpringBoard in Apple iOS before 9 does not properly restrict access to privileged API calls, which allows attackers to spoof the dialog windows of an arbitrary app via a crafted app.
  CVE-2015-5850  AppleKeyStore in Apple iOS before 9 allows physically proximate attackers to reset the count of incorrect passcode attempts via a device backup.
  CVE-2015-5851  The convenience initializer in the Multipeer Connectivity component in Apple iOS before 9 does not require an encrypted session, which allows local users to obtain cleartext multipeer data via an encrypted-to-unencrypted downgrade attack.
  CVE-2015-5856  The Application Store component in Apple iOS before 9 allows remote attackers to cause a denial of service to an enterprise-signed app via a crafted ITMS URL.
  CVE-2015-5857  Mail in Apple iOS before 9 allows remote attackers to use an address-book contact as a spoofed e-mail sender address via unspecified vectors.
  CVE-2015-5861  SpringBoard in Apple iOS before 9 allows physically proximate attackers to bypass a lock-screen preview-disabled setting, and reply to an audio message, via unspecified vectors.
  CVE-2015-5879  XNU in the kernel in Apple iOS before 9 does not properly validate the headers of TCP packets, which allows remote attackers to bypass the sequence-number protection mechanism and cause a denial of service (TCP connection disruption)...
  CVE-2015-5880  CoreAnimation in Apple iOS before 9 allows attackers to bypass intended IOSurface restrictions and obtain screen-framebuffer access via a crafted background app.
  CVE-2015-5892  Siri in Apple iOS before 9 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state.
  CVE-2015-5904  Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted web site.
  CVE-2015-5905  Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted window opener on a web site.
  CVE-2015-5906  The HTML form implementation in WebKit in Apple iOS before 9 does not prevent QuickType access to the final character of a password, which might make it easier for remote attackers to discover a password by leveraging a later...
  CVE-2015-5907  WebKit in Apple iOS before 9 allows man-in-the-middle attackers to conduct redirection attacks by leveraging the mishandling of the resource cache of an SSL web site with an invalid X.509 certificate.
  CVE-2015-5912  The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses.
  CVE-2015-5921  WebKit in Apple iOS before 9 mishandles "Content-Disposition: attachment" HTTP headers, which might allow man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
  CVE-2015-6294  Cisco IOS 15.2(3)E and earlier and IOS XE 3.6(2)E and earlier allow remote attackers to cause a denial of service (functionality loss) via crafted Cisco Discovery Protocol (CDP) packets, aka Bug ID CSCuu25770.
  CVE-2015-6297  The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers to cause a denial of service (process reset) via crafted packets, aka Bug ID CSCun36525.

2015-08-31  CVE-2015-6269  Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted (1) IPv4 or (2) IPv6 packet, aka Bug ID CSCsw69990.
  CVE-2015-6270  Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted IPv6 packet, aka Bug ID CSCsv98555.
  CVE-2015-6271  Cisco IOS XE 2.1.0 through 2.4.3 and 2.5.0 on ASR 1000 devices, when NAT Application Layer Gateway is used, allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted SIP packet, aka Bug IDs CSCta74749 and...
  CVE-2015-6272  Cisco IOS XE 2.1.0 through 2.2.3 and 2.3.0 on ASR 1000 devices, when NAT Application Layer Gateway is used, allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted H.323 packet, aka Bug ID CSCsx35393,...

2015-08-28  CVE-2015-6267  Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted L2TP packet, aka Bug IDs CSCsw95722 and CSCsw95496.
  CVE-2015-6268  Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted IPv4 UDP packet, aka Bug ID CSCsw95482.
  CVE-2015-6273  Cisco IOS XE before 3.1.2S on ASR 1000 devices mishandles the automatic setup of Virtual Fragment Reassembly (VFR) by certain firewall and NAT components, which allows remote attackers to cause a denial of service (Embedded Services Processor crash)...

2015-08-22  CVE-2015-6258  The Internet Access Point Protocol (IAPP) module on Cisco Wireless LAN Controller (WLC) devices with software 8.1(104.37) allows remote attackers to trigger incorrect traffic forwarding via crafted IPv6 packets, aka Bug ID CSCuv40033.

2015-08-19  CVE-2015-4277  The global-configuration implementation on Cisco ASR 9000 devices with software 5.1.3 and 5.3.0 improperly closes vty sessions after a commit/end operation, which allows local users to cause a denial of service (tmp/*config file creation, memory...
  CVE-2015-4296  Nexus Data Broker (NDB) on Cisco Nexus 3000 devices with software 6.0(2)A6(1) allows remote attackers to cause a denial of service (Java process restart) via crafted connections to the Java application, aka Bug ID CSCut87006.
  CVE-2015-4301  Cisco NX-OS on Nexus 9000 devices 11.1(1c) allows remote authenticated users to cause a denial of service (device hang) via large files that are copied to a device's filesystem, aka Bug ID CSCuu77225.
  CVE-2015-4323  Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 7.3(0)ZN(0.9); Nexus 3000 devices 6.0(2)U5(1.41), 7.0(3)I2(0.373), and 7.3(0)ZN(0.83); Nexus 4000 devices 4.1(2)E1(1b); Nexus 7000 devices 6.2(14)S1; Nexus 9000 devices...
  CVE-2015-4324  Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 7.3(0)ZN(0.81), Nexus 3000 devices 7.3(0)ZN(0.81), Nexus 4000 devices 4.1(2)E1(1c), Nexus 7000 devices 7.2(0)N1(0.1), and Nexus 9000 devices 7.3(0)ZN(0.81) allows remote...

2015-08-16  CVE-2015-3729  Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not indicate what web site originated an input prompt, which allows remote attackers to conduct spoofing attacks...
  CVE-2015-3730  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3731  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3732  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3733  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3734  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3735  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3736  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3737  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3738  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3739  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3740  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3741  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3742  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3743  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3744  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3745  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3746  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3747  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3748  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3749  WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a...
  CVE-2015-3750  WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy...
  CVE-2015-3751  WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to bypass a Content Security Policy protection mechanism by using a video control in...
  CVE-2015-3752  The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report...
  CVE-2015-3753  WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the...
  CVE-2015-3755  WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to spoof the user interface via a malformed URL.
  CVE-2015-3756  The Certificate UI in Apple iOS before 8.4.1 does not prevent X.509 certificate acceptance within the lock screen, which allows physically proximate attackers to establish arbitrary certificate trust relationships by completing a dialog.
  CVE-2015-3758  UIKit WebView in Apple iOS before 8.4.1 allows attackers to bypass an intended user-confirmation requirement and initiate arbitrary FaceTime calls via an app that provides a crafted URL.
  CVE-2015-3759  Location Framework in Apple iOS before 8.4.1 allows local users to bypass intended restrictions on filesystem modification via a symlink.
  CVE-2015-3763  Safari in Apple iOS before 8.4.1 does not limit the rate of JavaScript alert messages, which allows remote attackers to cause a denial of service (apparent browser locking) via a crafted web site.
  CVE-2015-3766  The kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly restrict the mach_port_space_info interface, which allows attackers to obtain sensitive memory-layout information via a crafted app.
  CVE-2015-3768  Integer overflow in the kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that makes unspecified IOKit API calls.
  CVE-2015-3776  IOKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption and application crash) via a malformed plist.
  CVE-2015-3778  bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic.
  CVE-2015-3782  CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to access an iCloud user record associated with a previous user's login session via a crafted app.
  CVE-2015-3793  CFPreferences in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app.
  CVE-2015-3795  libxpc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app that sends a malformed XPC message.
  CVE-2015-3796  The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular...
  CVE-2015-3797  The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular...
  CVE-2015-3798  The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular...
  CVE-2015-3800  The DiskImages component in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via a malformed DMG image.
  CVE-2015-3802  Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3805.
  CVE-2015-3803  Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted multi-architecture executable file.
  CVE-2015-3804  FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability...
  CVE-2015-3805  Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3802.
  CVE-2015-3806  Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism by appending code to a crafted executable file.
  CVE-2015-5746  AppleFileConduit in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via an afc command that leverages symlink mishandling.
  CVE-2015-5748  The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local users to cause a denial of service via a crafted volume.
  CVE-2015-5749  The Sandbox_profiles component in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app.
  CVE-2015-5752  Backup in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via a crafted app that creates a symlink.
  CVE-2015-5755  CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability...
  CVE-2015-5756  FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability...
  CVE-2015-5757  libpthread in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via an app that uses a crafted syscall to interfere with...
  CVE-2015-5758  ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.
  CVE-2015-5759  WebKit in Apple iOS before 8.4.1 allows remote attackers to spoof clicks via a crafted web site that leverages tap events.
  CVE-2015-5761  CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability...
  CVE-2015-5766  Directory traversal vulnerability in Air Traffic in Apple iOS before 8.4.1 allows attackers to access arbitrary filesystem locations via vectors related to asset handling.
  CVE-2015-5769  The MSVDX driver in Apple iOS before 8.4.1 allows remote attackers to cause a denial of service (device crash) via a crafted video.
  CVE-2015-5770  MobileInstallation in Apple iOS before 8.4.1 does not ensure the uniqueness of universal provisioning profile bundle IDs, which allows attackers to replace arbitrary extensions via a crafted enterprise app.
  CVE-2015-5773  QL Office in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted office document.
  CVE-2015-5774  Buffer overflow in IOHIDFamily in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges via unspecified vectors.
  CVE-2015-5775  FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability...
  CVE-2015-5776  Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by leveraging use of an AF_INET6 socket.
  CVE-2015-5777  CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different...
  CVE-2015-5778  CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different...
  CVE-2015-5781  ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted PNG image.
  CVE-2015-5782  ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.

2015-08-08  CVE-2015-1805  The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local...

2015-07-31  CVE-2015-4291  Cisco IOS XE 2.x before 2.4.3 and 2.5.x before 2.5.1 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted series of fragmented (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCtd72617.
  CVE-2015-4295  The Prime Collaboration Deployment component in Cisco Unified Communications Manager 10.5(3.10000.9) allows remote authenticated users to discover root credentials via a direct request to an unspecified URL, aka Bug ID CSCuv21819.

2015-07-30  MITRE:29400  oval:org.mitre.oval:def:29400: Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers
  MITRE:29480  oval:org.mitre.oval:def:29480: Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote attackers to execute code
  MITRE:29418  oval:org.mitre.oval:def:29418: Buffer overflow in a "core application plug-in" for Adobe Reader 5.1 through 7.0.2 and Acrobat 5.0 through 7.0.2
  CVE-2015-4293  The packet-reassembly implementation in Cisco IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (CPU consumption or packet loss) via fragmented (1) IPv4 or (2) IPv6 packets that trigger ATTN-3-SYNC_TIMEOUT errors after...

2015-07-24  CVE-2015-0681  The TFTP server in Cisco IOS 12.2(44)SQ1, 12.2(33)XN1, 12.4(25e)JAM1, 12.4(25e)JAO5m, 12.4(23)JY, 15.0(2)ED1, 15.0(2)EY3, 15.1(3)SVF4a, and 15.2(2)JB1 and IOS XE 2.5.x, 2.6.x, 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, and 3.5.xS before 3.6.0S; 3.1.xSG,...

2015-07-23  MITRE:29139  oval:org.mitre.oval:def:29139: Microsoft Office memory corruption vulnerability
  MITRE:29245  oval:org.mitre.oval:def:29245: Microsoft Office memory corruption vulnerability
  MITRE:29517  oval:org.mitre.oval:def:29517: Microsoft Office memory corruption vulnerability
  MITRE:28805  oval:org.mitre.oval:def:28805: Microsoft Office memory corruption vulnerability
  MITRE:28544  oval:org.mitre.oval:def:28544: Microsoft Office memory corruption vulnerability
  MITRE:29525  oval:org.mitre.oval:def:29525: Microsoft Excel DLL remote code execution vulnerability
  MITRE:29449  oval:org.mitre.oval:def:29449: Microsoft Office memory corruption vulnerability
  MITRE:29284  oval:org.mitre.oval:def:29284: Microsoft Office memory corruption vulnerability
  CVE-2015-4285  The Local Packet Transport Services (LPTS) implementation in Cisco IOS XR 5.1.2, 5.1.3, 5.2.1, and 5.2.2 on ASR9k devices makes incorrect decisions about the opening of TCP and UDP ports during the processing of flow base entries, which allows...

2015-07-22  MITRE:29414  oval:org.mitre.oval:def:29414: Internet Explorer memory corruption vulnerability
  MITRE:29075  oval:org.mitre.oval:def:29075: Internet Explorer XSS filter bypass vulnerability
  MITRE:28818  oval:org.mitre.oval:def:28818: Internet Explorer memory corruption vulnerability
  MITRE:29357  oval:org.mitre.oval:def:29357: Internet Explorer memory corruption vulnerability
  MITRE:29452  oval:org.mitre.oval:def:29452: SQL Server elevation of privilege vulnerability
  MITRE:29159  oval:org.mitre.oval:def:29159: Internet Explorer memory corruption vulnerability
  MITRE:28614  oval:org.mitre.oval:def:28614: Internet Explorer memory corruption vulnerability
  MITRE:28968  oval:org.mitre.oval:def:28968: Elevation of privilege vulnerability in Netlogon
  MITRE:29454  oval:org.mitre.oval:def:29454: Internet Explorer elevation of privilege vulnerability
  MITRE:29132  oval:org.mitre.oval:def:29132: Win32k information disclosure vulnerability
  MITRE:29128  oval:org.mitre.oval:def:29128: Win32k elevation of privilege vulnerability
  MITRE:29315  oval:org.mitre.oval:def:29315: SQL Server remote code execution vulnerability
  MITRE:28743  oval:org.mitre.oval:def:28743: Win32k information disclosure vulnerability
  MITRE:28804  oval:org.mitre.oval:def:28804: Internet Explorer memory corruption vulnerability
  MITRE:28990  oval:org.mitre.oval:def:28990: OLE Elevation of privilege vulnerability
  MITRE:28938  oval:org.mitre.oval:def:28938: VBScript Memory corruption vulnerability
  MITRE:29015  oval:org.mitre.oval:def:29015: Internet Explorer memory corruption vulnerability
  MITRE:29406  oval:org.mitre.oval:def:29406: Hyper-V system data structure vulnerability
  MITRE:29436  oval:org.mitre.oval:def:29436: Win32k Elevation of privilege vulnerability
  MITRE:28529  oval:org.mitre.oval:def:28529: Internet Explorer memory corruption vulnerability
  MITRE:29391  oval:org.mitre.oval:def:29391: Hyper-V buffer overflow vulnerability
  MITRE:29485  oval:org.mitre.oval:def:29485: SQL Server remote code execution vulnerability
  MITRE:28834  oval:org.mitre.oval:def:28834: Internet Explorer memory corruption vulnerability
  MITRE:29292  oval:org.mitre.oval:def:29292: Internet Explorer memory corruption vulnerability
  MITRE:29164  oval:org.mitre.oval:def:29164: Internet Explorer memory corruption vulnerability
  MITRE:29327  oval:org.mitre.oval:def:29327: Windows RPC elevation of privilege vulnerability
  MITRE:29247  oval:org.mitre.oval:def:29247: Internet Explorer memory corruption vulnerability
  MITRE:29487  oval:org.mitre.oval:def:29487: Internet Explorer memory corruption vulnerability
  MITRE:29360  oval:org.mitre.oval:def:29360: Internet Explorer memory corruption vulnerability
  MITRE:29355  oval:org.mitre.oval:def:29355: Internet Explorer ASLR bypass vulnerability
  MITRE:29278  oval:org.mitre.oval:def:29278: Internet Explorer memory corruption vulnerability
  MITRE:29422  oval:org.mitre.oval:def:29422: Internet Explorer information disclosure vulnerability
  MITRE:29087  oval:org.mitre.oval:def:29087: Internet Explorer memory corruption vulnerability
  MITRE:29156  oval:org.mitre.oval:def:29156: Win32k elevation of privilege vulnerability
  MITRE:29295  oval:org.mitre.oval:def:29295: Internet Explorer memory corruption vulnerability
  MITRE:29316  oval:org.mitre.oval:def:29316: Jscript9 Memory corruption vulnerability
  MITRE:29493  oval:org.mitre.oval:def:29493: OpenType font driver vulnerability
  MITRE:29388  oval:org.mitre.oval:def:29388: Win32k information disclosure vulnerability
  MITRE:29280  oval:org.mitre.oval:def:29280: Windows DLL remote code execution vulnerability
  MITRE:28708  oval:org.mitre.oval:def:28708: Graphics component EOP vulnerability
  MITRE:29332  oval:org.mitre.oval:def:29332: ATMFD.DLL Memory corruption vulnerability
  MITRE:29395  oval:org.mitre.oval:def:29395: Internet Explorer memory corruption vulnerability
  MITRE:29324  oval:org.mitre.oval:def:29324: Internet Explorer memory corruption vulnerability
  MITRE:29392  oval:org.mitre.oval:def:29392: Remote Desktop Protocol
  MITRE:29219  oval:org.mitre.oval:def:29219: Internet Explorer memory corruption vulnerability
  MITRE:29149  oval:org.mitre.oval:def:29149: DLL planting remote code execution vulnerability
  MITRE:29470  oval:org.mitre.oval:def:29470: Internet Explorer memory corruption vulnerability
  MITRE:29198  oval:org.mitre.oval:def:29198: OLE Elevation of privilege vulnerability
  MITRE:29431  oval:org.mitre.oval:def:29431: Windows installer EoP vulnerability
  MITRE:29296  oval:org.mitre.oval:def:29296: Internet Explorer memory corruption vulnerability
  MITRE:29010  oval:org.mitre.oval:def:29010: Internet Explorer memory corruption vulnerability
  CVE-2015-4284  The Concurrent Data Management Replication process in Cisco IOS XR 5.3.0 on ASR 9000 devices allows remote attackers to cause a denial of service (BGP process reload) via malformed BGPv4 packets, aka Bug ID CSCur70670.

2015-07-16  CVE-2015-5357  The Juniper EX4600, QFX3500, QFX3600, and QFX5100 switches with Junos 13.2X51-D15 through 13.2X51-D25, 13.2X51 before 13.2X51-D30, and 14.1X53 before 14.1X53-D10 allows remote attackers to cause a denial of service (CPU consumption) via unspecified...
  CVE-2015-5360  IPv6 sendd in Juniper Junos 12.1X44 before 12.1X44-D51, 12.1X46 before 12.1X46-D36, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R8, 13.3 before 13.3R6, 14.1 before 14.1R5,...
  CVE-2015-5363  The SRX Network Security Daemon (nsd) in Juniper SRX Series services gateways with Junos 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 allows remote DNS servers to cause a denial...

2015-07-14  CVE-2015-3007  The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the "set system ports console insecure" feature, which allows physically...
  CVE-2015-5358  Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D35, 13.2X52 before 13.2X52-D25, 13.3 before 13.3R6,...
  CVE-2015-5359  Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R7, 13.3 before 13.3R5, 14.1R3 before 14.1R3-S2, 14.1 before 14.1R4, 14.2 before...
  CVE-2015-5362  The BFD daemon in Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R8, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X50 before...
  CVE-2015-4269  The Tomcat throttling feature in Cisco Unified Communications Manager 10.5(1.99995.9) allows remote authenticated users to cause a denial of service (management outage) by sending many requests, aka Bug ID CSCuu99709.
  CVE-2015-4272  Multiple cross-site scripting (XSS) vulnerabilities in the ccmivr page in Cisco Unified Communications Manager (formerly CallManager) 10.5(2.10000.5) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID...

2015-07-08  CVE-2015-4243  The PPPoE establishment implementation in Cisco IOS XE 3.5.0S on ASR 1000 devices allows remote attackers to cause a denial of service (device reload) by sending malformed PPPoE Active Discovery Request (PADR) packets on the local network, aka Bug...

2015-07-03  CVE-2015-4231  The Python interpreter in Cisco NX-OS 6.2(8a) on Nexus 7000 devices allows local users to bypass intended access restrictions and delete an arbitrary VDC's files by leveraging administrative privileges in one VDC, aka Bug ID CSCur08416.
  CVE-2015-4232  Cisco NX-OS 6.2(10) on Nexus and MDS 9000 devices allows local users to execute arbitrary OS commands by entering crafted tar parameters in the CLI, aka Bug ID CSCus44856.
  CVE-2015-4234  Cisco NX-OS 6.0(2) and 6.2(2) on Nexus devices has an improper OS configuration, which allows local users to obtain root access via unspecified input to the Python interpreter, aka Bug IDs CSCun02887, CSCur00115, and CSCur00127.
  CVE-2015-4237  The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491,...

2015-07-02  CVE-2015-3658  The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an...
  CVE-2015-3659  The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL...
  CVE-2015-3684  The HTTPAuthentication implementation in CFNetwork in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted credentials in a URL.
  CVE-2015-3685  CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3686,...
  CVE-2015-3686  CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685,...
  CVE-2015-3687  CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685,...
  CVE-2015-3688  CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685,...
  CVE-2015-3689  CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685,...
  CVE-2015-3690  The DiskImages subsystem in Apple iOS before 8.4 and OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app.
  CVE-2015-3694  FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3719.
  CVE-2015-3703  ImageIO in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF image.
  CVE-2015-3710  Mail in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to trigger a refresh operation, and consequently cause a visit to an arbitrary web site, via a crafted HTML e-mail message.
  CVE-2015-3719  TrueTypeScaler in FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than...
  CVE-2015-3721  The kernel in Apple iOS before 8.4 and OS X before 10.10.4 does not properly handle HFS parameters, which allows attackers to obtain sensitive memory-layout information via a crafted app.
  CVE-2015-3722  Application Store in Apple iOS before 8.4 does not ensure the uniqueness of bundle IDs, which allows attackers to cause a denial of service (ID collision and launch outage) via a crafted universal provisioning profile app.
  CVE-2015-3723  CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ICC profile in a PDF document, a different vulnerability than CVE-2015-3724.
  CVE-2015-3724  CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ICC profile in a PDF document, a different vulnerability than CVE-2015-3723.
  CVE-2015-3725  MobileInstallation in Apple iOS before 8.4 does not ensure the uniqueness of Watch bundle IDs, which allows attackers to cause a denial of service (ID collision and Watch launch outage) via a crafted universal provisioning profile app.
  CVE-2015-3726  The Telephony subsystem in Apple iOS before 8.4 allows physically proximate attackers to execute arbitrary code via a crafted (1) SIM or (2) UIM card.
  CVE-2015-3727  WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access...
  CVE-2015-3728  The WiFi Connectivity feature in Apple iOS before 8.4 allows remote Wi-Fi access points to trigger an automatic association, with an arbitrary security type, by operating with a recognized ESSID within an 802.11 network's coverage area.

2015-06-29  MITRE:28934  oval:org.mitre.oval:def:28934: RHSA-2009:0402 -- openswan security update
  MITRE:29179  oval:org.mitre.oval:def:29179: RHSA-2009:1164 -- tomcat security update
  MITRE:28966  oval:org.mitre.oval:def:28966: RHSA-2009:0264 -- kernel security update
  MITRE:29188  oval:org.mitre.oval:def:29188: RHSA-2009:1162 -- firefox security update
  MITRE:29340  oval:org.mitre.oval:def:29340: RHSA-2009:1472 -- xen security and bug fix update
  MITRE:29196  oval:org.mitre.oval:def:29196: RHSA-2009:0333 -- libpng security update
  MITRE:29253  oval:org.mitre.oval:def:29253: RHSA-2009:0012 -- netpbm security update
  MITRE:29215  oval:org.mitre.oval:def:29215: RHSA-2008:1036 -- firefox security update
  MITRE:29084  oval:org.mitre.oval:def:29084: RHSA-2015:0807 -- java-1.7.0-openjdk security update
  MITRE:29289  oval:org.mitre.oval:def:29289: RHSA-2008:0967 -- httpd security and bug fix update
  MITRE:28965  oval:org.mitre.oval:def:28965: RHSA-2009:1122 -- icu security update
  MITRE:28617  oval:org.mitre.oval:def:28617: RHSA-2009:1106 -- kernel security and bug fix update
  MITRE:28696  oval:org.mitre.oval:def:28696: SUSE-SU-2015:0974-1 -- Security update for apache2
  MITRE:29310  oval:org.mitre.oval:def:29310: RHSA-2009:1513 -- cups security update
  MITRE:28916  oval:org.mitre.oval:def:28916: RHSA-2009:1504 -- poppler security and bug fix update
  MITRE:29150  oval:org.mitre.oval:def:29150: RHSA-2008:0544 -- php security update
  MITRE:29463  oval:org.mitre.oval:def:29463: RHSA-2009:1039 -- ntp security update
  MITRE:28421  oval:org.mitre.oval:def:28421: RHSA-2009:0408 -- krb5 security update
  MITRE:29044  oval:org.mitre.oval:def:29044: RHSA-2008:0849 -- ipsec-tools security update
  MITRE:29358  oval:org.mitre.oval:def:29358: RHSA-2009:1307 -- ecryptfs-utils security, bug fix, and enhancement update
  MITRE:28765  oval:org.mitre.oval:def:28765: RHSA-2009:1453 -- pidgin security update
  MITRE:28333  oval:org.mitre.oval:def:28333: SUSE-SU-2015:0743-1 -- Security update for mariadb
  MITRE:29133  oval:org.mitre.oval:def:29133: RHSA-2008:0818 -- hplip security update
  MITRE:29170  oval:org.mitre.oval:def:29170: RHSA-2009:1561 -- libvorbis security update
  MITRE:29254  oval:org.mitre.oval:def:29254: RHSA-2009:1102 -- cscope security update
  MITRE:28629  oval:org.mitre.oval:def:28629: RHSA-2009:1179 -- bind security update
  MITRE:29146  oval:org.mitre.oval:def:29146: SUSE-SU-2015:0942-1 -- Security update for gstreamer-0_10-plugins-bad
  MITRE:29077  oval:org.mitre.oval:def:29077: RHSA-2009:1204 -- apr and apr-util security update
  MITRE:29079  oval:org.mitre.oval:def:29079: RHSA-2009:0479 -- perl-DBD-Pg security update
  MITRE:29379  oval:org.mitre.oval:def:29379: RHSA-2009:1427 -- fetchmail security update
  MITRE:29270  oval:org.mitre.oval:def:29270: RHSA-2009:1452 -- neon security update
  MITRE:28686  oval:org.mitre.oval:def:28686: RHSA-2008:0981 -- ruby security update
  MITRE:29365  oval:org.mitre.oval:def:29365: RHSA-2009:1601 -- kdelibs security update
  MITRE:29202  oval:org.mitre.oval:def:29202: SUSE-SU-2015:0515-1 -- Security update for gnome-settings-daemon
  MITRE:29271  oval:org.mitre.oval:def:29271: RHSA-2009:1470 -- openssh security update
  MITRE:29236  oval:org.mitre.oval:def:29236: RHSA-2009:0339 -- lcms security update
  MITRE:29110  oval:org.mitre.oval:def:29110: RHSA-2009:1060 -- pidgin security update
  MITRE:29359  oval:org.mitre.oval:def:29359: RHSA-2009:1238 -- dnsmasq security update
  MITRE:29269  oval:org.mitre.oval:def:29269: RHSA-2009:1548 -- kernel security and bug fix update
  MITRE:28964  oval:org.mitre.oval:def:28964: RHSA-2008:0965 -- lynx security update
  MITRE:29038  oval:org.mitre.oval:def:29038: RHSA-2008:0583 -- openldap security update
  MITRE:29193  oval:org.mitre.oval:def:29193: RHSA-2009:0431 -- kdegraphics security update
  MITRE:29283  oval:org.mitre.oval:def:29283: RHSA-2009:1646 -- libtool security update
  MITRE:29028  oval:org.mitre.oval:def:29028: RHSA-2008:0569 -- firefox security update
  MITRE:28712  oval:org.mitre.oval:def:28712: RHSA-2009:0004 -- openssl security update
  MITRE:29264  oval:org.mitre.oval:def:29264: RHSA-2009:1529 -- samba security update
  MITRE:29237  oval:org.mitre.oval:def:29237: RHSA-2008:0978 -- firefox security update
  MITRE:28792  oval:org.mitre.oval:def:28792: SUSE-SU-2015:1014-1 -- Security update for vorbis-tools
  MITRE:29234  oval:org.mitre.oval:def:29234: RHSA-2008:0575 -- rdesktop security update
  MITRE:29190  oval:org.mitre.oval:def:29190: RHSA-2009:1490 -- squirrelmail security update
  MITRE:29266  oval:org.mitre.oval:def:29266: RHSA-2009:1648 -- ntp security update
  MITRE:29347  oval:org.mitre.oval:def:29347: RHSA-2009:1625 -- expat security update
  MITRE:29354  oval:org.mitre.oval:def:29354: RHSA-2008:1017 -- kernel security and bug fix update
  MITRE:29331  oval:org.mitre.oval:def:29331: RHSA-2009:1451 -- freeradius security update
  MITRE:29446  oval:org.mitre.oval:def:29446: RHSA-2009:0473 -- kernel security and bug fix update
  MITRE:29201  oval:org.mitre.oval:def:29201: RHSA-2009:0002 -- thunderbird security update
  MITRE:29167  oval:org.mitre.oval:def:29167: RHSA-2008:0789 -- dnsmasq security update
  MITRE:29230  oval:org.mitre.oval:def:29230: RHSA-2009:1530 -- firefox security update
  MITRE:29192  oval:org.mitre.oval:def:29192: RHSA-2008:0855 -- openssh security update
  MITRE:29052  oval:org.mitre.oval:def:29052: RHSA-2009:1341 -- cman security, bug fix, and enhancement update
  MITRE:29317  oval:org.mitre.oval:def:29317: RHSA-2009:1579 -- httpd security update
  MITRE:29029  oval:org.mitre.oval:def:29029: RHSA-2008:0649 -- libxslt security update
  MITRE:28716  oval:org.mitre.oval:def:28716: RHSA-2008:0616 -- thunderbird security update
  MITRE:29154  oval:org.mitre.oval:def:29154: RHSA-2009:1193 -- kernel security and bug fix update
  MITRE:28930  oval:org.mitre.oval:def:28930: RHSA-2008:0892 -- xen security and bug fix update
  MITRE:29185  oval:org.mitre.oval:def:29185: RHSA-2008:0937 -- cups security update
  MITRE:29045  oval:org.mitre.oval:def:29045: RHSA-2009:0256 -- firefox security update
  MITRE:29242  oval:org.mitre.oval:def:29242: SUSE-SU-2015:0979-1 -- Security update for dnsmasq
  MITRE:29166  oval:org.mitre.oval:def:29166: RHSA-2009:0258 -- thunderbird security update
  MITRE:29232  oval:org.mitre.oval:def:29232: RHSA-2008:0580 -- vim security update
  MITRE:29095  oval:org.mitre.oval:def:29095: SUSE-SU-2015:1013-1 -- Security update for wpa_supplicant
  MITRE:29163  oval:org.mitre.oval:def:29163: RHSA-2009:1203 -- subversion security update
  MITRE:29111  oval:org.mitre.oval:def:29111: RHSA-2009:1426 -- openoffice.org security update
  MITRE:29090  oval:org.mitre.oval:def:29090: RHSA-2008:0907 -- pam_krb5 security update
  MITRE:28987  oval:org.mitre.oval:def:28987: RHSA-2009:0020 -- bind security update
  MITRE:28256  oval:org.mitre.oval:def:28256: RHSA-2008:0839 -- postfix security update
  MITRE:28973  oval:org.mitre.oval:def:28973: RHSA-2008:0847 -- libtiff security and bug fix update
  MITRE:29342  oval:org.mitre.oval:def:29342: RHSA-2009:1674 -- firefox security update
  MITRE:28838  oval:org.mitre.oval:def:28838: RHSA-2009:0474 -- acpid security update
  MITRE:29350  oval:org.mitre.oval:def:29350: RHSA-2009:1287 -- openssh security, bug fix, and enhancement update
  MITRE:29197  oval:org.mitre.oval:def:29197: RHSA-2008:0971 -- net-snmp security update
  MITRE:29055  oval:org.mitre.oval:def:29055: SUSE-SU-2015:0953-2 -- Security update for perl-YAML-LibYAML
  MITRE:29165  oval:org.mitre.oval:def:29165: SUSE-SU-2015:0990-1 -- Security update for curl
  MITRE:28976  oval:org.mitre.oval:def:28976: RHSA-2008:1016 -- enscript security update
  MITRE:29125  oval:org.mitre.oval:def:29125: RHSA-2009:1130 -- kdegraphics security update
  MITRE:28929  oval:org.mitre.oval:def:28929: RHSA-2009:1278 -- lftp security and bug fix update
  MITRE:29371  oval:org.mitre.oval:def:29371: RHSA-2009:0344 -- libsoup security update
  MITRE:29255  oval:org.mitre.oval:def:29255: RHSA-2008:0581 -- bluez-libs and bluez-utils security update
  MITRE:29143  oval:org.mitre.oval:def:29143: RHSA-2009:0018 -- xterm security update
  MITRE:29311  oval:org.mitre.oval:def:29311: RHSA-2009:1123 -- gstreamer-plugins-good security update
  MITRE:29041  oval:org.mitre.oval:def:29041: RHSA-2009:1463 -- newt security update
  MITRE:29169  oval:org.mitre.oval:def:29169: RHSA-2009:1186 -- nspr and nss security, bug fix, and enhancement update
  MITRE:29205  oval:org.mitre.oval:def:29205: RHSA-2009:1201 -- java-1.6.0-openjdk security and bug fix update
  MITRE:29372  oval:org.mitre.oval:def:29372: RHSA-2009:0010 -- squirrelmail security update
  MITRE:29068  oval:org.mitre.oval:def:29068: RHSA-2009:0336 -- glib2 security update
  MITRE:29091  oval:org.mitre.oval:def:29091: RHSA-2009:1061 -- freetype security update
  MITRE:29222  oval:org.mitre.oval:def:29222: RHSA-2009:1218 -- pidgin security update
  MITRE:29267  oval:org.mitre.oval:def:29267: RHSA-2009:0436 -- firefox security update
  MITRE:29288  oval:org.mitre.oval:def:29288: RHSA-2009:0008 -- dbus security update
  MITRE:29183  oval:org.mitre.oval:def:29183: RHSA-2009:1126 -- thunderbird security update
  MITRE:29088  oval:org.mitre.oval:def:29088: RHSA-2009:0313 -- wireshark security update
  MITRE:29047  oval:org.mitre.oval:def:29047: RHSA-2009:1615 -- xerces-j2 security update
  MITRE:29199  oval:org.mitre.oval:def:29199: RHSA-2008:0946 -- ed security update
  MITRE:29066  oval:org.mitre.oval:def:29066: RHSA-2008:0597 -- firefox security update
  MITRE:28842  oval:org.mitre.oval:def:28842: RHSA-2008:0815 -- yum-rhn-plugin security update
  MITRE:29381  oval:org.mitre.oval:def:29381: RHSA-2009:0315 -- firefox security update
  MITRE:29313  oval:org.mitre.oval:def:29313: RHSA-2009:0205 -- dovecot security and bug fix update
  MITRE:28495  oval:org.mitre.oval:def:28495: RHSA-2009:1036 -- ipsec-tools security update
  MITRE:28983  oval:org.mitre.oval:def:28983: RHSA-2008:0612 -- kernel security and bug fix update
  MITRE:29208  oval:org.mitre.oval:def:29208: SUSE-SU-2015:1077-1 -- Security update for openldap2
  MITRE:29020  oval:org.mitre.oval:def:29020: RHSA-2008:0982 -- gnutls security update
  MITRE:28941  oval:org.mitre.oval:def:28941: RHSA-2009:1484 -- postgresql security update
  MITRE:28279  oval:org.mitre.oval:def:28279: SUSE-SU-2015:0884-1 -- Security update for spice
  MITRE:29195  oval:org.mitre.oval:def:29195: RHSA-2009:0296 -- icu security update
  MITRE:28850  oval:org.mitre.oval:def:28850: RHSA-2009:0259 -- mod_auth_mysql security update
  MITRE:28514  oval:org.mitre.oval:def:28514: RHSA-2015:0800 -- openssl security update
  MITRE:29299  oval:org.mitre.oval:def:29299: RHSA-2009:1107 -- apr-util security update
  MITRE:28741  oval:org.mitre.oval:def:28741: RHSA-2009:0354 -- evolution-data-server security update
  MITRE:29263  oval:org.mitre.oval:def:29263: RHSA-2009:1642 -- acpid security update
  MITRE:28888  oval:org.mitre.oval:def:28888: RHSA-2009:1289 -- mysql security and bug fix update
  MITRE:29306  oval:org.mitre.oval:def:29306: RHSA-2008:0988 -- libxml2 security update
  MITRE:28894  oval:org.mitre.oval:def:28894: RHSA-2009:1100 -- wireshark security update
  MITRE:28896  oval:org.mitre.oval:def:28896: RHSA-2009:0271 -- gstreamer-plugins-good security update
  MITRE:29140  oval:org.mitre.oval:def:29140: RHSA-2015:0808 -- java-1.6.0-openjdk security update
  MITRE:28800  oval:org.mitre.oval:def:28800: RHSA-2009:1075 -- httpd security update
  MITRE:28921  oval:org.mitre.oval:def:28921: SUSE-SU-2015:0866-1 -- Security update for gd
  MITRE:29103  oval:org.mitre.oval:def:29103: RHSA-2009:1138 -- openswan security update
  MITRE:29339  oval:org.mitre.oval:def:29339: RHSA-2009:1066 -- squirrelmail security update
  MITRE:29258  oval:org.mitre.oval:def:29258: RHSA-2009:1140 -- ruby security update
  MITRE:28736  oval:org.mitre.oval:def:28736: RHSA-2009:0449 -- firefox security update
  MITRE:28946  oval:org.mitre.oval:def:28946: RHSA-2009:0476 -- pango security update
  MITRE:29098  oval:org.mitre.oval:def:29098: RHSA-2009:0267 -- sudo security update
  MITRE:29148  oval:org.mitre.oval:def:29148: SUSE-SU-2015:1020-1 -- Security update for autofs
  MITRE:28887  oval:org.mitre.oval:def:28887: RHSA-2008:0486 -- nfs-utils security update
  MITRE:29277  oval:org.mitre.oval:def:29277: RHSA-2009:0377 -- java-1.6.0-openjdk security update
  MITRE:29265  oval:org.mitre.oval:def:29265: RHSA-2008:0957 -- kernel security and bug fix update
  MITRE:28953  oval:org.mitre.oval:def:28953: RHSA-2009:1337 -- gfs2-utils security and bug fix update
  MITRE:28776  oval:org.mitre.oval:def:28776: RHSA-2009:0003 -- xen security and bug fix update
  MITRE:29301  oval:org.mitre.oval:def:29301: RHSA-2009:1127 -- kdelibs security update
  MITRE:29275  oval:org.mitre.oval:def:29275: RHSA-2009:1549 -- wget security update
  MITRE:29396  oval:org.mitre.oval:def:29396: RHSA-2009:1095 -- firefox security update
  MITRE:29039  oval:org.mitre.oval:def:29039: RHSA-2008:0893 -- bzip2 security update
  MITRE:29100  oval:org.mitre.oval:def:29100: RHSA-2009:1139 -- pidgin security and bug fix update
  MITRE:29345  oval:org.mitre.oval:def:29345: RHSA-2009:0338 -- php security update
  MITRE:28898  oval:org.mitre.oval:def:28898: RHSA-2009:1584 -- java-1.6.0-openjdk security update
  MITRE:29206  oval:org.mitre.oval:def:29206: RHSA-2009:1082 -- cups security update
  MITRE:28242  oval:org.mitre.oval:def:28242: RHSA-2008:0897 -- ruby security update
  MITRE:29248  oval:org.mitre.oval:def:29248: RHSA-2015:0803 -- kernel security and bug fix update
  MITRE:29213  oval:org.mitre.oval:def:29213: RHSA-2009:0057 -- squirrelmail security update
  MITRE:29320  oval:org.mitre.oval:def:29320: RHSA-2009:1428 -- xmlsec1 security update
  MITRE:29069  oval:org.mitre.oval:def:29069: RHSA-2008:0939 -- openoffice.org security update
  MITRE:29367  oval:org.mitre.oval:def:29367: RHSA-2009:0261 -- vnc security update
  MITRE:29380  oval:org.mitre.oval:def:29380: RHSA-2009:0457 -- libwmf security update
  MITRE:29046  oval:org.mitre.oval:def:29046: RHSA-2009:1536 -- pidgin security update
  MITRE:29276  oval:org.mitre.oval:def:29276: RHSA-2009:0421 -- ghostscript security update
  MITRE:29252  oval:org.mitre.oval:def:29252: SUSE-SU-2015:1150-1 -- Security update for compat-openssl098
  MITRE:29012  oval:org.mitre.oval:def:29012: RHSA-2008:0890 -- wireshark security update
  MITRE:28592  oval:org.mitre.oval:def:28592: RHSA-2009:0429 -- cups security update
  MITRE:28926  oval:org.mitre.oval:def:28926: RHSA-2009:1471 -- elinks security update
  MITRE:29171  oval:org.mitre.oval:def:29171: RHSA-2009:0345 -- ghostscript security update
  MITRE:28954  oval:org.mitre.oval:def:28954: RHSA-2009:0373 -- systemtap security update
  MITRE:29281  oval:org.mitre.oval:def:29281: RHSA-2009:1232 -- gnutls security update
  MITRE:29022  oval:org.mitre.oval:def:29022: RHSA-2009:1116 -- cyrus-imapd security update
  MITRE:28897  oval:org.mitre.oval:def:28897: RHSA-2009:1502 -- kdegraphics security update
  MITRE:29294  oval:org.mitre.oval:def:29294: RHSA-2009:1176 -- python security update
  MITRE:28980  oval:org.mitre.oval:def:28980: RHSA-2008:0561 -- ruby security update
  MITRE:29369  oval:org.mitre.oval:def:29369: RHSA-2009:1321 -- nfs-utils security and bug fix update
  MITRE:28925  oval:org.mitre.oval:def:28925: SUSE-SU-2015:0803-1 -- Security update for gdm
  MITRE:29261  oval:org.mitre.oval:def:29261: RHSA-2009:0013 -- avahi security update
  MITRE:28749  oval:org.mitre.oval:def:28749: RHSA-2009:1335 -- openssl security, bug fix, and enhancement update
  MITRE:28879  oval:org.mitre.oval:def:28879: RHSA-2009:1159 -- libtiff security update
  MITRE:29233  oval:org.mitre.oval:def:29233: SUSE-SU-2015:0108-1 -- Security update for evolution-data-server
  MITRE:29153  oval:org.mitre.oval:def:29153: RHSA-2009:1243 -- Red Hat Enterprise Linux 5.4 kernel security and bug fix update
  MITRE:29334  oval:org.mitre.oval:def:29334: RHSA-2009:1430 -- firefox security update
  MITRE:29300  oval:org.mitre.oval:def:29300: RHSA-2009:0011 -- lcms security update
  MITRE:29387  oval:org.mitre.oval:def:29387: RHSA-2009:0411 -- device-mapper-multipath security update
  MITRE:28862  oval:org.mitre.oval:def:28862: RHSA-2009:1670 -- kernel security and bug fix update
  MITRE:29286  oval:org.mitre.oval:def:29286: RHSA-2009:0444 -- giflib security update
  MITRE:29030  oval:org.mitre.oval:def:29030: RHSA-2008:0884 -- libxml2 security update
  MITRE:29262  oval:org.mitre.oval:def:29262: RHSA-2009:0361 -- NetworkManager security update
  MITRE:29259  oval:org.mitre.oval:def:29259: RHSA-2009:1364 -- gdm security and bug fix update
  MITRE:28758  oval:org.mitre.oval:def:28758: RHSA-2009:1459 -- cyrus-imapd security update
  MITRE:28407  oval:org.mitre.oval:def:28407: RHSA-2008:0648 -- tomcat security update
  MITRE:28923  oval:org.mitre.oval:def:28923: RHSA-2009:0046 -- ntp security update
  MITRE:29129  oval:org.mitre.oval:def:29129: RHSA-2008:0885 -- kernel security and bug fix update
  MITRE:29308  oval:org.mitre.oval:def:29308: RHSA-2008:1001 -- tog-pegasus security update
  MITRE:29251  oval:org.mitre.oval:def:29251: SUSE-SU-2015:0805-1 -- Security update for cups-filters
  MITRE:29241  oval:org.mitre.oval:def:29241: RHSA-2008:0836 -- libxml2 security update
  MITRE:28958  oval:org.mitre.oval:def:28958: RHSA-2009:1206 -- libxml and libxml2 security update
  MITRE:29008  oval:org.mitre.oval:def:29008: RHSA-2008:0879 -- firefox security update
  MITRE:29116  oval:org.mitre.oval:def:29116: RHSA-2008:0976 -- thunderbird security update
  MITRE:29178  oval:org.mitre.oval:def:29178: RHSA-2009:0397 -- firefox security update
  MITRE:29382  oval:org.mitre.oval:def:29382: RHSA-2009:1619 -- dstat security update
  MITRE:29137  oval:org.mitre.oval:def:29137: RHSA-2008:1029 -- cups security update
  MITRE:29319  oval:org.mitre.oval:def:29319: RHSA-2009:0352 -- gstreamer-plugins-base security update
  MITRE:29144  oval:org.mitre.oval:def:29144: RHSA-2008:0584 -- pidgin security and bug fix update
  MITRE:28869  oval:org.mitre.oval:def:28869: RHSA-2009:0480 -- poppler security update
  MITRE:28978  oval:org.mitre.oval:def:28978: RHSA-2009:0341 -- curl security update
  MITRE:28703  oval:org.mitre.oval:def:28703: RHSA-2009:0427 -- udev security update
  MITRE:28793  oval:org.mitre.oval:def:28793: RHSA-2009:0326 -- kernel security and bug fix update
  MITRE:28823  oval:org.mitre.oval:def:28823: ELSA-2015-1189 -- kvm security update
  MITRE:28693  oval:org.mitre.oval:def:28693: RHSA-2008:0908 -- thunderbird security update
  MITRE:28396  oval:org.mitre.oval:def:28396: RHSA-2009:1148 -- httpd security update
  MITRE:29109  oval:org.mitre.oval:def:29109: RHSA-2009:1620 -- bind security update
  MITRE:29217  oval:org.mitre.oval:def:29217: RHSA-2009:1219 -- libvorbis security update
  MITRE:29136  oval:org.mitre.oval:def:29136: RHSA-2015:0809 -- java-1.8.0-openjdk security update
  MITRE:29210  oval:org.mitre.oval:def:29210: RHSA-2008:1023 -- pidgin security and bug fix update
  MITRE:29162  oval:org.mitre.oval:def:29162: RHSA-2008:0835 -- openoffice.org security update
  MITRE:28599  oval:org.mitre.oval:def:28599: RHSA-2015:0806 -- java-1.7.0-openjdk security update
  MITRE:28265  oval:org.mitre.oval:def:28265: SUSE-SU-2015:1143-1 -- Security update for openssl
  MITRE:29134  oval:org.mitre.oval:def:29134: RHSA-2009:1209 -- curl security update
  MITRE:28627  oval:org.mitre.oval:def:28627: RHSA-2009:1222 -- kernel security and bug fix update
  MITRE:28787  oval:org.mitre.oval:def:28787: RHSA-2008:0533 -- bind security update
  MITRE:29343  oval:org.mitre.oval:def:29343: RHSA-2009:0225 -- Red Hat Enterprise Linux 5.3 kernel security and bug fix update

2015-06-27  CVE-2015-4199  Race condition in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in the Performance Routing Engine (PRE) module on UBR devices allows remote attackers to cause a denial of service (NULL pointer free and module crash) by triggering intermittent...
  CVE-2015-4225  Cisco Application Policy Infrastructure Controller (APIC) 1.0(1.110a) and 1.0(1e) on Nexus 9000 devices does not properly implement RBAC health scoring, which allows remote authenticated users to obtain sensitive information via unspecified vectors,...

2015-06-26  CVE-2015-4224  Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0) allow local users to execute arbitrary OS commands in a privileged context via crafted CLI commands, aka Bug ID CSCuj39474.

2015-06-25  CVE-2015-4223  Cisco IOS XR 5.1.3 allows remote attackers to cause a denial of service (process reload) via crafted MPLS Label Distribution Protocol (LDP) packets, aka Bug ID CSCuu77478.

2015-06-24  MITRE:28971  oval:org.mitre.oval:def:28971: Vulnerability in Active Directory Federation Services could allow elevation of privilege
  CVE-2015-4213  Cisco NX-OS 1.1(1g) on Nexus 9000 devices allows remote authenticated users to discover cleartext passwords by leveraging the existence of a decryption mechanism, aka Bug ID CSCuu84391.
  CVE-2015-4215  Cisco Wireless LAN Controller (WLC) devices with software 7.5(102.0) and 7.6(1.62) allow remote attackers to cause a denial of service (device crash) by triggering an exception during attempted forwarding of unspecified IPv6 packets to a non-IPv6...

2015-06-23  CVE-2015-4200  Memory leak in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in the Performance Routing Engine (PRE) module on UBR devices allows remote attackers to cause a denial of service (memory consumption) by triggering an error during CPE negotiation,...
  CVE-2015-4203  Race condition in Cisco IOS 12.2SCH in the Performance Routing Engine (PRE) module on uBR10000 devices, when NetFlow and an MPLS IPv6 VPN are configured, allows remote attackers to cause a denial of service (PXF process crash) by sending malformed...
  CVE-2015-4204  Memory leak in Cisco IOS 12.2 in the Performance Routing Engine (PRE) module on uBR10000 devices allows remote authenticated users to cause a denial of service (memory consumption or PXF process crash) by sending docsIfMCmtsMib SNMP requests...
  CVE-2015-4205  Cisco IOS XR 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (NPU chip reset or line-card reload) by sending crafted IEEE 802.3x flow-control PAUSE frames on the local network, aka Bug ID CSCut19959.

2015-06-20  CVE-2015-4197  Cisco NX-OS 5.2(5) on Nexus 7000 devices allows remote attackers to cause a denial of service (device crash) by sending a malformed LLDP packet on the local network, aka Bug ID CSCud89415.
  CVE-2015-4202  Cisco IOS 12.2SCH on uBR10000 router Cable Modem Termination Systems (CMTS) does not properly restrict access to the IP Detail Record (IPDR) service, which allows remote attackers to obtain potentially sensitive MAC address and network-utilization...

2015-06-18  CVE-2015-4191  Cisco IOS XR 5.2.1 allows remote attackers to cause a denial of service (ipv6_io service reload) via a malformed IPv6 packet, aka Bug ID CSCuq95565.
  CVE-2015-4195  Cisco IOS XR 5.1.1.K9SEC allows remote authenticated users to cause a denial of service (vty error, and SSH and TELNET outage) via a crafted disconnect action within an SSH session, aka Bug ID CSCul63127.

2015-06-16  MITRE:29099  oval:org.mitre.oval:def:29099: CESA-2015:1115 -- centos 7 openssl
  MITRE:28674  oval:org.mitre.oval:def:28674: CESA-2015:1115 -- centos 6 openssl
  MITRE:28440  oval:org.mitre.oval:def:28440: RHSA-2015:1115-01 -- Redhat openssl
  MITRE:28643  oval:org.mitre.oval:def:28643: ELSA-2015-1115 -- Oracle openssl
  MITRE:29126  oval:org.mitre.oval:def:29126: ELSA-2015-1115 -- Oracle openssl
  MITRE:28518  oval:org.mitre.oval:def:28518: Internet Explorer memory corruption vulnerability
  MITRE:28910  oval:org.mitre.oval:def:28910: Windows Media Player RCE via DataObject vulnerability
  MITRE:28769  oval:org.mitre.oval:def:28769: Internet Explorer memory corruption vulnerability
  MITRE:28806  oval:org.mitre.oval:def:28806: Microsoft Windows Kernel Bitmap handling use after free vulnerability
  MITRE:29142  oval:org.mitre.oval:def:29142: Internet Explorer elevation of privilege vulnerability
  MITRE:29118  oval:org.mitre.oval:def:29118: Microsoft Windows Kernel use after free vulnerability
  MITRE:29050  oval:org.mitre.oval:def:29050: Win32k Pool buffer overflow vulnerability
  MITRE:29076  oval:org.mitre.oval:def:29076: Internet Explorer memory corruption vulnerability
  MITRE:28201  oval:org.mitre.oval:def:28201: Microsoft Windows Kernel Brush Object use after free vulnerability
  MITRE:29072  oval:org.mitre.oval:def:29072: Microsoft common control use after free vulnerability
  MITRE:29057  oval:org.mitre.oval:def:29057: Internet Explorer memory corruption vulnerability
  MITRE:28650  oval:org.mitre.oval:def:28650: Internet Explorer memory corruption vulnerability
  MITRE:29119  oval:org.mitre.oval:def:29119: Internet Explorer memory corruption vulnerability
  MITRE:29093  oval:org.mitre.oval:def:29093: Microsoft Windows Kernel information disclosure vulnerability
  MITRE:28513  oval:org.mitre.oval:def:28513: Microsoft Office memory corruption vulnerability
  MITRE:29147  oval:org.mitre.oval:def:29147: Internet Explorer elevation of privilege vulnerability
  MITRE:29123  oval:org.mitre.oval:def:29123: Internet Explorer memory corruption vulnerability
  MITRE:29124  oval:org.mitre.oval:def:29124: Microsoft Windows Kernel Object use after free vulnerability
  MITRE:29060  oval:org.mitre.oval:def:29060: Internet Explorer memory corruption vulnerability
  MITRE:28948  oval:org.mitre.oval:def:28948: Internet Explorer memory corruption vulnerability
  MITRE:29115  oval:org.mitre.oval:def:29115: Exchange Cross-Site Request Forgery vulnerability
  MITRE:28994  oval:org.mitre.oval:def:28994: Win32k elevation of privilege vulnerability
  MITRE:28665  oval:org.mitre.oval:def:28665: Win32k buffer overflow vulnerability
  MITRE:28607  oval:org.mitre.oval:def:28607: Exchange Server-Side Request Forgery vulnerability
  MITRE:29113  oval:org.mitre.oval:def:29113: Internet Explorer memory corruption vulnerability
  MITRE:29067  oval:org.mitre.oval:def:29067: Microsoft Windows Station use after free vulnerability
  MITRE:28724  oval:org.mitre.oval:def:28724: Internet Explorer memory corruption vulnerability
  MITRE:28848  oval:org.mitre.oval:def:28848: Internet Explorer memory corruption vulnerability
  MITRE:29081  oval:org.mitre.oval:def:29081: Internet Explorer memory corruption vulnerability
  MITRE:29145  oval:org.mitre.oval:def:29145: Win32k Null pointer dereference vulnerability
  MITRE:28889  oval:org.mitre.oval:def:28889: Internet Explorer memory corruption vulnerability
  MITRE:28512  oval:org.mitre.oval:def:28512: Internet Explorer memory corruption vulnerability
  MITRE:28593  oval:org.mitre.oval:def:28593: Internet Explorer memory corruption vulnerability
  MITRE:28525  oval:org.mitre.oval:def:28525: Windows LoadLibrary EoP vulnerability
  MITRE:28928  oval:org.mitre.oval:def:28928: Exchange HTML injection vulnerability
  MITRE:28429  oval:org.mitre.oval:def:28429: Internet Explorer information disclosure vulnerability
  MITRE:28610  oval:org.mitre.oval:def:28610: Internet Explorer memory corruption vulnerability
  MITRE:28531  oval:org.mitre.oval:def:28531: Microsoft Office uninitialized memory use vulnerability
  MITRE:28508  oval:org.mitre.oval:def:28508: Win32k memory corruption elevation of privilege vulnerability
  MITRE:29005  oval:org.mitre.oval:def:29005: Internet Explorer elevation of privilege vulnerability
  MITRE:29033  oval:org.mitre.oval:def:29033: Internet Explorer memory corruption vulnerability
  MITRE:28530  oval:org.mitre.oval:def:28530: Internet Explorer memory corruption vulnerability
  MITRE:28744  oval:org.mitre.oval:def:28744: Microsoft Office memory corruption vulnerability
  MITRE:29061  oval:org.mitre.oval:def:29061: Internet Explorer memory corruption vulnerability

2015-06-13  CVE-2015-4185  The TCL interpreter in Cisco IOS 15.2 does not properly maintain the vty state, which allows local users to gain privileges by starting a session very soon after a TCL script execution, aka Bug ID CSCuq24202.

2015-06-12  CVE-2015-0771  The IKE implementation in the WS-IPSEC-3 service module in Cisco IOS 12.2 on Catalyst 6500 devices allows remote authenticated users to cause a denial of service (device reload) by sending a crafted message during IPsec tunnel setup, aka Bug ID...
  CVE-2015-0775  The banner (aka MOTD) implementation in Cisco NX-OS 4.1(2)E1(1f) on Nexus 4000 devices, 5.2(1)SV3(2.1) on Nexus 1000V devices, 6.0(2)N2(2) on Nexus 5000 devices, 6.2(11) on MDS 9000 devices, 6.2(12) on Nexus 7000 devices, 7.0(3) on Nexus 9000...
  CVE-2015-0776  telnetd in Cisco IOS XR 5.0.1 on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (device reload) via a malformed TELNET packet, aka Bug ID CSCuq31566.

2015-06-02  MITRE:28539  oval:org.mitre.oval:def:28539: RHSA-2015:1002-01 -- Redhat xen
  MITRE:28198  oval:org.mitre.oval:def:28198: CESA-2015:1003 -- centos 5 kvm
  MITRE:29004  oval:org.mitre.oval:def:29004: ELSA-2015-0998 -- Oracle qemu-kvm_qemu-guest-agent
  MITRE:28600  oval:org.mitre.oval:def:28600: CESA-2015:0999 -- centos 7 qemu-kvm,libcacard
  MITRE:28106  oval:org.mitre.oval:def:28106: RHSA-2015:0999-01 -- Redhat qemu-kvm, libcacard
  MITRE:28949  oval:org.mitre.oval:def:28949: ELSA-2015-1003 -- Oracle kvm-83
  MITRE:28702  oval:org.mitre.oval:def:28702: RHSA-2015:0998-01 -- Redhat qemu-kvm, qemu-guest-agent
  MITRE:28893  oval:org.mitre.oval:def:28893: ELSA-2015-0999 -- Oracle qemu-kvm
  MITRE:28937  oval:org.mitre.oval:def:28937: CESA-2015:1002 -- centos 5 xen
  MITRE:28912  oval:org.mitre.oval:def:28912: CESA-2015:0998 -- centos 6 qemu-kvm,qemu-guest-agent
  MITRE:28974  oval:org.mitre.oval:def:28974: ELSA-2015-1002 -- Oracle xen

2015-05-29  CVE-2015-0751  Cisco IP Phone 7861, when firmware from Cisco Unified Communications Manager 10.3(1) is used, allows remote attackers to cause a denial of service via crafted packets, aka Bug ID CSCus81800.
  CVE-2015-0756  Cisco Wireless LAN Controller (WLC) devices with software 7.4(1.1) allow remote attackers to cause a denial of service (wireless-networking outage) via crafted TCP traffic on the local network, aka Bug ID CSCug67104.

2015-05-27  CVE-2015-1157  CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications...

2015-05-20  MITRE:28985  oval:org.mitre.oval:def:28985: Microsoft Silverlight out of browser application vulnerability
  MITRE:28680  oval:org.mitre.oval:def:28680: Internet Explorer memory corruption vulnerability
  MITRE:29016  oval:org.mitre.oval:def:29016: Internet Explorer ASLR bypass vulnerability
  MITRE:28710  oval:org.mitre.oval:def:28710: Windows Journal remote code execution vulnerability
  MITRE:28950  oval:org.mitre.oval:def:28950: Windows forms elevation of privilege vulnerability
  MITRE:28576  oval:org.mitre.oval:def:28576: Internet Explorer memory corruption vulnerability
  MITRE:28829  oval:org.mitre.oval:def:28829: Internet Explorer elevation of privilege vulnerability
  MITRE:28649  oval:org.mitre.oval:def:28649: Windows Journal remote code execution vulnerability
  MITRE:28207  oval:org.mitre.oval:def:28207: TrueType font parsing vulnerability
  MITRE:28867  oval:org.mitre.oval:def:28867: VBScript memory corruption vulnerability
  MITRE:28822  oval:org.mitre.oval:def:28822: Internet Explorer clipboard information disclosure vulnerability
  MITRE:28840  oval:org.mitre.oval:def:28840: Internet Explorer memory corruption vulnerability
  MITRE:28932  oval:org.mitre.oval:def:28932: Service control manager elevation of privilege vulnerability
  MITRE:28993  oval:org.mitre.oval:def:28993: Internet Explorer memory corruption vulnerability
  MITRE:28984  oval:org.mitre.oval:def:28984: Internet Explorer memory corruption vulnerability
  MITRE:28815  oval:org.mitre.oval:def:28815: Internet Explorer elevation of privilege vulnerability
  MITRE:28753  oval:org.mitre.oval:def:28753: Internet Explorer memory corruption vulnerability
  MITRE:28692  oval:org.mitre.oval:def:28692: Internet Explorer elevation of privilege vulnerability
  MITRE:28739  oval:org.mitre.oval:def:28739: .NET XML decryption denial of service vulnerability
  MITRE:28555  oval:org.mitre.oval:def:28555: Microsoft windows kernel memory disclosure vulnerability
  MITRE:28473  oval:org.mitre.oval:def:28473: Internet Explorer memory corruption vulnerability
  MITRE:28672  oval:org.mitre.oval:def:28672: Schannel information disclosure vulnerability
  MITRE:29018  oval:org.mitre.oval:def:29018: Microsoft Management Console file format denial of service vulnerability
  MITRE:29001  oval:org.mitre.oval:def:29001: Microsoft windows kernel memory disclosure vulnerability
  MITRE:28745  oval:org.mitre.oval:def:28745: VBScript and JScript ASLR bypass vulnerability
  MITRE:29000  oval:org.mitre.oval:def:29000: Internet Explorer memory corruption vulnerability
  MITRE:28936  oval:org.mitre.oval:def:28936: Windows Journal remote code execution vulnerability
  MITRE:28742  oval:org.mitre.oval:def:28742: Windows Journal remote code execution vulnerability
  MITRE:28405  oval:org.mitre.oval:def:28405: Internet Explorer memory corruption vulnerability
  MITRE:28162  oval:org.mitre.oval:def:28162: Internet Explorer memory corruption vulnerability
  MITRE:28699  oval:org.mitre.oval:def:28699: Windows Kernel security feature bypass vulnerability
  MITRE:28517  oval:org.mitre.oval:def:28517: Windows Journal remote code execution vulnerability
  MITRE:28924  oval:org.mitre.oval:def:28924: Microsoft SharePoint page content vulnerabilities
  MITRE:28340  oval:org.mitre.oval:def:28340: Internet Explorer memory corruption vulnerability
  MITRE:28883  oval:org.mitre.oval:def:28883: Microsoft windows kernel memory disclosure vulnerability
  MITRE:28876  oval:org.mitre.oval:def:28876: Microsoft windows kernel memory disclosure vulnerability
  MITRE:28068  oval:org.mitre.oval:def:28068: Microsoft windows kernel memory disclosure vulnerability
  MITRE:28723  oval:org.mitre.oval:def:28723: Microsoft Office memory corruption vulnerability
  MITRE:28808  oval:org.mitre.oval:def:28808: Microsoft windows kernel memory disclosure vulnerability
  MITRE:28390  oval:org.mitre.oval:def:28390: Windows Journal remote code execution vulnerability
  MITRE:28641  oval:org.mitre.oval:def:28641: Internet Explorer memory corruption vulnerability
  MITRE:28917  oval:org.mitre.oval:def:28917: Internet Explorer memory corruption vulnerability
  MITRE:28951  oval:org.mitre.oval:def:28951: Internet Explorer memory corruption vulnerability
  MITRE:28645  oval:org.mitre.oval:def:28645: Microsoft Office memory corruption vulnerability
  MITRE:28362  oval:org.mitre.oval:def:28362: OpenType Font parsing vulnerability
  MITRE:28167  oval:org.mitre.oval:def:28167: Internet Explorer memory corruption vulnerability

2015-05-16  CVE-2015-0717  Cisco Unified Communications Manager 10.0(1.10000.12) allows local users to gain privileges via a command string in an unspecified parameter, aka Bug ID CSCut19546.
  CVE-2015-0723  The wireless web-authentication subsystem on Cisco Wireless LAN Controller (WLC) devices 7.5.x and 7.6.x before 7.6.120 allows remote attackers to cause a denial of service (process crash and device restart) via a crafted value, aka Bug ID CSCum03269.
  CVE-2015-0726  The web administration interface on Cisco Wireless LAN Controller (WLC) devices before 7.0.241, 7.1.x through 7.4.x before 7.4.122, and 7.5.x and 7.6.x before 7.6.120 allows remote authenticated users to cause a denial of service (device crash) via...

2015-05-15  CVE-2015-0731  The ISDN implementation in Cisco IOS 15.3S allows remote attackers to cause a denial of service (device reload) via malformed Q931 SETUP messages, aka Bug ID CSCut37890.

2015-05-12  MITRE:28575  oval:org.mitre.oval:def:28575: Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 could allow attackers to execute arbitrary code on Windows

2015-05-07  CVE-2015-1152  WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1153  WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1155  The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site.
  CVE-2015-1156  The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same...

2015-05-01  CVE-2014-8361  The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request.

2015-04-28  CVE-2015-0708  Cisco IOS 15.4S, 15.4SN, and 15.5S and IOS XE 3.13S and 3.14S allow remote attackers to cause a denial of service (device crash) by including an IA_NA option in a DHCPv6 Solicit message on the local network, aka Bug ID CSCur29956.
  CVE-2015-0709  Cisco IOS 15.5S and IOS XE allow remote authenticated users to cause a denial of service (device crash) by leveraging knowledge of the RADIUS secret and sending crafted RADIUS packets, aka Bug ID CSCur21348.
  CVE-2015-0710  The Overlay Transport Virtualization (OTV) implementation in Cisco IOS XE 3.10S allows remote attackers to cause a denial of service (device reload) via a series of packets that are considered oversized and trigger improper fragmentation handling,...

2015-04-24  MITRE:29009  oval:org.mitre.oval:def:29009: MSXML3 same origin policy SFB vulnerability

2015-04-21  MITRE:28865  oval:org.mitre.oval:def:28865: Internet Explorer memory corruption vulnerability
  MITRE:28704  oval:org.mitre.oval:def:28704: Internet Explorer memory corruption vulnerability
  MITRE:28783  oval:org.mitre.oval:def:28783: Internet Explorer memory corruption vulnerability
  MITRE:27908  oval:org.mitre.oval:def:27908: Internet Explorer memory corruption vulnerability
  MITRE:28523  oval:org.mitre.oval:def:28523: Microsoft SharePoint XSS vulnerability
  MITRE:28895  oval:org.mitre.oval:def:28895: Internet Explorer memory corruption vulnerability
  MITRE:27899  oval:org.mitre.oval:def:27899: Internet Explorer memory corruption vulnerability
  MITRE:28574  oval:org.mitre.oval:def:28574: Internet Explorer memory corruption vulnerability
  MITRE:28821  oval:org.mitre.oval:def:28821: Internet Explorer ASLR bypass vulnerability
  MITRE:28709  oval:org.mitre.oval:def:28709: Internet Explorer memory corruption vulnerability
  MITRE:28861  oval:org.mitre.oval:def:28861: Internet Explorer memory corruption vulnerability
  MITRE:28565  oval:org.mitre.oval:def:28565: Microsoft SharePoint XSS vulnerability

2015-04-17  MITRE:28782  oval:org.mitre.oval:def:28782: Active Directory Federation Services information disclosure vulnerability
  MITRE:27878  oval:org.mitre.oval:def:27878: Microsoft office memory corruption vulnerability
  MITRE:28690  oval:org.mitre.oval:def:28690: Microsoft office component use after free vulnerability
  MITRE:28831  oval:org.mitre.oval:def:28831: NtCreateTransactionManager type confusion vulnerability
  MITRE:28752  oval:org.mitre.oval:def:28752: Microsoft office component use after free vulnerability
  MITRE:28101  oval:org.mitre.oval:def:28101: EMF processing remote code execution vulnerability
  MITRE:28561  oval:org.mitre.oval:def:28561: Microsoft office component use after free vulnerability
  MITRE:28603  oval:org.mitre.oval:def:28603: Windows MS-DOS device name vulnerability
  MITRE:28116  oval:org.mitre.oval:def:28116: ASP.NET information disclosure vulnerability
  MITRE:28623  oval:org.mitre.oval:def:28623: HTTP.sys Remote code execution vulnerability
  MITRE:28397  oval:org.mitre.oval:def:28397: Windows Hyper-V DoS vulnerability

2015-04-16  CVE-2015-0695  Cisco IOS XR 4.3.4 through 5.3.0 on ASR 9000 devices, when uRPF, PBR, QoS, or an ACL is configured, does not properly handle bridge-group virtual interface (BVI) traffic, which allows remote attackers to cause a denial of service (chip and card...

2015-04-10  CVE-2015-1087  Directory traversal vulnerability in Backup in Apple iOS before 8.3 allows attackers to read arbitrary files via a crafted relative path.
  CVE-2015-1088  CFURL in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly validate URLs, which allows remote attackers to execute arbitrary code via a crafted web site.
  CVE-2015-1089  CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
  CVE-2015-1090  CFNetwork in Apple iOS before 8.3 does not delete HTTP Strict Transport Security (HSTS) state information in response to a Safari history-clearing action, which allows attackers to obtain sensitive information by reading a history file.
  CVE-2015-1091  The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin...
  CVE-2015-1092  NSXMLParser in Foundation in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity...
  CVE-2015-1093  FontParser in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
  CVE-2015-1094  IOAcceleratorFamily in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.
  CVE-2015-1095  IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HID device.
  CVE-2015-3002  Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D15, and 12.3X48 before 12.3X48-D10 on SRX series devices does not properly enforce the log-out-on-disconnect feature when configured in the [system port...
  CVE-2015-3003  Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R6, 13.3 before 13.3R5, 14.1 before 14.1R3, and 14.2 before 14.2R1 allows local users...
  CVE-2015-3004  J-Web in Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D35, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D10, 12.3X48 before 12.3X48-D10, 12.2 before 12.2R9, 12.3 before 12.3R7, 13.2 before 13.2R6, 13.2X51 before 13.2X51-D20, 13.3...
  CVE-2015-3005  Cross-site scripting (XSS) vulnerability in the Dynamic VPN in Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, and 12.3X48 before 12.3X48-D10 on SRX series devices allows remote attackers to inject...
  CVE-2015-1096  IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.
  CVE-2015-1097  IOMobileFramebuffer in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.
  CVE-2015-1098  iWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file.
  CVE-2015-1099  Race condition in the setreuid system-call implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service via a crafted app.
  CVE-2015-1100  The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (out-of-bounds memory access) or obtain sensitive memory-content information via a crafted app.
  CVE-2015-1101  The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
  CVE-2015-1102  The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly handle TCP headers, which allows man-in-the-middle attackers to cause a denial of service via unspecified vectors.
  CVE-2015-1103  The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 makes routing changes in response to ICMP_REDIRECT messages, which allows remote attackers to cause a denial of service (network outage) or obtain...
  CVE-2015-1104  The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly determine whether an IPv6 packet had a local origin, which allows remote attackers to bypass an intended network-filtering...
  CVE-2015-1105  The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly implement the Urgent (aka out-of-band data) mechanism, which allows remote attackers to cause a denial...
  CVE-2015-1106  The QuickType feature in the Keyboards subsystem in Apple iOS before 8.3 allows physically proximate attackers to discover passcodes by reading the lock screen during use of a Bluetooth keyboard.
  CVE-2015-1085  AppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation interface, which makes it easier for attackers to verify correct passcode guesses via a crafted app.
  CVE-2015-1086  The Audio Drivers subsystem in Apple iOS before 8.3 and Apple TV before 7.2 does not properly validate IOKit object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
  CVE-2015-1107  The Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature for incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making...
  CVE-2015-1108  The Lock Screen component in Apple iOS before 8.3 does not properly enforce the limit on incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.
  CVE-2015-1109  NetworkExtension in Apple iOS before 8.3 stores credentials in VPN configuration logs, which makes it easier for physically proximate attackers to obtain sensitive information by reading a log file.
  CVE-2015-1110  The Podcasts component in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to discover unique identifiers by reading asset-download request data.
  CVE-2015-1111  Safari in Apple iOS before 8.3 does not delete Recently Closed Tabs data in response to a history-clearing action, which allows attackers to obtain sensitive information by reading a history file.
  CVE-2015-1112  Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and other platforms, does not properly delete browsing-history data from the history.plist file, which allows attackers to obtain sensitive...
  CVE-2015-1113  The Sandbox Profiles component in Apple iOS before 8.3 allows attackers to read the (1) telephone number or (2) e-mail address of a recent contact via a crafted app.
  CVE-2015-1114  The Sandbox Profiles component in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to discover hardware identifiers via a crafted app.
  CVE-2015-1115  The Telephony component in Apple iOS before 8.3 allows attackers to bypass a sandbox protection mechanism and access unintended telephone capabilities via a crafted app.
  CVE-2015-1116  The UIKit View component in Apple iOS before 8.3 displays unblurred application snapshots in the Task Switcher, which makes it easier for physically proximate attackers to obtain sensitive information by reading the device screen.
  CVE-2015-1117  The (1) setreuid and (2) setregid system-call implementations in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 do not properly perform privilege drops, which makes it easier for attackers to...
  CVE-2015-1118  libnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (memory corruption and application crash) via a crafted configuration profile.
  CVE-2015-1119  WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption...
  CVE-2015-1120  WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption...
  CVE-2015-1121  WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption...
  CVE-2015-1122  WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption...
  CVE-2015-1123  WebKit, as used in Apple iOS before 8.3 and Apple TV before 7.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2015-1124  WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption...
  CVE-2015-1125  The touch-events implementation in WebKit in Apple iOS before 8.3 allows remote attackers to trigger an association between a tap and an unintended web resource via a crafted web site.
  CVE-2015-1126  WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource...
  CVE-2015-1129  Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site.

2015-04-06  CVE-2015-0690  Cross-site scripting (XSS) vulnerability in the HTML help system on Cisco Wireless LAN Controller (WLC) devices before 8.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCun95178.

2015-04-03  CVE-2015-0688  Cisco IOS XE 3.10.2S on an ASR 1000 device with an Embedded Services Processor (ESP) module, when NAT is enabled, allows remote attackers to cause a denial of service (module crash) via malformed H.323 packets, aka Bug ID CSCup21070.

2015-04-02  CVE-2015-0685  Cisco IOS XE before 3.7.5S on ASR 1000 devices does not properly handle route adjacencies, which allows remote attackers to cause a denial of service (device hang) via crafted IP packets, aka Bug ID CSCub31873.
  CVE-2015-0686  The SNMP implementation in Cisco NX-OS 6.1(2)I2(3) on Nexus 9000 devices, when a Reset High Availability (HA) policy is configured, allows remote authenticated users to cause a denial of service (device reload) via unspecified vectors, aka Bug ID...
  CVE-2015-0687  The SNMP implementation in Cisco IOS 15.1(2)SG4 on Catalyst 4500 devices, when single-switch Virtual Switching System (VSS) is configured, allows remote authenticated users to cause a denial of service (device crash) by performing SNMP polling, aka...

2015-03-27  CVE-2015-0658  The DHCP implementation in the PowerOn Auto Provisioning (POAP) feature in Cisco NX-OS does not properly restrict the initialization process, which allows remote attackers to execute arbitrary commands as root by sending crafted response packets on...
  CVE-2015-0679  The web-authentication functionality on Cisco Wireless LAN Controller (WLC) devices 7.3(103.8) and 7.4(110.0) allows remote attackers to cause a denial of service (device reload) via a malformed password, aka Bug ID CSCui57980.
  CVE-2015-0680  Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq44439.

2015-03-26  CVE-2015-0635  The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to spoof Autonomic Networking Registration Authority (ANRA)...
  CVE-2015-0648  Memory leak in Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (memory consumption) via crafted Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun49658.
  CVE-2015-0636  The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (disrupted domain access) via...
  CVE-2015-0637  The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (device reload) via spoofed AN...
  CVE-2015-0638  Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge) via crafted ICMPv4 packets, aka Bug ID CSCsi02145.
  CVE-2015-0639  The Common Flow Table (CFT) feature in Cisco IOS XE 3.6 and 3.7 before 3.7.1S, 3.8 before 3.8.0S, 3.9 before 3.9.0S, 3.10 before 3.10.0S, 3.11 before 3.11.0S, 3.12 before 3.12.0S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S,...
  CVE-2015-0640  The high-speed logging (HSL) feature in Cisco IOS XE 2.x and 3.x before 3.10.4S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device...
  CVE-2015-0641  Cisco IOS XE 2.x and 3.x before 3.9.0S, 3.10 before 3.10.0S, 3.11 before 3.11.0S, 3.12 before 3.12.0S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device reload) via crafted...
  CVE-2015-0642  Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before 3.13.2S allow remote attackers to cause a denial of...
  CVE-2015-0643  Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before 3.13.2S allow remote attackers to cause a denial of...
  CVE-2015-0644  AppNav in Cisco IOS XE 3.8 through 3.10 before 3.10.3S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to execute arbitrary code or cause a denial of service...
  CVE-2015-0645  The Layer 4 Redirect (L4R) feature in Cisco IOS XE 2.x and 3.x before 3.10.4S, 3.11 before 3.11.3S, 3.12 before 3.12.2S, 3.13 before 3.13.1S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device...
  CVE-2015-0646  Memory leak in the TCP input module in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.3.xXO, 3.5.xE, 3.6.xE, 3.8.xS through 3.10.xS before 3.10.5S, and 3.11.xS and 3.12.xS before 3.12.3S allows remote attackers to cause a denial of...
  CVE-2015-0647  Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) UDP packets, aka Bug ID CSCum98371.
  CVE-2015-0649  Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun63514.
  CVE-2015-0650  The Service Discovery Gateway (aka mDNS Gateway) in Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 3.9.xS and 3.10.xS before 3.10.4S, 3.11.xS before 3.11.3S, 3.12.xS before 3.12.2S, and 3.13.xS before 3.13.1S allows remote...
  CVE-2015-0672  The DHCPv4 server in Cisco IOS XR 5.2.2 on ASR 9000 devices allows remote attackers to cause a denial of service (service outage) via a flood of crafted DHCP packets, aka Bug ID CSCup67822.

2015-03-20  CVE-2015-0669  The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 15.4S and 15.4(3)S allows remote attackers to modify configuration settings or cause a denial of service (partial service outage) by sending crafted Autonomic Networking (AN)...

2015-03-18  CVE-2015-1068  WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1069  WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1070  WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1071  WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1072  WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1073  WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1074  WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1076  WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1077  WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1078  WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1079  WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1080  WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1081  WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1082  WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1083  WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2015-1084  The user interface in WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, does not display URLs consistently, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL.

2015-03-17  MITRE:28851  oval:org.mitre.oval:def:28851: Microsoft word local zone remote code execution vulnerability
  MITRE:27875  oval:org.mitre.oval:def:27875: Microsoft SharePoint xss vulnerability
  MITRE:28356  oval:org.mitre.oval:def:28356: Microsoft office memory corruption vulnerability
  MITRE:28562  oval:org.mitre.oval:def:28562: Vulnerability in Microsoft Schannel could allow security feature bypass
  MITRE:28658  oval:org.mitre.oval:def:28658: Microsoft SharePoint xss vulnerability
  MITRE:28631  oval:org.mitre.oval:def:28631: Microsoft office component use after free vulnerability

2015-03-16  MITRE:28803  oval:org.mitre.oval:def:28803: Microsoft windows kernel memory disclosure vulnerability
  MITRE:28807  oval:org.mitre.oval:def:28807: Adobe font driver remote code execution vulnerability
  MITRE:28670  oval:org.mitre.oval:def:28670: Internet Explorer memory corruption vulnerability
  MITRE:28675  oval:org.mitre.oval:def:28675: JPEG XR parser information disclosure vulnerability
  MITRE:28813  oval:org.mitre.oval:def:28813: Win32k elevation of privilege vulnerability
  MITRE:28768  oval:org.mitre.oval:def:28768: Internet Explorer memory corruption vulnerability
  MITRE:28797  oval:org.mitre.oval:def:28797: VBScript memory corruption vulnerability
  MITRE:28656  oval:org.mitre.oval:def:28656: Microsoft windows kernel memory disclosure vulnerability
  MITRE:28811  oval:org.mitre.oval:def:28811: OWA modified canary parameter cross site scripting vulnerability
  MITRE:28780  oval:org.mitre.oval:def:28780: Task scheduler security feature bypass vulnerability
  MITRE:28843  oval:org.mitre.oval:def:28843: Internet Explorer memory corruption vulnerability
  MITRE:27987  oval:org.mitre.oval:def:27987: WTS remote code execution vulnerability
  MITRE:28487  oval:org.mitre.oval:def:28487: Internet Explorer memory corruption vulnerability
  MITRE:28847  oval:org.mitre.oval:def:28847: Remote desktop protocol
  MITRE:28464  oval:org.mitre.oval:def:28464: Internet Explorer memory corruption vulnerability
  MITRE:28730  oval:org.mitre.oval:def:28730: Adobe font driver denial of service vulnerability
  MITRE:28609  oval:org.mitre.oval:def:28609: DLL planting remote code execution vulnerability
  MITRE:28816  oval:org.mitre.oval:def:28816: Registry virtualization elevation of privilege vulnerability
  MITRE:28605  oval:org.mitre.oval:def:28605: Internet Explorer elevation of privilege vulnerability
  MITRE:28738  oval:org.mitre.oval:def:28738: Adobe font driver remote code execution vulnerability
  MITRE:28844  oval:org.mitre.oval:def:28844: Impersonation level check elevation of privilege vulnerability
  MITRE:28294  oval:org.mitre.oval:def:28294: Exchange forged meeting request spoofing vulnerability
  MITRE:28684  oval:org.mitre.oval:def:28684: Adobe font driver remote code execution vulnerability
  MITRE:28757  oval:org.mitre.oval:def:28757: Internet Explorer memory corruption vulnerability
  MITRE:28469  oval:org.mitre.oval:def:28469: Adobe font driver information disclosure vulnerability
  MITRE:28737  oval:org.mitre.oval:def:28737: Internet Explorer elevation of privilege vulnerability
  MITRE:28836  oval:org.mitre.oval:def:28836: Internet Explorer memory corruption vulnerability
  MITRE:28667  oval:org.mitre.oval:def:28667: Microsoft windows kernel memory disclosure vulnerability
  MITRE:28770  oval:org.mitre.oval:def:28770: Adobe font driver remote code execution vulnerability
  MITRE:28549  oval:org.mitre.oval:def:28549: Adobe font driver information disclosure vulnerability
  MITRE:28781  oval:org.mitre.oval:def:28781: Internet Explorer memory corruption vulnerability
  MITRE:28524  oval:org.mitre.oval:def:28524: Audit report cross site scripting vulnerability
  MITRE:28569  oval:org.mitre.oval:def:28569: Internet Explorer memory corruption vulnerability
  MITRE:28428  oval:org.mitre.oval:def:28428: Malformed PNG parsing information disclosure vulnerability
  MITRE:28748  oval:org.mitre.oval:def:28748: ExchangeDLP cross site scripting vulnerability
  MITRE:28863  oval:org.mitre.oval:def:28863: NETLOGON spoofing vulnerability
  MITRE:28771  oval:org.mitre.oval:def:28771: Adobe font driver remote code execution vulnerability
  MITRE:27900  oval:org.mitre.oval:def:27900: Exchange error message cross site scripting vulnerability

2015-03-12  CVE-2015-1061  IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages "type confusion" during serialized-object handling.
  CVE-2015-1062  MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 does not delete invalid disk-image folders, which allows attackers to create folders in arbitrary filesystem locations via a crafted app.
  CVE-2015-1063  CoreTelephony in Apple iOS before 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a Class 0 SMS message.
  CVE-2015-1064  Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the activation process.
  CVE-2015-1065  Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 and Apple OS X through 10.10.2 allow man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream during keychain recovery.

2015-03-10  CVE-2015-1067  Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to...

2015-03-05  CVE-2015-0598  The RADIUS implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted IPv6 Attributes in Access-Accept packets, aka Bug IDs CSCur84322 and CSCur27693.
  CVE-2015-0607  The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that...
  CVE-2015-0657  Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCur69192.
  CVE-2015-0659  The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS allows remote attackers to trigger self-referential adjacencies via a crafted Autonomic Networking (AN) message, aka Bug ID CSCup62157.
  CVE-2015-0661  The SNMPv2 implementation in Cisco IOS XR allows remote authenticated users to cause a denial of service (snmpd daemon reload) via a malformed SNMP packet, aka Bug ID CSCur25858.

2015-03-04  CVE-2015-0204  FREAK: SSL/TLS vulnerability

2015-02-26  CVE-2015-0632  Race condition in the Neighbor Discovery (ND) protocol implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service via a flood of Router Solicitation messages on the local network, aka Bug ID CSCuo67770.

2015-02-21  CVE-2015-0618  Cisco IOS XR 5.0.1 and 5.2.1 on Network Convergence System (NCS) 6000 devices and 5.1.3 and 5.1.4 on Carrier Routing System X (CRS-X) devices allows remote attackers to cause a denial of service (line-card reload) via malformed IPv6 packets with...

2015-02-20  CVE-2015-2077  MITM installed: Superfish adware
  CVE-2015-2078  MITM installed: Superfish certificate

2015-02-18  CVE-2015-0622  The Wireless Intrusion Detection (aka WIDS) functionality on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service (device outage) via crafted packets that are improperly handled during rendering of the...

2015-02-15  CVE-2015-0609  Race condition in the Common Classification Engine (CCE) in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via...
  CVE-2015-1474  Multiple integer overflows in the GraphicBuffer::unflatten function in platform/frameworks/native/libs/ui/GraphicBuffer.cpp in Android through 5.0 allow attackers to gain privileges or cause a denial of service (memory corruption)...

2015-02-13  MITRE:28402  oval:org.mitre.oval:def:28402: Internet Explorer memory corruption vulnerability
  MITRE:28347  oval:org.mitre.oval:def:28347: Internet Explorer memory corruption vulnerability
  MITRE:28449  oval:org.mitre.oval:def:28449: Internet Explorer ASLR bypass vulnerability
  MITRE:28750  oval:org.mitre.oval:def:28750: Internet Explorer memory corruption vulnerability
  MITRE:28382  oval:org.mitre.oval:def:28382: Internet Explorer memory corruption vulnerability
  MITRE:28540  oval:org.mitre.oval:def:28540: Internet Explorer memory corruption vulnerability
  MITRE:28394  oval:org.mitre.oval:def:28394: Internet Explorer memory corruption vulnerability
  MITRE:28728  oval:org.mitre.oval:def:28728: Internet Explorer elevation of privilege vulnerability
  MITRE:28666  oval:org.mitre.oval:def:28666: Internet Explorer memory corruption vulnerability
  MITRE:28700  oval:org.mitre.oval:def:28700: Group Policy remote code execution vulnerability
  MITRE:28668  oval:org.mitre.oval:def:28668: Microsoft Office component use after free vulnerability
  MITRE:28718  oval:org.mitre.oval:def:28718: Internet Explorer memory corruption vulnerability
  MITRE:27765  oval:org.mitre.oval:def:27765: Internet Explorer memory corruption vulnerability
  MITRE:28558  oval:org.mitre.oval:def:28558: Internet Explorer memory corruption vulnerability
  MITRE:28689  oval:org.mitre.oval:def:28689: Win32k elevation of privilege vulnerability
  MITRE:28731  oval:org.mitre.oval:def:28731: TIFF Processing information disclosure vulnerability
  MITRE:28272  oval:org.mitre.oval:def:28272: Internet Explorer memory corruption vulnerability
  MITRE:27957  oval:org.mitre.oval:def:27957: Internet Explorer memory corruption vulnerability
  MITRE:28486  oval:org.mitre.oval:def:28486: Internet Explorer ASLR bypass vulnerability
  MITRE:28653  oval:org.mitre.oval:def:28653: Internet Explorer memory corruption vulnerability
  MITRE:28711  oval:org.mitre.oval:def:28711: Internet Explorer memory corruption vulnerability
  MITRE:28735  oval:org.mitre.oval:def:28735: Internet Explorer memory corruption vulnerability
  MITRE:28074  oval:org.mitre.oval:def:28074: Office remote code execution vulnerability
  MITRE:28395  oval:org.mitre.oval:def:28395: Internet Explorer memory corruption vulnerability
  MITRE:28202  oval:org.mitre.oval:def:28202: CNG security feature bypass vulnerability
  MITRE:28633  oval:org.mitre.oval:def:28633: TrueType font parsing remote code execution vulnerability
  MITRE:28764  oval:org.mitre.oval:def:28764: Windows create process elevation of privilege vulnerability
  MITRE:28688  oval:org.mitre.oval:def:28688: Windows font driver denial of service vulnerability
  MITRE:28691  oval:org.mitre.oval:def:28691: Internet Explorer memory corruption vulnerability
  MITRE:28573  oval:org.mitre.oval:def:28573: Internet Explorer memory corruption vulnerability
  MITRE:28683  oval:org.mitre.oval:def:28683: Internet Explorer memory corruption vulnerability
  MITRE:28695  oval:org.mitre.oval:def:28695: Internet Explorer memory corruption vulnerability
  MITRE:27977  oval:org.mitre.oval:def:27977: Internet Explorer memory corruption vulnerability
  MITRE:28590  oval:org.mitre.oval:def:28590: Internet Explorer memory corruption vulnerability
  MITRE:28762  oval:org.mitre.oval:def:28762: Microsoft schannel remote code execution vulnerability
  MITRE:28598  oval:org.mitre.oval:def:28598: OneTableDocumentStream remote code execution vulnerability
  MITRE:28475  oval:org.mitre.oval:def:28475: Internet Explorer memory corruption vulnerability
  MITRE:28413  oval:org.mitre.oval:def:28413: Internet Explorer memory corruption vulnerability
  MITRE:28257  oval:org.mitre.oval:def:28257: Internet Explorer ASLR bypass vulnerability
  MITRE:28018  oval:org.mitre.oval:def:28018: Internet Explorer cross-domain information disclosure vulnerability
  MITRE:28384  oval:org.mitre.oval:def:28384: Internet Explorer memory corruption vulnerability
  MITRE:28767  oval:org.mitre.oval:def:28767: Group Policy security feature bypass vulnerability
  MITRE:28732  oval:org.mitre.oval:def:28732: Internet Explorer memory corruption vulnerability
  MITRE:28193  oval:org.mitre.oval:def:28193: Internet Explorer elevation of privilege vulnerability
  MITRE:28383  oval:org.mitre.oval:def:28383: Internet Explorer memory corruption vulnerability
  MITRE:28639  oval:org.mitre.oval:def:28639: Internet Explorer memory corruption vulnerability
  MITRE:27780  oval:org.mitre.oval:def:27780: Microsoft schannel remote code execution vulnerability
  MITRE:28522  oval:org.mitre.oval:def:28522: Internet Explorer memory corruption vulnerability
  MITRE:28337  oval:org.mitre.oval:def:28337: Internet Explorer memory corruption vulnerability
  MITRE:28021  oval:org.mitre.oval:def:28021: Internet Explorer memory corruption vulnerability
  MITRE:28714  oval:org.mitre.oval:def:28714: Internet Explorer memory corruption vulnerability
  MITRE:28548  oval:org.mitre.oval:def:28548: Internet Explorer use-after-free vulnerability
  MITRE:27772  oval:org.mitre.oval:def:27772: Internet Explorer memory corruption vulnerability
  MITRE:28663  oval:org.mitre.oval:def:28663: Internet Explorer memory corruption vulnerability
  MITRE:28604  oval:org.mitre.oval:def:28604: Excel remote code execution vulnerability

2015-02-12  CVE-2015-0593  The Zone-Based Firewall implementation in Cisco IOS 12.4(122)T and earlier does not properly manage session-object structures, which allows remote attackers to cause a denial of service (device reload) via crafted network traffic, aka Bug ID CSCul65003.

2015-02-11  CVE-2015-0592  The Zone-Based Firewall implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers incorrect kernel-timer handling, aka Bug ID CSCuh25672.
  CVE-2015-0606  The IOS Shell in Cisco IOS allows local users to cause a denial of service (device crash) via unspecified commands, aka Bug ID CSCur59696.
  CVE-2015-0608  Race condition in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers improper...
  CVE-2015-0610  Race condition in the object-group ACL feature in Cisco IOS 15.5(2)T and earlier allows remote attackers to bypass intended access restrictions via crafted network traffic that triggers improper handling of the timing of process switching and Cisco...

2015-02-05  MITRE:28602  oval:org.mitre.oval:def:28602: Adobe Flash Player 14.x though 16.0.0.296 and 13.x through 13.0.0.264 could crash and potentially allow system takeover on the Windows platform
  MITRE:28646  oval:org.mitre.oval:def:28646: Adobe Flash Player 14.x though 16.0.0.257 and 13.x through 13.0.0.260 could be used to circumvent memory randomization mitigations on the Windows platform
  MITRE:28471  oval:org.mitre.oval:def:28471: Adobe Flash Player 14.x though 16.0.0.287 and 13.x through 13.0.0.262 can cause a crash and potentially allow an attacker to take control of the Windows platform

2015-02-03  CVE-2014-8013  The TACACS+ command-authorization implementation in Cisco NX-OS allows local users to cause a denial of service (device reload) via a long CLI command, aka Bug ID CSCur54182.

2015-01-30  CVE-2014-4467  WebKit, as used in Apple iOS before 8.1.3, does not properly determine scrollbar boundaries during the rendering of FRAME elements, which allows remote attackers to spoof the UI via a crafted web site.
  CVE-2014-4476  WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory...
  CVE-2014-4477  WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory...
  CVE-2014-4479  WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory...
  CVE-2014-4480  Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink.
  CVE-2014-4481  Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
  CVE-2014-4483  Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font file...
  CVE-2014-4484  FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .dfont file.
  CVE-2014-4485  Buffer overflow in the XML parser in Foundation in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a...
  CVE-2014-4486  IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly handle resource lists and IOService userclient types, which allows attackers to execute arbitrary code or cause a...
  CVE-2014-4487  Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows attackers to execute arbitrary code in a privileged context via a crafted app.
  CVE-2014-4488  IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
  CVE-2014-4489  IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged context or cause a denial of...
  CVE-2014-4491  The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 do not prevent the presence of addresses within an OSBundleMachOHeaders key in a response, which makes it easier for...
  CVE-2014-4492  libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via...
  CVE-2014-4493  The app-installation functionality in MobileInstallation in Apple iOS before 8.1.3 allows attackers to obtain control of the local app container by leveraging access to an enterprise distribution certificate for signing a crafted app.
  CVE-2014-4494  Springboard in Apple iOS before 8.1.3 does not properly validate signatures when determining whether to solicit an app trust decision from the user, which allows attackers to bypass intended first-launch restrictions by leveraging...
  CVE-2014-4495  The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to bypass...
  CVE-2014-4496  The mach_port_kobject interface in the kernel in Apple iOS before 8.1.3 and Apple TV before 7.0.3 does not properly restrict kernel-address and heap-permutation information, which makes it easier for attackers to bypass the ASLR...
  CVE-2014-8840  The iTunes Store component in Apple iOS before 8.1.3 allows remote attackers to bypass a Safari sandbox protection mechanism by leveraging redirection of an SSL URL to the iTunes Store.

2015-01-28  MITRE:28438  oval:org.mitre.oval:def:28438: RHSA-2015:0092 -- glibc security update
  MITRE:28360  oval:org.mitre.oval:def:28360: RHSA-2015:0090 -- glibc security update
  MITRE:28622  oval:org.mitre.oval:def:28622: ELSA-2015-0092 -- glibc security update
  MITRE:28638  oval:org.mitre.oval:def:28638: ELSA-2015-0090 -- glibc security update
  CVE-2015-0586  The Network-Based Application Recognition (NBAR) protocol implementation in Cisco IOS 15.3(100)M and earlier on Cisco 2900 Integrated Services Router (aka Cisco Internet Router) devices allows remote attackers to cause a denial of service (NBAR...

2015-01-22  CVE-2014-8008  Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414.

2015-01-16  MITRE:28634  oval:org.mitre.oval:def:28634: Windows Error Reporting security feature bypass vulnerability
  MITRE:28664  oval:org.mitre.oval:def:28664: Graphics component information disclosure vulnerability
  MITRE:28478  oval:org.mitre.oval:def:28478: Network policy server RADIUS implementation denial of service vulnerability
  MITRE:28717  oval:org.mitre.oval:def:28717: Directory Traversal elevation of privilege vulnerability
  MITRE:28330  oval:org.mitre.oval:def:28330: Microsoft user profile service elevation of privilege vulnerability
  MITRE:28297  oval:org.mitre.oval:def:28297: NLA Security Feature Bypass Vulnerability
  MITRE:28554  oval:org.mitre.oval:def:28554: Windows Telnet service buffer overflow vulnerability
  MITRE:27743  oval:org.mitre.oval:def:27743: WebDAV elevation of privilege vulnerability
  CVE-2014-6385  Juniper Junos 11.4 before 11.4R13, 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D15, 12.2 before 12.2R9, 12.3R7 before 12.3R7-S1, 12.3 before 12.3R8, 13.1 before 13.1R5, 13.2 before 13.2R6, 13.3 before 13.3R4, 14.1...
  CVE-2014-6382  The Juniper MX Series routers with Junos 13.3R3 through 13.3Rx before 13.3R6, 14.1 before 14.1R4, 14.1X50 before 14.1X50-D70, and 14.2 before 14.2R2, when configured as a broadband edge (BBE) router, allows remote attackers to cause a denial of...
  CVE-2014-6383  The stateless firewall in Juniper Junos 13.3R3, 14.1R1, and 14.1R2, when using Trio-based PFE modules, does not properly match ports, which might allow remote attackers to bypass firewall rule.
  CVE-2014-6384  Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D15, 12.3 before 12.3R9, 13.1 before 13.1R4-S3, 13.2 before 13.2R6, 13.3 before 13.3R5, 14.1 before 14.1R3, and 14.2 before 14.2R1 does not properly handle...
  CVE-2014-6386  Juniper Junos 11.4 before 11.4R8, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R9, 12.3R2 before 12.3R2-S3, 12.3 before 12.3R3, 13.1 before 13.1R4, and 13.2 before...

2015-01-09  CVE-2015-0582  The High Availability (HA) subsystem in Cisco NX-OS on MDS 9000 devices allows remote attackers to cause a denial of service via crafted traffic, aka Bug ID CSCuo09129.

2014-12-30  MITRE:28532  oval:org.mitre.oval:def:28532: RHSA-2014:2021 -- jasper security update
  MITRE:28585  oval:org.mitre.oval:def:28585: SUSE-SU-2014:1652-1 -- Security update for cpio
  MITRE:28044  oval:org.mitre.oval:def:28044: SUSE-SU-2014:1557-2 -- Security update for compat-openssl097g
  MITRE:28460  oval:org.mitre.oval:def:28460: RHSA-2014:2025 -- ntp security update
  MITRE:28652  oval:org.mitre.oval:def:28652: RHSA-2014:1982 -- xorg-x11-server security update
  MITRE:28498  oval:org.mitre.oval:def:28498: RHSA-2014:1985 -- bind97 security update
  MITRE:28385  oval:org.mitre.oval:def:28385: RHSA-2014:1999 -- mailx security update
  MITRE:28661  oval:org.mitre.oval:def:28661: RHSA-2014:1974 -- rpm security update
  MITRE:28630  oval:org.mitre.oval:def:28630: RHSA-2014:2010 -- kernel security update
  MITRE:28314  oval:org.mitre.oval:def:28314: SUSE-SU-2014:1615-1 -- Security update for pidgin
  MITRE:27703  oval:org.mitre.oval:def:27703: RHSA-2014:1997 -- kernel security and bug fix update
  MITRE:28685  oval:org.mitre.oval:def:28685: SUSE-SU-2014:1628-1 -- Security update for gnutls
  MITRE:28659  oval:org.mitre.oval:def:28659: SUSE-SU-2014:1649-1 -- Security update for flash-player
  MITRE:28439  oval:org.mitre.oval:def:28439: RHSA-2014:2023 -- glibc security and bug fix update
  MITRE:28588  oval:org.mitre.oval:def:28588: RHSA-2014:1984 -- bind security update
  MITRE:28483  oval:org.mitre.oval:def:28483: RHSA-2014:2024 -- ntp security update
  MITRE:28676  oval:org.mitre.oval:def:28676: SUSE-SU-2014:1592-1 -- Security update for tigervnc
  MITRE:28453  oval:org.mitre.oval:def:28453: RHSA-2014:2008 -- kernel security update
  MITRE:28399  oval:org.mitre.oval:def:28399: RHSA-2014:1971 -- kernel security and bug fix update
  MITRE:28097  oval:org.mitre.oval:def:28097: SUSE-SU-2014:1549-1 -- Security update for java-1_7_1-ibm
  MITRE:28437  oval:org.mitre.oval:def:28437: RHSA-2014:1976 -- rpm security update
  MITRE:28466  oval:org.mitre.oval:def:28466: SUSE-SU-2014:1555-1 -- Security update for file
  MITRE:28571  oval:org.mitre.oval:def:28571: SUSE-SU-2014:1650-1 -- Security update for flash-player
  MITRE:28591  oval:org.mitre.oval:def:28591: SUSE-SU-2014:1595-1 -- Security update for ImageMagick
  MITRE:28499  oval:org.mitre.oval:def:28499: SUSE-SU-2014:1545-1 -- Security update for flash-player
  MITRE:28613  oval:org.mitre.oval:def:28613: RHSA-2014:1983 -- xorg-x11-server security update
  MITRE:28176  oval:org.mitre.oval:def:28176: SUSE-SU-2014:1623-1 -- Security update for pidgin

2014-12-22  MITRE:28612  oval:org.mitre.oval:def:28612: ELSA-2014-1997 -- kernel security and bug fix update
  MITRE:28324  oval:org.mitre.oval:def:28324: ELSA-2014-1999 -- mailx security update
  MITRE:28192  oval:org.mitre.oval:def:28192: ELSA-2014-2025 -- ntp security update
  MITRE:28616  oval:org.mitre.oval:def:28616: ELSA-2014-2008-1 -- kernel security update
  MITRE:28088  oval:org.mitre.oval:def:28088: ELSA-2014-2023 -- glibc security and bug fix update
  MITRE:28420  oval:org.mitre.oval:def:28420: ELSA-2014-2021 -- jasper security update
  MITRE:28304  oval:org.mitre.oval:def:28304: ELSA-2014-2024 -- ntp security update
  MITRE:28310  oval:org.mitre.oval:def:28310: ELSA-2014-2010 -- kernel security update
  MITRE:28418  oval:org.mitre.oval:def:28418: ELSA-2014-1971 -- kernel security and bug fix update
  MITRE:27668  oval:org.mitre.oval:def:27668: ELSA-2014-3105 -- Unbreakable Enterprise kernel security update
  MITRE:28492  oval:org.mitre.oval:def:28492: ELSA-2014-3107 -- Unbreakable Enterprise kernel security update
  MITRE:28543  oval:org.mitre.oval:def:28543: ELSA-2014-1983 -- xorg-x11-server security update
  MITRE:28387  oval:org.mitre.oval:def:28387: ELSA-2014-2008 -- kernel security update
  MITRE:28079  oval:org.mitre.oval:def:28079: ELSA-2014-1985 -- bind97 security update
  MITRE:28615  oval:org.mitre.oval:def:28615: ELSA-2014-1976 -- rpm security update
  MITRE:27915  oval:org.mitre.oval:def:27915: ELSA-2014-3106 -- Unbreakable Enterprise kernel security update
  MITRE:28577  oval:org.mitre.oval:def:28577: ELSA-2014-1982 -- xorg-x11-server security update
  MITRE:28305  oval:org.mitre.oval:def:28305: ELSA-2014-3103 -- Unbreakable Enterprise kernel security update
  MITRE:28485  oval:org.mitre.oval:def:28485: ELSA-2014-1984 -- bind security update
  MITRE:28261  oval:org.mitre.oval:def:28261: ELSA-2014-1974 -- rpm security update
  MITRE:28647  oval:org.mitre.oval:def:28647: ELSA-2014-3108 -- Unbreakable Enterprise kernel security update
  MITRE:28482  oval:org.mitre.oval:def:28482: ELSA-2014-3104 -- Unbreakable Enterprise kernel security update

2014-12-18  CVE-2014-8014  Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCub63710.

2014-12-17  CVE-2014-9322  arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that...

2014-12-15  CVE-2014-7911  luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization,...
  CVE-2014-8507  Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow remote attackers to execute arbitrary...
  CVE-2014-8609  The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers to use the SYSTEM uid for...
  CVE-2014-8610  AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit arbitrary new draft SMS messages or...

2014-12-12  MITRE:28328  oval:org.mitre.oval:def:28328: OWA XSS vulnerability () - MS14-075
  MITRE:28401  oval:org.mitre.oval:def:28401: Internet Explorer memory corruption vulnerability
  MITRE:28329  oval:org.mitre.oval:def:28329: Internet Explorer memory corruption vulnerability
  MITRE:27937  oval:org.mitre.oval:def:27937: Microsoft Office component use after free vulnerability
  MITRE:28006  oval:org.mitre.oval:def:28006: Use After Free Word Remote Code Execution Vulnerability
  MITRE:28084  oval:org.mitre.oval:def:28084: Graphics component information disclosure vulnerability
  MITRE:28404  oval:org.mitre.oval:def:28404: Internet Explorer memory corruption vulnerability
  MITRE:28280  oval:org.mitre.oval:def:28280: Global free remote code execution in excel vulnerability
  MITRE:28408  oval:org.mitre.oval:def:28408: Internet Explorer memory corruption vulnerability
  MITRE:28368  oval:org.mitre.oval:def:28368: Internet Explorer memory corruption vulnerability
  MITRE:28377  oval:org.mitre.oval:def:28377: Internet Explorer memory corruption vulnerability
  MITRE:27704  oval:org.mitre.oval:def:27704: Internet Explorer memory corruption vulnerability
  MITRE:28425  oval:org.mitre.oval:def:28425: Outlook Web App token spoofing vulnerability () - MS14-075
  MITRE:27446  oval:org.mitre.oval:def:27446: Excel invalid pointer remote code execution vulnerability
  MITRE:28415  oval:org.mitre.oval:def:28415: Exchange URL redirection vulnerability () - MS14-075
  MITRE:28430  oval:org.mitre.oval:def:28430: Internet Explorer memory corruption vulnerability
  MITRE:28349  oval:org.mitre.oval:def:28349: Internet Explorer memory corruption vulnerability
  MITRE:28392  oval:org.mitre.oval:def:28392: Internet Explorer memory corruption vulnerability
  MITRE:28172  oval:org.mitre.oval:def:28172: Internet Explorer XSS filter bypass vulnerability
  MITRE:28416  oval:org.mitre.oval:def:28416: Internet Explorer memory corruption vulnerability
  MITRE:27932  oval:org.mitre.oval:def:27932: Internet Explorer XSS filter bypass vulnerability
  MITRE:28299  oval:org.mitre.oval:def:28299: Invalid index remote code execution vulnerability
  MITRE:28291  oval:org.mitre.oval:def:28291: OWA XSS vulnerability () - MS14-075
  MITRE:28376  oval:org.mitre.oval:def:28376: Internet Explorer memory corruption vulnerability

2014-12-10  CVE-2014-4465  WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets (CSS) token sequences within an SVG file in the SRC attribute of...
  CVE-2014-4466  WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2014-4468  WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2014-4469  WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2014-4470  WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2014-4471  WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2014-4472  WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2014-4473  WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2014-4474  WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...
  CVE-2014-4475  WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a...

2014-12-08  MITRE:28273  oval:org.mitre.oval:def:28273: SUSE-SU-2014:1524-1 -- Security update for openssl
  MITRE:28443  oval:org.mitre.oval:def:28443: SUSE-SU-2014:1464-1 -- Security update for wget
  MITRE:28150  oval:org.mitre.oval:def:28150: SUSE-SU-2014:1510-1 -- Security update for MozillaFirefox and mozilla-nss
  MITRE:28112  oval:org.mitre.oval:def:28112: ELSA-2014-1919 -- firefox security update
  MITRE:27992  oval:org.mitre.oval:def:27992: RHSA-2014:1843 -- kernel security and bug fix update
  MITRE:28050  oval:org.mitre.oval:def:28050: ELSA-2014-1885 -- libxml2 security update
  MITRE:28186  oval:org.mitre.oval:def:28186: RHSA-2014:1824 -- php security update
  MITRE:27981  oval:org.mitre.oval:def:27981: SUSE-SU-2014:1259-1 -- bash
  MITRE:28393  oval:org.mitre.oval:def:28393: ELSA-2014-1870 -- libXfont security update
  MITRE:27895  oval:org.mitre.oval:def:27895: RHSA-2014:1846 -- gnutls security update
  MITRE:28142  oval:org.mitre.oval:def:28142: RHSA-2014:1911 -- ruby security update
  MITRE:28391  oval:org.mitre.oval:def:28391: ELSA-2014-1956 -- wpa_supplicant security update
  MITRE:28303  oval:org.mitre.oval:def:28303: ELSA-2014-1912 -- ruby security update
  MITRE:27461  oval:org.mitre.oval:def:27461: ELSA-2014-3093 -- bash security update
  MITRE:27990  oval:org.mitre.oval:def:27990: ELSA-2014-1959 -- kernel security and bug fix update
  MITRE:27600  oval:org.mitre.oval:def:27600: SUSE-SU-2014:1458-3 -- Security update for MozillaFirefox
  MITRE:27707  oval:org.mitre.oval:def:27707: RHSA-2014:1885 -- libxml2 security update
  MITRE:28090  oval:org.mitre.oval:def:28090: RHSA-2014:1724 -- kernel security and bug fix update
  MITRE:28254  oval:org.mitre.oval:def:28254: ELSA-2014-1924 -- thunderbird security update
  MITRE:28435  oval:org.mitre.oval:def:28435: RHSA-2014:1870 -- libXfont security update
  MITRE:28139  oval:org.mitre.oval:def:28139: RHSA-2014:1948 -- nss, nss-util, and nss-softokn security, bug fix, and enhancement update
  MITRE:27526  oval:org.mitre.oval:def:27526: SUSE-SU-2014:1360-1 -- Security update for flash-player
  MITRE:28389  oval:org.mitre.oval:def:28389: RHSA-2014:1859 -- mysql55-mysql security update
  MITRE:28194  oval:org.mitre.oval:def:28194: SUSE-SU-2014:1442-1 -- Security update for flash-player
  MITRE:27775  oval:org.mitre.oval:def:27775: ELSA-2014-1959-1 -- kernel security and bug fix update
  MITRE:27716  oval:org.mitre.oval:def:27716: RHSA-2014:1893 -- libXfont security update
  MITRE:28374  oval:org.mitre.oval:def:28374: RHSA-2014:1803 -- mod_auth_mellon security update
  MITRE:28459  oval:org.mitre.oval:def:28459: RHSA-2014:1924 -- thunderbird security update
  MITRE:28295  oval:org.mitre.oval:def:28295: RHSA-2014:1959 -- kernel security and bug fix update
  MITRE:27549  oval:org.mitre.oval:def:27549: ELSA-2014-3095 -- docker security and bug fix update
  MITRE:27507  oval:org.mitre.oval:def:27507: RHSA-2014:1956 -- wpa_supplicant security update
  MITRE:27935  oval:org.mitre.oval:def:27935: RHSA-2014:1912 -- ruby security update
  MITRE:28472  oval:org.mitre.oval:def:28472: SUSE-SU-2014:1544-1 -- Security update for LibreOffice
  MITRE:27610  oval:org.mitre.oval:def:27610: RHSA-2014:1861 -- mariadb security update
  MITRE:28461  oval:org.mitre.oval:def:28461: SUSE-SU-2014:1423-1 -- Security update for flash-player
  MITRE:27540  oval:org.mitre.oval:def:27540: SUSE-SU-2014:1511-1 -- Security update for python, python-base, python-doc
  MITRE:28369  oval:org.mitre.oval:def:28369: ELSA-2014-1859 -- mysql55-mysql security update
  MITRE:28326  oval:org.mitre.oval:def:28326: RHSA-2014:1768 -- php53 security update
  MITRE:28457  oval:org.mitre.oval:def:28457: SUSE-SU-2014:1387-1 -- Security update for OpenSSL
  MITRE:28378  oval:org.mitre.oval:def:28378: ELSA-2014-1873 -- libvirt security and bug fix update
  MITRE:28313  oval:org.mitre.oval:def:28313: RHSA-2014:1873 -- libvirt security and bug fix update
  MITRE:27830  oval:org.mitre.oval:def:27830: SUSE-SU-2014:1260-1 -- bash
  MITRE:28208  oval:org.mitre.oval:def:28208: RHSA-2014:1826 -- libvncserver security update
  MITRE:28315  oval:org.mitre.oval:def:28315: SUSE-SU-2014:1178-1 -- Update for update-test-security
  MITRE:28027  oval:org.mitre.oval:def:28027: ELSA-2014-1911 -- ruby security update
  MITRE:28277  oval:org.mitre.oval:def:28277: SUSE-SU-2014:1392-1 -- Security update for Java OpenJDK
  MITRE:28030  oval:org.mitre.oval:def:28030: RHSA-2014:1767 -- php security update
  MITRE:28432  oval:org.mitre.oval:def:28432: SUSE-SU-2014:1438-1 -- update for rsyslog
  MITRE:28250  oval:org.mitre.oval:def:28250: SUSE-SU-2014:1465-1 -- Security update for flash-player
  MITRE:28507  oval:org.mitre.oval:def:28507: SUSE-SU-2014:1408-1 -- Security update for wget
  MITRE:28039  oval:org.mitre.oval:def:28039: RHSA-2014:1827 -- kdenetwork security update
  MITRE:27983  oval:org.mitre.oval:def:27983: RHSA-2014:1919 -- firefox security update
  MITRE:28263  oval:org.mitre.oval:def:28263: ELSA-2014-3094 -- bash security update
  MITRE:28363  oval:org.mitre.oval:def:28363: SUSE-SU-2014:1494-1 -- Security update for libreoffice
  MITRE:28481  oval:org.mitre.oval:def:28481: SUSE-SU-2014:1512-1 -- Security update for compat-openssl098
  MITRE:27738  oval:org.mitre.oval:def:27738: ELSA-2014-1948 -- nss, nss-util, and nss-softokn security, bug fix, and enhancement update
  MITRE:28375  oval:org.mitre.oval:def:28375: RHSA-2014:1795 -- cups-filters security update
  MITRE:27477  oval:org.mitre.oval:def:27477: ELSA-2014-1861 -- mariadb security update
  MITRE:28252  oval:org.mitre.oval:def:28252: SUSE-SU-2014:1542-1 -- Security update for flash-player
  MITRE:28373  oval:org.mitre.oval:def:28373: ELSA-2014-3096 -- Unbreakable Enterprise kernel security update
  MITRE:28354  oval:org.mitre.oval:def:28354: RHSA-2014:1764 -- wget security update
  MITRE:28414  oval:org.mitre.oval:def:28414: ELSA-2014-1893 -- libXfont security update
  MITRE:27612  oval:org.mitre.oval:def:27612: RHSA-2014:1801 -- shim security update
  MITRE:28237  oval:org.mitre.oval:def:28237: ELSA-2014-3092 -- bash security update
  MITRE:28325  oval:org.mitre.oval:def:28325: SUSE-SU-2014:1422-1 -- Security update for java-1_7_0-openjdk

2014-11-25  CVE-2014-8004  Cisco IOS XR allows remote attackers to cause a denial of service (LISP process reload) by establishing many LISP TCP sessions, aka Bug ID CSCuq90378.
  CVE-2014-8005  Race condition in the lighttpd module in Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (process reload) by establishing many TCP sessions, aka Bug ID CSCuq45239.

2014-11-18  MITRE:28205  oval:org.mitre.oval:def:28205: Internet Explorer memory corruption vulnerability
  MITRE:28266  oval:org.mitre.oval:def:28266: Internet Explorer elevation of privilege vulnerability
  MITRE:27601  oval:org.mitre.oval:def:27601: Internet Explorer memory corruption vulnerability
  MITRE:28204  oval:org.mitre.oval:def:28204: Internet Explorer cross-domain information disclosure vulnerability
  MITRE:28334  oval:org.mitre.oval:def:28334: Internet Explorer Clipboard Information Disclosure Vulnerability
  MITRE:28358  oval:org.mitre.oval:def:28358: Internet Explorer memory corruption vulnerability
  MITRE:28290  oval:org.mitre.oval:def:28290: Internet Explorer cross-domain information disclosure vulnerability
  MITRE:28339  oval:org.mitre.oval:def:28339: Internet Explorer cross-domain information disclosure vulnerability.
  MITRE:27897  oval:org.mitre.oval:def:27897: Internet Explorer elevation of privilege vulnerability
  MITRE:27356  oval:org.mitre.oval:def:27356: Internet Explorer memory corruption vulnerability
  MITRE:27372  oval:org.mitre.oval:def:27372: Internet Explorer memory corruption vulnerability
  MITRE:28177  oval:org.mitre.oval:def:28177: Internet Explorer memory corruption vulnerability
  CVE-2014-4451  Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of guesses.
  CVE-2014-4452  WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2014-4453  Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via...
  CVE-2014-4455  dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file.
  CVE-2014-4457  The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted application that is run during a time...
  CVE-2014-4459  Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document.
  CVE-2014-4460  CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive...
  CVE-2014-4461  The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application.
  CVE-2014-4462  WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2014-4463  Apple iOS before 8.1.1 allows physically proximate attackers to bypass the lock-screen protection mechanism, and view or transmit a Photo Library photo, via the FaceTime "Leave a Message" feature.

2014-11-17  MITRE:28173  oval:org.mitre.oval:def:28173: Active Directory Federation Services information disclosure vulnerability
  CVE-2014-7992  The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, aka Bug ID CSCur14014.

2014-11-14  MITRE:28219  oval:org.mitre.oval:def:28219: ELSA-2014-1827 -- kdenetwork security update
  MITRE:28227  oval:org.mitre.oval:def:28227: ELSA-2014-3087 -- Unbreakable Enterprise kernel security update
  MITRE:27974  oval:org.mitre.oval:def:27974: ELSA-2014-3089 -- Unbreakable Enterprise kernel security update
  MITRE:28056  oval:org.mitre.oval:def:28056: TypeFilterLevel vulnerability
  MITRE:27794  oval:org.mitre.oval:def:27794: Microsoft schannel remote code execution vulnerability
  CVE-2014-7997  The DHCP implementation in Cisco IOS on Aironet access points does not properly handle error conditions with short leases and unsuccessful lease-renewal attempts, which allows remote attackers to cause a denial of service (device restart) by...
  CVE-2014-7998  Cisco IOS on Aironet access points, when "dot11 aaa authenticator" debugging is enabled, allows remote attackers to cause a denial of service via a malformed EAP packet, aka Bug ID CSCul15509.

2014-11-13  CVE-2014-7991  The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS...

2014-11-05  MITRE:27388  oval:org.mitre.oval:def:27388: ELSA-2013-2587 -- unbreakable enterprise kernel security update
  MITRE:26522  oval:org.mitre.oval:def:26522: ELSA-2014-3002 -- Unbreakable Enterprise kernel security and bug fix update
  MITRE:27236  oval:org.mitre.oval:def:27236: ELSA-2014-3084 -- Unbreakable Enterprise kernel Security update
  MITRE:27160  oval:org.mitre.oval:def:27160: ELSA-2014-0927 -- qemu-kvm security and bug fix update
  MITRE:28158  oval:org.mitre.oval:def:28158: ELSA-2011-2029 -- Unbreakable Enterprise kernel security update
  MITRE:27240  oval:org.mitre.oval:def:27240: ELSA-2010-2009 -- Oracle Linux 5 Unbreakable Enterprise kernel security fix update
  MITRE:27250  oval:org.mitre.oval:def:27250: ELSA-2014-3043 -- unbreakable enterprise kernel security update
  MITRE:27698  oval:org.mitre.oval:def:27698: ELSA-2012-2014 -- Unbreakable Enterprise kernel security update
  MITRE:27818  oval:org.mitre.oval:def:27818: ELSA-2012-0690-1 -- kernel security and bug fix update
  MITRE:27823  oval:org.mitre.oval:def:27823: ELSA-2012-0480-1 -- kernel security, bug fix, and enhancement update
  MITRE:27051  oval:org.mitre.oval:def:27051: ELSA-2013-0168-1 -- kernel security and bug fix update
  MITRE:27623  oval:org.mitre.oval:def:27623: ELSA-2013-0594-1 -- kernel security and bug fix update
  MITRE:26359  oval:org.mitre.oval:def:26359: ELSA-2014-3052 -- unbreakable enterprise kernel security update
  MITRE:26983  oval:org.mitre.oval:def:26983: ELSA-2012-2044 -- Unbreakable Enterprise kernel security update
  MITRE:27334  oval:org.mitre.oval:def:27334: ELSA-2013-0847-1 -- kernel security and bug fix update
  MITRE:26673  oval:org.mitre.oval:def:26673: ELSA-2013-1790-1 -- kernel security and bug fix update
  MITRE:27016  oval:org.mitre.oval:def:27016: ELSA-2014-1669 -- qemu-kvm security and bug fix update
  MITRE:27343  oval:org.mitre.oval:def:27343: ELSA-2013-2589 -- unbreakable enterprise kernel security update
  MITRE:26951  oval:org.mitre.oval:def:26951: ELSA-2014-3067 -- unbreakable enterprise kernel security update
  MITRE:27158  oval:org.mitre.oval:def:27158: ELSA-2014-3054 -- unbreakable enterprise kernel security update
  MITRE:27466  oval:org.mitre.oval:def:27466: ELSA-2013-2534 -- Unbreakable Enterprise kernel Security update
  MITRE:26800  oval:org.mitre.oval:def:26800: ELSA-2013-0621-1 -- kernel security update
  MITRE:27903  oval:org.mitre.oval:def:27903: ELSA-2011-2021 -- Oracle Linux 6 Unbreakable Enterprise kernel security fix update
  MITRE:28028  oval:org.mitre.oval:def:28028: ELSA-2010-2010 -- kernel security update
  MITRE:26901  oval:org.mitre.oval:def:26901: ELSA-2013-0747-1 -- kernel security and bug fix update
  MITRE:26519  oval:org.mitre.oval:def:26519: ELSA-2014-3081 -- Unbreakable Enterprise kernel security update
  MITRE:27194  oval:org.mitre.oval:def:27194: ELSA-2012-1061-1 -- kernel security and bug fix update
  MITRE:27916  oval:org.mitre.oval:def:27916: ELSA-2011-2037 -- Unbreakable Enterprise kernel security and bug fix update
  MITRE:26365  oval:org.mitre.oval:def:26365: ELSA-2014-3034 -- Unbreakable Enterprise kernel security update
  MITRE:27323  oval:org.mitre.oval:def:27323: ELSA-2014-0740-1 -- kernel security and bug fix update
  MITRE:27812  oval:org.mitre.oval:def:27812: ELSA-2012-1445-1 -- kernel security and bug fix update
  MITRE:26620  oval:org.mitre.oval:def:26620: ELSA-2014-3086 -- Unbreakable Enterprise kernel security update
  MITRE:27877  oval:org.mitre.oval:def:27877: ELSA-2012-0150-1 -- Oracle Linux 5.8 kernel security and bug update
  MITRE:27375  oval:org.mitre.oval:def:27375: ELSA-2012-1540-1 -- kernel security, bug fix, and enhancement update
  MITRE:27635  oval:org.mitre.oval:def:27635: ELSA-2012-0721-1 -- kernel security update
  MITRE:26880  oval:org.mitre.oval:def:26880: ELSA-2014-1075 -- qemu-kvm security and bug fix update
  MITRE:27247  oval:org.mitre.oval:def:27247: ELSA-2014-0704 -- qemu-kvm security and bug fix update
  MITRE:28157  oval:org.mitre.oval:def:28157: ELSA-2011-2025 -- Unbreakable Enterprise kernel security and bug fix update
  MITRE:27502  oval:org.mitre.oval:def:27502: ELSA-2013-2577 -- unbreakable enterprise kernel security update
  MITRE:28004  oval:org.mitre.oval:def:28004: ELSA-2011-2015 -- Oracle Linux 6 Unbreakable Enterprise kernel security fix update
  MITRE:27378  oval:org.mitre.oval:def:27378: ELSA-2013-2575 -- unbreakable enterprise kernel security update
  MITRE:27959  oval:org.mitre.oval:def:27959: ELSA-2011-2010 -- Oracle Linux 6 Unbreakable Enterprise kernel security fix update
  MITRE:27337  oval:org.mitre.oval:def:27337: ELSA-2014-0702 -- mariadb security update
  MITRE:27071  oval:org.mitre.oval:def:27071: ELSA-2012-2041 -- Unbreakable Enterprise kernel Security update
  MITRE:27255  oval:org.mitre.oval:def:27255: ELSA-2013-1348 -- Oracle linux 5 kernel update
  MITRE:27587  oval:org.mitre.oval:def:27587: ELSA-2010-2008 -- Unbreakable enterprise kernel security update
  MITRE:27550  oval:org.mitre.oval:def:27550: ELSA-2012-2020 -- Unbreakable Enterprise kernel security and bugfix update
  MITRE:27596  oval:org.mitre.oval:def:27596: ELSA-2012-2038 -- Unbreakable Enterprise kernel security and bug fix update
  MITRE:27266  oval:org.mitre.oval:def:27266: ELSA-2014-3070 -- Unbreakable Enterprise kernel security and bug fix update
  MITRE:26514  oval:org.mitre.oval:def:26514: ELSA-2014-3049 -- unbreakable enterprise kernel security update
  MITRE:27341  oval:org.mitre.oval:def:27341: ELSA-2014-3048 -- unbreakable enterprise kernel security update
  MITRE:27331  oval:org.mitre.oval:def:27331: ELSA-2014-0675 -- java-1.7.0-openjdk security update
  MITRE:27047  oval:org.mitre.oval:def:27047: ELSA-2013-2512 -- Unbreakable Enterprise kernel Security update
  MITRE:27318  oval:org.mitre.oval:def:27318: ELSA-2014-3021 -- Unbreakable Enterprise kernel security update
  MITRE:27347  oval:org.mitre.oval:def:27347: ELSA-2014-3016 -- Unbreakable Enterprise kernel security update
  MITRE:27351  oval:org.mitre.oval:def:27351: ELSA-2014-0921 -- httpd security update
  MITRE:26595  oval:org.mitre.oval:def:26595: ELSA-2014-0926-1 -- kernel security and bug fix update
  MITRE:27232  oval:org.mitre.oval:def:27232: ELSA-2014-0108-1 -- kernel security and bug fix update
  MITRE:26804  oval:org.mitre.oval:def:26804: ELSA-2014-1004 -- yum-updatesd security update
  MITRE:27278  oval:org.mitre.oval:def:27278: ELSA-2014-3011 -- Unbreakable Enterprise kernel security update
  MITRE:27338  oval:org.mitre.oval:def:27338: ELSA-2013-2583 -- Unbreakable Enterprise Kernel security update
  MITRE:27200  oval:org.mitre.oval:def:27200: ELSA-2014-3046 -- unbreakable enterprise kernel security update
  MITRE:27491  oval:org.mitre.oval:def:27491: ELSA-2013-1292-1 -- kernel security and bug fix update
  MITRE:27657  oval:org.mitre.oval:def:27657: ELSA-2013-2504 -- Unbreakable Enterprise kernel security update
  MITRE:27296  oval:org.mitre.oval:def:27296: ELSA-2014-0433-1 -- kernel security, bug fix, and enhancement update
  MITRE:27648  oval:org.mitre.oval:def:27648: ELSA-2012-2035 -- Unbreakable Enterprise kernel security update
  MITRE:27275  oval:org.mitre.oval:def:27275: ELSA-2014-0285-1 -- kernel security, bug fix, and enhancement update
  MITRE:27242  oval:org.mitre.oval:def:27242: ELSA-2014-3010 -- Unbreakable Enterprise kernel security update
  MITRE:28005  oval:org.mitre.oval:def:28005: ELSA-2011-2014 -- Oracle Linux 6 Unbreakable Enterprise kernel security fix update
  MITRE:27233  oval:org.mitre.oval:def:27233: ELSA-2014-1052 -- openssl security update
  MITRE:27215  oval:org.mitre.oval:def:27215: ELSA-2014-3069 -- unbreakable enterprise kernel security update
  MITRE:27622  oval:org.mitre.oval:def:27622: ELSA-2013-2520 -- Unbreakable Enterprise kernel security update
  MITRE:27358  oval:org.mitre.oval:def:27358: ELSA-2013-2585 -- Unbreakable Enterprise Kernel security update
  MITRE:26661  oval:org.mitre.oval:def:26661: ELSA-2013-1034-1 -- kernel security and bug fix update
  MITRE:27281  oval:org.mitre.oval:def:27281: ELSA-2013-1348-1 -- Oracle Linux 5 kernel update
  MITRE:26940  oval:org.mitre.oval:def:26940: ELSA-2014-0926 -- kernel security and bug fix update
  MITRE:27535  oval:org.mitre.oval:def:27535: ELSA-2012-1174-1 -- kernel security and bug fix update
  MITRE:27249  oval:org.mitre.oval:def:27249: ELSA-2012-2007 -- Unbreakable Enterprise kernel security and bug fix update
  MITRE:27518  oval:org.mitre.oval:def:27518: ELSA-2011-2019 -- Oracle Linux 6 Unbreakable Enterprise kernel security fix update
  MITRE:27842  oval:org.mitre.oval:def:27842: ELSA-2012-2001 -- Unbreakable Enterprise kernel security and bug fix update
  MITRE:27914  oval:org.mitre.oval:def:27914: ELSA-2012-2003 -- Unbreakable Enterprise kernel security and bug fix update
  MITRE:27793  oval:org.mitre.oval:def:27793: ELSA-2011-2016 -- Unbreakable Enterprise kernel security fix update
  MITRE:27342  oval:org.mitre.oval:def:27342: ELSA-2014-0907 -- java-1.6.0-openjdk security and bug fix update
  MITRE:26531  oval:org.mitre.oval:def:26531: ELSA-2014-0790 -- dovecot security update
  MITRE:27093  oval:org.mitre.oval:def:27093: ELSA-2014-3039 -- Unbreakable Enterprise kernel security update
  MITRE:26883  oval:org.mitre.oval:def:26883: ELSA-2014-3014 -- unbreakable enterprise kernel security update
  MITRE:27425  oval:org.mitre.oval:def:27425: ELSA-2013-1166-1 -- kernel security and bug fix update
  MITRE:27141  oval:org.mitre.oval:def:27141: ELSA-2014-0889 -- java-1.7.0-openjdk security update
  MITRE:27029  oval:org.mitre.oval:def:27029: ELSA-2014-0685 -- java-1.6.0-openjdk security update
  MITRE:27060  oval:org.mitre.oval:def:27060: ELSA-2014-0920 -- httpd security update
  MITRE:27629  oval:org.mitre.oval:def:27629: ELSA-2012-2048 -- Unbreakable Enterprise kernel security update
  MITRE:26512  oval:org.mitre.oval:def:26512: ELSA-2013-2542 -- unbreakable enterprise kernel security update
  MITRE:27352  oval:org.mitre.oval:def:27352: ELSA-2014-3041 -- unbreakable enterprise kernel security update
  MITRE:27316  oval:org.mitre.oval:def:27316: ELSA-2014-3037 -- Unbreakable Enterprise kernel security update
  MITRE:27433  oval:org.mitre.oval:def:27433: ELSA-2013-2537 -- unbreakable enterprise kernel security update
  MITRE:27092  oval:org.mitre.oval:def:27092: ELSA-2014-3023 -- Unbreakable Enterprise kernel security update
  MITRE:27227  oval:org.mitre.oval:def:27227: ELSA-2014-3083 -- Unbreakable Enterprise kernel Security update
  MITRE:26995  oval:org.mitre.oval:def:26995: ELSA-2014-0890 -- java-1.7.0-openjdk security update
  MITRE:27123  oval:org.mitre.oval:def:27123: ELSA-2014-0679 -- openssl security update
  MITRE:28038  oval:org.mitre.oval:def:28038: ELSA-2011-2024 -- Oracle Linux 6 Unbreakable Enterprise kernel security and bug fix update
  MITRE:27735  oval:org.mitre.oval:def:27735: ELSA-2012-2026 -- Unbreakable Enterprise kernel Security update
  MITRE:27381  oval:org.mitre.oval:def:27381: ELSA-2013-1449-1 -- kernel security and bug fix update
  MITRE:27688  oval:org.mitre.oval:def:27688: ELSA-2012-1323-1 -- kernel security and bug fix update
  MITRE:27955  oval:org.mitre.oval:def:27955: ELSA-2011-2038 -- Unbreakable Enterprise kernel security update
  MITRE:28092  oval:org.mitre.oval:def:28092: ELSA-2011-2033 -- Unbreakable Enterprise kernel security update
  MITRE:27702  oval:org.mitre.oval:def:27702: ELSA-2010-2011 -- Unbreakable enterprise kernel security and bug fix update

2014-10-31  CVE-2014-3366  SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089.
  CVE-2014-3372  Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90589.
  CVE-2014-3373  Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug...
  CVE-2014-3374  Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90582.
  CVE-2014-3375  Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90597.

2014-10-28  MITRE:27220  oval:org.mitre.oval:def:27220: RHSA-2013:1353 -- sudo security and bug fix update
  MITRE:27022  oval:org.mitre.oval:def:27022: RHSA-2014:1669 -- qemu-kvm security and bug fix update
  MITRE:27070  oval:org.mitre.oval:def:27070: RHSA-2013:0519 -- openssh security, bug fix and enhancement update

2014-10-25  CVE-2014-3409  The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (device reload) via malformed CFM packets, aka Bug ID CSCuq93406.

2014-10-22  CVE-2014-4448  House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.
  CVE-2014-4449  iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
  CVE-2014-4450  The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading...

2014-10-17  MITRE:26915  oval:org.mitre.oval:def:26915: RHSA-2014:1657: java-1.7.0-oracle security update
  MITRE:26927  oval:org.mitre.oval:def:26927: RHSA-2014:1507: trousers security, bug fix, and enhancement update
  MITRE:27085  oval:org.mitre.oval:def:27085: ELSA-2014-1552 -- openssh security, bug fix, and enhancement update
  MITRE:26805  oval:org.mitre.oval:def:26805: RHSA-2014:1552: openssh security, bug fix, and enhancement update
  MITRE:26605  oval:org.mitre.oval:def:26605: RHSA-2014:1391: glibc security, bug fix, and enhancement update
  MITRE:27086  oval:org.mitre.oval:def:27086: RHSA-2014:1392: kernel security, bug fix, and enhancement update
  MITRE:26917  oval:org.mitre.oval:def:26917: RHSA-2014:1389: krb5 security and bug fix update
  MITRE:26796  oval:org.mitre.oval:def:26796: ELSA-2014-1633 -- java-1.7.0-openjdk security and bug fix update
  MITRE:27084  oval:org.mitre.oval:def:27084: ELSA-2014-1652 -- openssl security update
  MITRE:26179  oval:org.mitre.oval:def:26179: ELSA-2014-1634 -- java-1.6.0-openjdk security and bug fix update
  MITRE:26390  oval:org.mitre.oval:def:26390: RHSA-2014:1390: luci security, bug fix, and enhancement update
  MITRE:26947  oval:org.mitre.oval:def:26947: RHSA-2014:1636: java-1.8.0-openjdk security update
  MITRE:27149  oval:org.mitre.oval:def:27149: RHSA-2014:1655: libxml2 security update
  MITRE:26570  oval:org.mitre.oval:def:26570: ELSA-2014-1388 -- cups security and bug fix update
  MITRE:26716  oval:org.mitre.oval:def:26716: ELSA-2014-1620 -- java-1.7.0-openjdk security and bug fix update
  MITRE:26767  oval:org.mitre.oval:def:26767: RHSA-2014:1654: rsyslog7 security update
  MITRE:27101  oval:org.mitre.oval:def:27101: RHSA-2014:1606: file security and bug fix update
  MITRE:27056  oval:org.mitre.oval:def:27056: RHSA-2014:1388: cups security and bug fix update
  MITRE:27068  oval:org.mitre.oval:def:27068: RHSA-2014:1658: java-1.6.0-sun security update
  MITRE:26759  oval:org.mitre.oval:def:26759: RHSA-2014:1436: X11 client libraries security, bug fix, and enhancement update
  MITRE:26757  oval:org.mitre.oval:def:26757: .NET Framework remote code execution vulnerability
  MITRE:26910  oval:org.mitre.oval:def:26910: .NET ClickOnce elevation of privilege vulnerability

2014-10-16  CVE-2014-3566  POODLE: SSLv3 vulnerability

2014-10-14  CVE-2014-6378  Juniper Junos 11.4 before R12-S4, 12.1X44 before D35, 12.1X45 before D30, 12.1X46 before D25, 12.1X47 before D10, 12.2 before R9, 12.2X50 before D70, 12.3 before R7, 13.1 before R4 before S3, 13.1X49 before D55, 13.1X50 before D30, 13.2 before R5,...
  CVE-2014-3825  The Juniper SRX Series devices with Junos 11.4 before 11.4R12-S4, 12.1X44 before 12.1X44-D40, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D25, and 12.1X47 before 12.1X47-D10, when an Application Layer Gateway (ALG) is enabled, allows remote...
  CVE-2014-3818  Juniper Junos OS 9.1 through 11.4 before 11.4R11, 12.1 before R10, 12.1X44 before D40, 12.1X46 before D30, 12.1X47 before D11 and 12.147-D15, 12.1X48 before D41 and D62, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4-S2, 13.1X49...
  CVE-2014-6379  Juniper Junos 11.4 before R12, 12.1 before R10, 12.1X44 before D35, 12.1X45 before D25, 12.1X46 before D20, 12.1X47 before D10, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4-S3, 13.1X49 before D55, 13.1X50 before D30, 13.2...
  CVE-2014-6380  Juniper Junos 11.4 before R11, 12.1 before R9, 12.1X44 before D30, 12.1X45 before D20, 12.1X46 before D15, 12.1X47 before D10, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4, 13.1X49 before D55, 13.1X50 before D30, 13.2 before...

2014-10-09  CVE-2014-3403  The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to spoof devices via crafted messages, aka Bug ID CSCuq22647.
  CVE-2014-3404  The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to trigger acceptance of an invalid message via crafted messages, aka Bug ID CSCuq22677.
  CVE-2014-3405  Cisco IOS XE enables the IPv6 Routing Protocol for Low-Power and Lossy Networks (aka RPL) on both the Autonomic Control Plane (ACP) and external Autonomic Networking Infrastructure (ANI) interfaces, which allows remote attackers to conduct...

2014-10-08  CVE-2014-3187  Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS does not properly restrict processing of (1) facetime:// and (2) facetime-audio:// URLs, which allows remote attackers to obtain video and audio data from a device...

2014-10-01  MITRE:26970  oval:org.mitre.oval:def:26970: ELSA-2014-1244 -- bind97 security and bug fix update
  MITRE:26644  oval:org.mitre.oval:def:26644: ELSA-2014-1147 -- squid security update
  MITRE:27050  oval:org.mitre.oval:def:27050: ELSA-2014-1166 -- jakarta-commons-httpclient security update
  MITRE:26806  oval:org.mitre.oval:def:26806: ELSA-2014-3072 -- Unbreakable Enterprise kernel security update
  MITRE:26892  oval:org.mitre.oval:def:26892: ELSA-2014-1148 -- squid security update
  MITRE:26189  oval:org.mitre.oval:def:26189: ELSA-2014-3073 -- Unbreakable Enterprise kernel security update

2014-09-29  MITRE:26919  oval:org.mitre.oval:def:26919: ELSA-2014-3018 -- Unbreakable Enterprise kernel security update

2014-09-26  MITRE:26777  oval:org.mitre.oval:def:26777: RHSA-2014:1245: krb5 security and bug fix update
  MITRE:26451  oval:org.mitre.oval:def:26451: RHSA-2014:1246: nss and nspr security, bug fix, and enhancement update
  MITRE:26718  oval:org.mitre.oval:def:26718: RHSA-2014:1255: krb5 security update
  MITRE:26030  oval:org.mitre.oval:def:26030: RHSA-2014:1244: bind97 security and bug fix update
  MITRE:26851  oval:org.mitre.oval:def:26851: RHSA-2014:1194: conga security and bug fix update
  MITRE:26641  oval:org.mitre.oval:def:26641: RHSA-2014:1243: automake security update

2014-09-25  CVE-2014-6271  Bash environment variables code injection
  CVE-2014-7169  Bash environment variables code injection
  CVE-2014-3354  Cisco IOS 12.0, 12.2, 12.4, 15.0, 15.1, 15.2, and 15.3 and IOS XE 2.x and 3.x before 3.7.4S; 3.2.xSE and 3.3.xSE before 3.3.2SE; 3.3.xSG and 3.4.xSG before 3.4.4SG; and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allow remote attackers to cause a...
  CVE-2014-3355  The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload) via...
  CVE-2014-3356  The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload) via...
  CVE-2014-3357  Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allow remote attackers to cause a denial of service (device reload) via malformed mDNS packets, aka Bug...
  CVE-2014-3358  Memory leak in Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allows remote attackers to cause a denial of service (memory consumption, and interface...
  CVE-2014-3359  Memory leak in Cisco IOS 15.1 through 15.4 and IOS XE 3.4.xS, 3.5.xS, 3.6.xS, and 3.7.xS before 3.7.6S; 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S; and 3.11.xS before 3.12S allows remote attackers to cause a denial of service (memory consumption or...
  CVE-2014-3360  Cisco IOS 12.4 and 15.0 through 15.4 and IOS XE 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, 3.5.xS, 3.6.xS, and 3.7.xS before 3.7.6S; 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S; and 3.11.xS before 3.12S allow remote attackers to cause a denial of service...
  CVE-2014-3361  The ALG module in Cisco IOS 15.0 through 15.4 does not properly implement SIP over NAT, which allows remote attackers to cause a denial of service (device reload) via multipart SDP IPv4 traffic, aka Bug ID CSCun54071.

2014-09-20  CVE-2014-3376  Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed RSVP packet, aka Bug ID CSCuq12031.
  CVE-2014-3377  snmpd in Cisco IOS XR 5.1 and earlier allows remote authenticated users to cause a denial of service (process reload) via a malformed SNMPv2 packet, aka Bug ID CSCun67791.
  CVE-2014-3378  tacacsd in Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed TACACS+ packet, aka Bug ID CSCum00468.

2014-09-18  CVE-2014-4352  Address Book in Apple iOS before 8 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID.
  CVE-2014-4353  Race condition in iMessage in Apple iOS before 8 allows attackers to obtain sensitive information by leveraging the presence of an attachment after the deletion of its parent (1) iMessage or (2) MMS.
  CVE-2014-4354  Apple iOS before 8 enables Bluetooth during all upgrade actions, which makes it easier for remote attackers to bypass intended access restrictions via a Bluetooth session.
  CVE-2014-4356  Apple iOS before 8 does not follow the intended configuration setting for text-message preview on the lock screen, which allows physically proximate attackers to obtain sensitive information by reading this screen.
  CVE-2014-4357  Accounts Framework in Apple iOS before 8 and Apple TV before 7 allows attackers to obtain sensitive information by reading log data that was not intended to be present in a log.
  CVE-2014-4361  The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API for app prominence, which allows attackers to determine the frontmost app by leveraging access to a crafted background app.
  CVE-2014-4362  The Sandbox Profiles implementation in Apple iOS before 8 does not properly restrict the third-party app sandbox profile, which allows attackers to obtain sensitive Apple ID information via a crafted app.
  CVE-2014-4363  Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web site with an unacceptable X.509...
  CVE-2014-4364  The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication from a crafted Wi-Fi AP and then...
  CVE-2014-4366  Mail in Apple iOS before 8 does not prevent sending a LOGIN command to a LOGINDISABLED IMAP server, which allows remote attackers to obtain sensitive cleartext information by sniffing the network.
  CVE-2014-4367  Apple iOS before 8 enables Voice Dial during all upgrade actions, which makes it easier for physically proximate attackers to launch unintended calls by speaking a telephone number.
  CVE-2014-4368  The Accessibility subsystem in Apple iOS before 8 allows attackers to interfere with screen locking via vectors related to AssistiveTouch events.
  CVE-2014-4369  The IOAcceleratorFamily API implementation in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via an application that uses crafted arguments.
  CVE-2014-4371  The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted...
  CVE-2014-4372  syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV before 7 allows local users to change the permissions of arbitrary files via a symlink attack on an unspecified file.
  CVE-2014-4373  The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted application.
  CVE-2014-4374  NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
  CVE-2014-4375  Double free vulnerability in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (device crash) via vectors related to Mach ports.
  CVE-2014-4377  Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
  CVE-2014-4378  CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted PDF document.
  CVE-2014-4379  An unspecified IOHIDFamily function in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking to prevent reading of kernel pointers, which allows attackers to bypass the ASLR protection mechanism via a crafted application.
  CVE-2014-4380  The IOHIDFamily kernel extension in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code in the kernel's context via a crafted application.
  CVE-2014-4381  Libnotify in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code as root via a crafted application.
  CVE-2014-4383  The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers to spoof a device's update status via a crafted Last-Modified HTTP response header.
  CVE-2014-4384  Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle.
  CVE-2014-4386  Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access.
  CVE-2014-4388  IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in...
  CVE-2014-4389  Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted API arguments.
  CVE-2014-4404  Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties.
  CVE-2014-4405  IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted key-mapping...
  CVE-2014-4407  IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafted IOKit function calls.
  CVE-2014-4408  The rt_setgate function in the kernel in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (out-of-bounds read and device crash) via a crafted call.
  CVE-2014-4409  WebKit in Apple iOS before 8 makes it easier for remote attackers to track users during private browsing via a crafted web site that reads HTML5 application-cache data that had been stored during normal browsing.
  CVE-2014-4410  WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2014-4411  WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2014-4412  WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2014-4413  WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2014-4414  WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2014-4415  WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  CVE-2014-4418  IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in...
  CVE-2014-4419  The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted...
  CVE-2014-4420  The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted...
  CVE-2014-4421  The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted...
  CVE-2014-4422  The kernel in Apple iOS before 8 and Apple TV before 7 uses a predictable random number generator during the early portion of the boot process, which allows attackers to bypass certain kernel-hardening protection mechanisms by using...
  CVE-2014-4423  The Accounts subsystem in Apple iOS before 8 allows attackers to bypass a sandbox protection mechanism and obtain an active iCloud account's Apple ID and metadata via a crafted application.

2014-09-17  MITRE:26312  oval:org.mitre.oval:def:26312: Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows allow attackers to execute arbitrary code or cause a denial of service
  MITRE:26668  oval:org.mitre.oval:def:26668: Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows allows allow attackers to bypass intended access restrictions
  MITRE:26551  oval:org.mitre.oval:def:26551: Use-after-free vulnerability in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows allows attackers to execute arbitrary code via unspecified vectors
  MITRE:26807  oval:org.mitre.oval:def:26807: Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows allow remote attackers to bypass the Same Origin Policy
  MITRE:26708  oval:org.mitre.oval:def:26708: Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows allow attackers to execute arbitrary code or cause a denial of service
  MITRE:26301  oval:org.mitre.oval:def:26301: Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows allow attackers to execute arbitrary code or cause a denial of service
  MITRE:26813  oval:org.mitre.oval:def:26813: Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows allows allow attackers to bypass intended access restrictions
  MITRE:26758  oval:org.mitre.oval:def:26758: Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection...
  MITRE:26434  oval:org.mitre.oval:def:26434: Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows allow attackers to execute arbitrary code or cause a denial of service
  MITRE:26616  oval:org.mitre.oval:def:26616: Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows allows attackers to execute arbitrary code
  MITRE:26603  oval:org.mitre.oval:def:26603: Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows allows allow attackers to bypass intended access restrictions
  MITRE:26818  oval:org.mitre.oval:def:26818: Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows, Adobe AIR before 15.0.0.249 on Windows allow attackers to execute arbitrary code or cause a denial of service

2014-09-12  MITRE:26601  oval:org.mitre.oval:def:26601: .NET framework denial of service vulnerability

2014-09-11  CVE-2014-3342  The CLI in Cisco IOS XR allows remote authenticated users to obtain sensitive information via unspecified commands, aka Bug IDs CSCuq42336, CSCuq76853, CSCuq76873, and CSCuq45383.
  CVE-2014-3363  Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq68443.

2014-09-10  CVE-2014-3343  Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (DHCPv6 daemon crash) via a malformed DHCPv6 packet, aka Bug ID CSCuo59052.

2014-09-04  CVE-2014-3353  Cisco IOS XR 4.3(.2) and earlier, as used in Cisco Carrier Routing System (CRS), allows remote attackers to cause a denial of service (CPU consumption and IPv6 packet drops) via a malformed IPv6 packet, aka Bug ID CSCuo95165.

2014-09-03  MITRE:25633  oval:org.mitre.oval:def:25633: Arbitrary code executing via unknown vectors.
  MITRE:26532  oval:org.mitre.oval:def:26532: Heap-based buffer overflow in KMPlayer 3.0.0.1441
  MITRE:26378  oval:org.mitre.oval:def:26378: Unspecified vulnerability allows remote attackers to bypass Protected Mode

2014-08-29  MITRE:26362  oval:org.mitre.oval:def:26362: Apache Subversion vulnerability Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials
  MITRE:25808  oval:org.mitre.oval:def:25808: Apache Subversion vulnerability 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate

2014-08-19  MITRE:26275  oval:org.mitre.oval:def:26275: CSyncBasePlayer use after free vulnerability

2014-08-18  MITRE:26154  oval:org.mitre.oval:def:26154: Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows, Adobe AIR before 14.0.0.178 on Windows do not properly restrict discovery of memory addresses
  MITRE:25856  oval:org.mitre.oval:def:25856: Use-after-free vulnerability in Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows, Adobe AIR before 14.0.0.178 on Windows allows attackers to execute arbitrary code
  MITRE:26134  oval:org.mitre.oval:def:26134: Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows, Adobe AIR before 14.0.0.178 on Windows do not properly restrict discovery of memory addresses
  MITRE:26161  oval:org.mitre.oval:def:26161: Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows, Adobe AIR before 14.0.0.178 on Windows do not properly restrict discovery of memory addresses
  MITRE:26337  oval:org.mitre.oval:def:26337: Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows, Adobe AIR before 14.0.0.178 on Windows do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism
  MITRE:26316  oval:org.mitre.oval:def:26316: Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows, Adobe AIR before 14.0.0.178 on Windows do not properly restrict discovery of memory addresses

2014-08-12  CVE-2014-3338  The CTIManager module in Cisco Unified Communications Manager (CM) 10.0(1), when single sign-on is enabled, does not properly validate Kerberos SSO tokens, which allows remote authenticated users to gain privileges and execute arbitrary commands via...

2014-08-11  CVE-2014-3327  The EnergyWise module in Cisco IOS 12.2, 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.2.xXO, 3.3.xSG, 3.4.xSG, and 3.5.xE before 3.5.3E allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 packet, aka Bug ID CSCup52101.
  CVE-2014-3332  Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an incorrect CLI restrictions setting, which allows remote authenticated users to establish undetected concurrent logins via unspecified vectors, aka Bug ID CSCup98029.

2014-08-06  MITRE:26284  oval:org.mitre.oval:def:26284: SUSE-SU-2014:0905-1 -- Security update for Mozilla Firefox

2014-08-05  MITRE:26186  oval:org.mitre.oval:def:26186: RHSA-2014:1004: yum-updatesd security update
  MITRE:26244  oval:org.mitre.oval:def:26244: RHSA-2013-1605: glibc security, bug fix, and enhancement update
  MITRE:26218  oval:org.mitre.oval:def:26218: RHSA-2012:0884: openssh security, bug fix, and enhancement update

2014-07-28  MITRE:24828  oval:org.mitre.oval:def:24828: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity
  MITRE:25091  oval:org.mitre.oval:def:25091: RHSA-2014:0927: qemu-kvm security and bug fix update
  MITRE:25160  oval:org.mitre.oval:def:25160: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability
  MITRE:25273  oval:org.mitre.oval:def:25273: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality
  MITRE:24806  oval:org.mitre.oval:def:24806: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability
  MITRE:25066  oval:org.mitre.oval:def:25066: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity
  MITRE:25224  oval:org.mitre.oval:def:25224: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity
  MITRE:25136  oval:org.mitre.oval:def:25136: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity
  MITRE:24827  oval:org.mitre.oval:def:24827: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality

2014-07-15  MITRE:26212  oval:org.mitre.oval:def:26212: SUSE-SU-2013:0471-1 -- Security update for Mozilla Firefox
  MITRE:25815  oval:org.mitre.oval:def:25815: SUSE-SU-2013:0306-1 -- Security update for Mozilla Firefox
  MITRE:25349  oval:org.mitre.oval:def:25349: SUSE-SU-2014:0727-1 -- Security update for Mozilla Firefox
  MITRE:25341  oval:org.mitre.oval:def:25341: SUSE-SU-2014:0665-2 -- Security update for Mozilla Firefox
  MITRE:25898  oval:org.mitre.oval:def:25898: SUSE-RU-2013:0703-2 -- Recommended update for ksh
  MITRE:25231  oval:org.mitre.oval:def:25231: SUSE-RU-2013:0634-1 -- Recommended update for Xorg
  MITRE:25916  oval:org.mitre.oval:def:25916: SUSE-SU-2013:1183-1 -- Security update for xorg-x11

2014-07-14  CVE-2014-3317  Directory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager 10.0(1) allows remote authenticated users to delete arbitrary files via a crafted URL, aka Bug ID CSCup76314.
  CVE-2014-3319  Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10.0(1) allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup57676.

2014-07-11  MITRE:24871  oval:org.mitre.oval:def:24871: Windows journal remote code execution vulnerability
  CVE-2014-3815  Juniper Junos 12.1X46 before 12.1X46-D20 and 12.1X47 before 12.1X47-D10 on SRX Series devices allows remote attackers to cause a denial of service (flowd crash) via a crafted SIP packet.
  CVE-2014-3816  Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R11, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R8-S2, 12.3 before 12.3R7, 13.1 before 13.1R4-S2, 13.2 before...
  CVE-2014-3817  Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D32, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 on SRX Series devices, when NAT protocol translation from IPv4 to IPv6 is enabled, allows remote...
  CVE-2014-3819  Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R10, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R8, 12.3 before 12.3R7, 13.1 before 13.1R4, 13.2 before 13.2R4,...
  CVE-2014-3821  Cross-site scripting (XSS) vulnerability in SRX Web Authentication (webauth) in Juniper Junos 11.4 before 11.4R11, 12.1X44 before 12.1X44-D34, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 allows remote...
  CVE-2014-3822  Juniper Junos 11.4 before 11.4R8, 12.1 before 12.1R5, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.1X46 before 12.1X46-D10, and 12.1X47 before 12.1X47-D10 on SRX Series devices, allows remote attackers to cause a denial of service...

2014-07-10  CVE-2014-3315  Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka...
  CVE-2014-3316  The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297.
  CVE-2014-3318  Directory traversal vulnerability in dna/viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup76318.

2014-07-09  MITRE:24783  oval:org.mitre.oval:def:24783: Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK and Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via unspecified vectors
  MITRE:24931  oval:org.mitre.oval:def:24931: Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK and Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via unspecified vectors
  MITRE:25191  oval:org.mitre.oval:def:25191: Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK and Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via unspecified vectors
  CVE-2014-3309  The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a "deny all" configuration, which allows remote attackers to bypass intended restrictions on time synchronization via a standard query, aka...

2014-07-02  CVE-2014-3100  Stack-based buffer overflow in the encode_key function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key information or bypass intended...

2014-07-01  CVE-2014-1325  WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
  CVE-2014-1345  WebKit in Apple iOS before 7.1.2 and Apple Safari before 6.1.5 and 7.x before 7.0.5 does not properly encode domain names in URLs, which allows remote attackers to spoof the address bar via a crafted web site.
  CVE-2014-1348  Mail in Apple iOS before 7.1.2 advertises the availability of data protection for attachments but stores cleartext attachments under mobile/Library/Mail/, which makes it easier for physically proximate attackers to obtain sensitive...
  CVE-2014-1349  Use-after-free vulnerability in Safari in Apple iOS before 7.1.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an invalid URL.
  CVE-2014-1350  Settings in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended iCloud password requirement, and turn off the Find My iPhone service, by leveraging incorrect state management.
  CVE-2014-1351  Siri in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended lock-screen passcode requirement, and read a contact list, via a Siri request that refers to a contact ambiguously.
  CVE-2014-1352  Lock Screen in Apple iOS before 7.1.2 does not properly enforce the limit on failed passcode attempts, which makes it easier for physically proximate attackers to conduct brute-force passcode-guessing attacks via unspecified vectors.
  CVE-2014-1353  Lock Screen in Apple iOS before 7.1.2 does not properly manage the telephony state in Airplane Mode, which allows physically proximate attackers to bypass the lock protection mechanism, and access a certain foreground application,...
  CVE-2014-1354  CoreGraphics in Apple iOS before 7.1.2 does not properly restrict allocation of stack memory for processing of XBM images, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via...
  CVE-2014-1355  The IOKit implementation in the kernel in Apple iOS before 7.1.2 and Apple TV before 6.1.2, and in IOReporting in Apple OS X before 10.9.4, allows local users to cause a denial of service (NULL pointer dereference and reboot) via...
  CVE-2014-1356  Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that sends IPC messages.
  CVE-2014-1357  Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that generates log messages.
  CVE-2014-1358  Integer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application.
  CVE-2014-1359  Integer underflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application.
  CVE-2014-1360  Lockdown in Apple iOS before 7.1.2 does not properly verify data from activation servers, which makes it easier for physically proximate attackers to bypass the Activation Lock protection mechanism via unspecified vectors.
  CVE-2014-1361  Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 does not ensure that a DTLS message is accepted only for a DTLS connection, which allows remote attackers to obtain potentially sensitive...
  CVE-2014-1362  WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
  CVE-2014-1363  WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
  CVE-2014-1364  WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
  CVE-2014-1365  WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
  CVE-2014-1366  WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
  CVE-2014-1367  WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
  CVE-2014-1368  WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
  CVE-2014-1382  WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...

2014-06-25  CVE-2014-3299  Cisco IOS allows remote authenticated users to cause a denial of service (device reload) via malformed IPsec packets, aka Bug ID CSCui79745.

2014-06-16  MITRE:24929  oval:org.mitre.oval:def:24929: Unspecified vulnerability in Adobe Flash Player 9.0.48.0 and earlier might allow remote attackers to execute arbitrary code via unknown vectors, related to "input validation errors."
  MITRE:24682  oval:org.mitre.oval:def:24682: Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player allow remote attackers to inject arbitrary web script or HTML via a crafted SWF file
  MITRE:24909  oval:org.mitre.oval:def:24909: Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct...
  MITRE:24621  oval:org.mitre.oval:def:24621: Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks.
  MITRE:24920  oval:org.mitre.oval:def:24920: Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet
  MITRE:24854  oval:org.mitre.oval:def:24854: ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts...
  MITRE:24545  oval:org.mitre.oval:def:24545: Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or...

2014-06-14  CVE-2014-3290  The mDNS implementation in Cisco IOS XE 3.12S does not properly interact with autonomic networking, which allows remote attackers to obtain sensitive networking-services information by sniffing the network or overwrite networking-services data via a...
  CVE-2014-3295  The HSRP implementation in Cisco NX-OS 6.2(2a) and earlier allows remote attackers to bypass authentication and cause a denial of service (group-member state modification and traffic blackholing) via malformed HSRP packets, aka Bug ID CSCup11309.

2014-06-13  CVE-2014-3813  Unspecified vulnerability in the Juniper Networks NetScreen Firewall products with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via vectors...
  CVE-2014-3814  The Juniper Networks NetScreen Firewall devices with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via a sequence of malformed packets to the...

2014-06-10  CVE-2014-3287  SQL injection vulnerability in BulkViewFileContentsAction.java in the Java interface in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to execute arbitrary SQL commands via crafted filename parameters in a URL,...
  CVE-2014-3292  The Real Time Monitoring Tool (RTMT) implementation in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to (1) read or (2) delete arbitrary files via a crafted URL, aka Bug IDs CSCuo17302 and CSCuo17199.

2014-06-08  CVE-2014-3291  Cisco Wireless LAN Controller (WLC) devices allow remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a zero value in Cisco Discovery Protocol packet data that is not properly handled during SNMP polling,...

2014-05-26  MITRE:24567  oval:org.mitre.oval:def:24567: SharePoint Page Content Vulnerabilities () - MS14-022

2014-05-25  CVE-2013-1191  Cisco NX-OS 6.1 before 6.1(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via crafted SSH key data in an SSH session to a management...
  CVE-2014-2200  Cisco NX-OS 5.0 before 5.0(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via an SSH session to a management interface, aka Bug ID...
  CVE-2014-3284  Cisco IOS XE on ASR1000 devices, when PPPoE termination is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed PPPoE packet, aka Bug ID CSCuo55180.

2014-05-20  CVE-2013-6975  Directory traversal vulnerability in the command-line interface in Cisco NX-OS 6.2(2a) and earlier allows local users to read arbitrary files via unspecified input, aka Bug ID CSCul05217.
  CVE-2014-3269  The SNMP module in Cisco IOS XE 3.5E allows remote authenticated users to cause a denial of service (device reload) by polling frequently, aka Bug ID CSCug65204.
  CVE-2014-3270  The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (process hang) via a malformed packet, aka Bug ID CSCul80924.
  CVE-2014-3271  The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug IDs CSCum85558, CSCum20949, CSCul61849, and CSCul71149.
  CVE-2014-3273  The LLDP implementation in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a malformed packet, aka Bug ID CSCum96282.

2014-05-16  CVE-2014-3262  The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.3(3)S and earlier and IOS XE does not properly validate parameters in ITR control messages, which allows remote attackers to cause a denial of service (CEF outage and packet...
  CVE-2014-3263  The ScanSafe module in Cisco IOS 15.3(3)M allows remote attackers to cause a denial of service (device reload) via HTTPS packets that require tower processing, aka Bug ID CSCum97038.

2014-05-15  MITRE:24420  oval:org.mitre.oval:def:24420: Adobe Flash Player before 13.0.0.214 on Windows, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK and Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions
  MITRE:24298  oval:org.mitre.oval:def:24298: Heap-based buffer overflow in Adobe Flash Player 12.0.0.77 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism
  MITRE:24319  oval:org.mitre.oval:def:24319: Adobe Flash Player before 13.0.0.214 on Windows, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK and Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions
  MITRE:24605  oval:org.mitre.oval:def:24605: Adobe Flash Player before 13.0.0.214 on Windows, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK and Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions
  MITRE:24595  oval:org.mitre.oval:def:24595: Adobe Flash Player before 13.0.0.214 on Windows, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK and Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions
  MITRE:24644  oval:org.mitre.oval:def:24644: Adobe Flash Player before 13.0.0.214 on Windows, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK and Compiler before 13.0.0.111 allow remote attackers to bypass the Same Origin Policy

2014-05-13  CVE-2010-4832  Android OS before 2.2 does not display the correct SSL certificate in certain cases, which might allow remote attackers to spoof trusted web sites via a web page containing references to external sources in which (1) the certificate...

2014-05-07  CVE-2014-0684  Cisco NX-OS 6.2(2) on Nexus 7000 switches allows local users to cause a denial of service via crafted sed input, aka Bug ID CSCui56136.

2014-04-30  MITRE:24683  oval:org.mitre.oval:def:24683: Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in April 2014.

2014-04-29  CVE-2013-7373  Android before 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging use of the PRNG within multiple applications.
  CVE-2014-2183  The L2TP module in Cisco IOS XE 3.10S(.2) and earlier on ASR 1000 routers allows remote authenticated users to cause a denial of service (ESP card reload) via a malformed L2TP packet, aka Bug ID CSCun09973.
  CVE-2014-2184  The IP Manager Assistant (IPMA) component in Cisco Unified Communications Manager (Unified CM) allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCun74352.
  CVE-2014-2185  The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374.

2014-04-24  CVE-2012-3946  Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the...
  CVE-2012-5723  Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

2014-04-23  CVE-2012-0360  Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.
  CVE-2012-1317  The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.
  CVE-2012-1366  Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.
  CVE-2012-3062  Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID...
  CVE-2012-4638  Cisco IOS before 15.1(1)SY allows local users to cause a denial of service (device reload) by establishing an outbound SSH session, aka Bug ID CSCto00318.
  CVE-2012-4651  Cisco IOS before 15.3(2)T, when scansafe is enabled, allows remote attackers to cause a denial of service (latency) via SYN packets that are not accompanied by SYN-ACK packets from the Scan Safe Tower, aka Bug ID CSCub85451.
  CVE-2012-4658  The ios-authproxy implementation in Cisco IOS before 15.1(1)SY3 allows remote attackers to cause a denial of service (webauth and HTTP service outage) via vectors that trigger incorrectly terminated HTTP sessions, aka Bug ID CSCtz99447.
  CVE-2012-5014  Cisco IOS before 15.1(2)SY allows remote authenticated users to cause a denial of service (device crash) by establishing an SSH session from a client and then placing this client into a (1) slow or (2) idle state, aka Bug ID CSCto87436.
  CVE-2012-5017  Cisco IOS before 15.1(1)SY1 allows remote authenticated users to cause a denial of service (device reload) by establishing a VPN session and then sending malformed IKEv2 packets, aka Bug ID CSCub39268.
  CVE-2012-5032  The Flex-VPN load-balancing feature in the ipsec-ikev2 implementation in Cisco IOS before 15.1(1)SY3 does not require authentication, which allows remote attackers to trigger the forwarding of VPN traffic to an attacker-controlled destination, or...
  CVE-2012-5036  Cisco IOS before 12.2(50)SY1 allows remote authenticated users to cause a denial of service (memory consumption) via a sequence of VTY management sessions (aka exec sessions), aka Bug ID CSCtn43662.
  CVE-2012-5037  The ACL implementation in Cisco IOS before 15.1(1)SY on Catalyst 6500 and 7600 devices allows local users to cause a denial of service (device reload) via a "no object-group" command followed by an object-group command, aka Bug ID CSCts16133.
  CVE-2012-5039  The BGP Router process in Cisco IOS before 12.2(50)SY1 allows remote attackers to cause a denial of service (memory consumption) via vectors involving BGP path attributes, aka Bug ID CSCsw63003.
  CVE-2012-5044  Cisco IOS before 15.3(1)T, when media flow-around is not used, allows remote attackers to cause a denial of service (media loops and stack memory corruption) via VoIP traffic, aka Bug ID CSCub45809.
  CVE-2012-5427  Cisco IOS Unified Border Element (CUBE) in Cisco IOS before 15.3(2)T allows remote authenticated users to cause a denial of service (input queue wedge) via a crafted series of RTCP packets, aka Bug ID CSCuc42518.
  CVE-2014-1295  Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation,...
  CVE-2014-1296  CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass...
  CVE-2014-1320  IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel pointers into an object data structure, which makes it easier for local users to bypass the ASLR protection mechanism by reading...

2014-04-21  MITRE:24510  oval:org.mitre.oval:def:24510: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound
  MITRE:24520  oval:org.mitre.oval:def:24520: Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries
  MITRE:24709  oval:org.mitre.oval:def:24709: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; allows remote attackers to affect confidentiality and integrity via vectors related to JNDI
  MITRE:24672  oval:org.mitre.oval:def:24672: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D
  MITRE:24523  oval:org.mitre.oval:def:24523: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT
  MITRE:24676  oval:org.mitre.oval:def:24676: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT
  MITRE:24441  oval:org.mitre.oval:def:24441: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security
  MITRE:24502  oval:org.mitre.oval:def:24502: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries
  MITRE:24712  oval:org.mitre.oval:def:24712: Vulnerability in Java SE 5.0u61, Java SE 6u71, Java SE 7u51, Java SE 8 allows successful unauthenticated network attacks via multiple protocols
  MITRE:23723  oval:org.mitre.oval:def:23723: The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 does not securely create temporary files when a log file cannot be opened,...

2014-04-15  CVE-2014-2842  Juniper ScreenOS 6.3 and earlier allows remote attackers to cause a denial of service (crash and restart or failover) via a malformed SSL/TLS packet.

2014-04-14  CVE-2014-0612  Unspecified vulnerability in Juniper Junos before 11.4R10-S1, before 11.4R11, 12.1X44 before 12.1X44-D26, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, and 12.1X46 before 12.1X46-D10, when Dynamic IPsec VPN is configured, allows remote...
  CVE-2014-0614  Juniper Junos 13.2 before 13.2R3 and 13.3 before 13.3R1, when PIM is enabled, allows remote attackers to cause a denial of service (kernel panic and crash) via a large number of crafted IGMP packets.
  CVE-2014-2711  Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 11.4R11, 11.4X27 before 11.4X27.62 (BBE), 12.1 before 12.1R9, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.2 before 12.2R7, 12.3...
  CVE-2014-2712  Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 10.0S25, 10.4 before 10.4R10, 11.4 before 11.4R11, 12.1 before 12.1R9, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, and 12.2 before...
  CVE-2014-2713  Juniper Junos before 11.4R11, 12.1 before 12.1R9, 12.2 before 12.2R7, 12.3R4 before 12.3R4-S3, 13.1 before 13.1R4, 13.2 before 13.2R2, and 13.3 before 13.3R1, as used in MX Series and T4000 routers, allows remote attackers to cause a denial of...
  CVE-2014-2714  The Enhanced Web Filtering (EWF) in Juniper Junos before 10.4R15, 11.4 before 11.4R9, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D10, and 12.1X46 before 12.1X46-D10, as used in the SRX Series services gateways, allows...

2014-04-11  MITRE:24439  oval:org.mitre.oval:def:24439: RHSA-2014:0380: flash-plugin security update
  MITRE:24718  oval:org.mitre.oval:def:24718: RHSA-2014:0376: openssl security update
  MITRE:24563  oval:org.mitre.oval:def:24563: Vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows
  MITRE:24613  oval:org.mitre.oval:def:24613: Buffer overflow vulnerability in Adobe Flash Player which less then 12.0.0.77 and less then 11.7.700.275 and Adobe AIR before 13.0.0.83
  MITRE:24659  oval:org.mitre.oval:def:24659: Cross-site scripting
  MITRE:24062  oval:org.mitre.oval:def:24062: Vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows
  MITRE:24368  oval:org.mitre.oval:def:24368: Cross-site scripting vulnerability in Adobe Flash Player which less then 12.0.0.77 and less then 11.7.700.275 and Adobe AIR before 13.0.0.83
  MITRE:24066  oval:org.mitre.oval:def:24066: Vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows
  MITRE:24561  oval:org.mitre.oval:def:24561: Vulnerability in Adobe Flash Player which less then 12.0.0.77 and less then 11.7.700.275 and Adobe AIR before 13.0.0.83
  MITRE:24029  oval:org.mitre.oval:def:24029: Cross-site scripting
  MITRE:24795  oval:org.mitre.oval:def:24795: Cross-site scripting
  MITRE:24657  oval:org.mitre.oval:def:24657: Use-after-free vulnerability in Adobe Flash Player which less then 12.0.0.77 and less then 11.7.700.275 and Adobe AIR before 13.0.0.83

2014-04-10  CVE-2014-0160  openSSL Vulnerability: Heartbleed
  REF000672  openSSL Vulnerability: Heartbleed - unix

2014-04-07  MITRE:24283  oval:org.mitre.oval:def:24283: Apache HTTP vulnerability before 2.2.27 or before 2.4.8 in VisualSVN Server
  MITRE:24101  oval:org.mitre.oval:def:24101: Apache HTTP vulnerability before 2.2.27 or before 2.4.8 in VisualSVN Server

2014-04-05  CVE-2014-2144  Cisco IOS XR does not properly throttle ICMPv6 redirect packets, which allows remote attackers to cause a denial of service (IPv4 and IPv6 transit outage) via crafted redirect messages, aka Bug ID CSCum14266.

2014-04-04  CVE-2014-2143  The IKE implementation in Cisco IOS 15.4(1)T and earlier and IOS XE allows remote attackers to cause a denial of service (security-association drop) via crafted Main Mode packets, aka Bug ID CSCun31021.

2014-03-31  CVE-2013-6770  The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows attackers to gain privileges by...

2014-03-28  CVE-2014-2131  The packet driver in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a series of (1) Virtual Switching Systems (VSS) or (2) Bidirectional Forwarding Detection (BFD) packets, aka Bug IDs CSCug41049 and CSCue61890.

2014-03-27  MITRE:24405  oval:org.mitre.oval:def:24405: Vulnerability in the TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products
  MITRE:24141  oval:org.mitre.oval:def:24141: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and...
  CVE-2014-2106  Cisco IOS 15.3M before 15.3(3)M2 and IOS XE 3.10.xS before 3.10.2S allow remote attackers to cause a denial of service (device reload) via crafted SIP messages, aka Bug ID CSCug45898.
  CVE-2014-2107  Cisco IOS 12.2 and 15.0 through 15.3, when used with the Kailash FPGA before 2.6 on RSP720-3C-10GE and RSP720-3CXL-10GE devices, allows remote attackers to cause a denial of service (route switch processor outage) via crafted IP packets, aka Bug ID...
  CVE-2014-2108  Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.2 through 3.7 before 3.7.5S and 3.8 through 3.10 before 3.10.1S allow remote attackers to cause a denial of service (device reload) via a malformed IKEv2 packet, aka Bug ID CSCui88426.
  CVE-2014-2109  The TCP Input module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted TCP packets, aka Bug IDs CSCuh33843 and CSCuj41494.
  CVE-2014-2111  The Application Layer Gateway (ALG) module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted DNS packets, aka Bug ID CSCue00996.
  CVE-2014-2112  The SSL VPN (aka WebVPN) feature in Cisco IOS 15.1 through 15.4 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP requests, aka Bug ID CSCuf51357.
  CVE-2014-2113  Cisco IOS 15.1 through 15.3 and IOS XE 3.3 and 3.5 before 3.5.2E; 3.7 before 3.7.5S; and 3.8, 3.9, and 3.10 before 3.10.2S allow remote attackers to cause a denial of service (I/O memory consumption and device reload) via a malformed IPv6 packet,...

2014-03-24  MITRE:23928  oval:org.mitre.oval:def:23928: RHSA-2014:0289: flash-plugin security update

2014-03-20  CVE-2014-2124  Cisco IOS 15.1(2)SY3 and earlier, when used with Supervisor Engine 2T (aka Sup2T) on Catalyst 6500 devices, allows remote attackers to cause a denial of service (device crash) via crafted multicast packets, aka Bug ID CSCuf60783.

2014-03-19  MITRE:23940  oval:org.mitre.oval:def:23940: Apache Subversion vulnerability before 1.7.15 and 1.8.x before 1.8.6 in VisualSVN Server allows remote attackers to cause a denial of service
  MITRE:24277  oval:org.mitre.oval:def:24277: Apache Subversion vulnerability 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4 in VisualSVN Server allows remote attackers to cause a denial of service
  MITRE:23340  oval:org.mitre.oval:def:23340: Apache Subversion vulnerability 1.8.0 through 1.8.2 in VisualSVN Server
  MITRE:24294  oval:org.mitre.oval:def:24294: Apache Subversion vulnerability 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 in VisualSVN Server allows remote attackers to bypass intended access restrictions and possibly cause a denial of service
  MITRE:24245  oval:org.mitre.oval:def:24245: Apache Subversion vulnerability 1.8.0 through 1.8.1 in VisualSVN Server allows to split "pack file" in the repository

2014-03-17  MITRE:23774  oval:org.mitre.oval:def:23774: Adobe Shockwave Player before 12.1.0.150 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

2014-03-14  CVE-2013-5133  Backup in Apple iOS before 7.1 does not properly restrict symlinks, which allows remote attackers to overwrite files during a restore operation via crafted backup data.
  CVE-2013-6835  TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote attackers to obtain telephone number or e-mail address information via a...
  CVE-2014-2291  Cross-site scripting (XSS) vulnerability in the Pulse Collaboration (Secure Meeting) user pages in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows...
  CVE-2014-2292  Unspecified vulnerability in the Linux Network Connect client in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows local users to gain privileges via...
  CVE-2014-1267  The Configuration Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 does not properly evaluate the expiration date of a mobile configuration profile, which allows attackers to bypass intended access restrictions by...
  CVE-2014-1271  CoreCapture in Apple iOS before 7.1 and Apple TV before 6.1 does not properly validate IOKit API calls, which allows attackers to cause a denial of service (assertion failure and device crash) via a crafted app.
  CVE-2014-1272  CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to change arbitrary file permissions by leveraging a symlink.
  CVE-2014-1273  dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing requirements by leveraging use of text-relocation instructions in a dynamic library.
  CVE-2014-1274  FaceTime in Apple iOS before 7.1 allows physically proximate attackers to obtain sensitive FaceTime contact information by using the lock screen for an invalid FaceTime call.
  CVE-2014-1275  Buffer overflow in ImageIO in Apple iOS before 7.1 and Apple TV before 6.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document.
  CVE-2014-1276  IOKit HID Event in Apple iOS before 7.1 allows attackers to conduct user-action monitoring attacks against arbitrary apps via a crafted app that accesses an IOKit framework interface.
  CVE-2014-1278  The ptmx_get_ioctl function in the ARM kernel in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to gain privileges or cause a denial of service (out-of-bounds memory access and device crash) via a crafted call.
  CVE-2014-1280  Video Driver in Apple iOS before 7.1 and Apple TV before 6.1 allows remote attackers to cause a denial of service (NULL pointer dereference and device hang) via a crafted video file with MPEG-4 encoding.
  CVE-2014-1281  Photos Backend in Apple iOS before 7.1 does not properly manage the asset-library cache during deletions, which allows physically proximate attackers to obtain sensitive photo data by launching the Photos app and looking under a...
  CVE-2014-1282  The Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass intended configuration-profile visibility requirements via a long name.
  CVE-2014-1285  Springboard in Apple iOS before 7.1 allows physically proximate attackers to bypass intended access restrictions and read the home screen by leveraging an application crash during activation of an unactivated device.
  CVE-2014-1286  SpringBoard Lock Screen in Apple iOS before 7.1 allows remote attackers to cause a denial of service (lock-screen hang) by leveraging a state-management error.
  CVE-2014-1287  USB Host in Apple iOS before 7.1 and Apple TV before 6.1 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted USB messages.
  CVE-2014-1289  WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2014-1290  WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2014-1291  WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2014-1292  WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2014-1293  WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2014-1294  WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...

2014-03-13  MITRE:22228  oval:org.mitre.oval:def:22228: Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK and Compiler before 4.0.0.1390 allow attackers to defeat the ASLR...
  MITRE:22530  oval:org.mitre.oval:def:22530: Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK and Compiler before 4.0.0.1390 allow attackers to bypass...
  MITRE:22099  oval:org.mitre.oval:def:22099: Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
  MITRE:22171  oval:org.mitre.oval:def:22171: Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows allows attackers to read the clipboard via unspecified vectors.

2014-03-07  MITRE:24162  oval:org.mitre.oval:def:24162: RHSA-2014:0196: flash-plugin security update

2014-03-06  CVE-2014-0704  The IGMP implementation on Cisco Wireless LAN Controller (WLC) devices 4.x, 5.x, 6.x, 7.0 before 7.0.250.0, 7.1, 7.2, and 7.3, when IGMPv3 Snooping is enabled, allows remote attackers to cause a denial of service (memory over-read and device...
  CVE-2014-0705  The multicast listener discovery (MLD) service on Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, 7.4 before 7.4.121.0, and 7.5, when MLDv2 Snooping is enabled, allows remote attackers to cause a denial of service (device restart) via a...
  CVE-2014-0706  Cisco Wireless LAN Controller (WLC) devices 7.2 before 7.2.115.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCue87929.
  CVE-2014-0707  Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCuf80681.
  CVE-2014-0701  Cisco Wireless LAN Controller (WLC) devices 7.0 before 7.0.250.0, 7.2, 7.3, and 7.4 before 7.4.110.0 do not properly deallocate memory, which allows remote attackers to cause a denial of service (reboot) by sending WebAuth login requests at a high...
  CVE-2014-0703  Cisco Wireless LAN Controller (WLC) devices 7.4 before 7.4.110.0 distribute Aironet IOS software with a race condition in the status of the administrative HTTP server, which allows remote attackers to bypass intended access restrictions by...

2014-03-02  CVE-2013-4710  Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a...

2014-02-26  CVE-2014-0740  Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to...
  CVE-2014-0741  The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via a crafted command,...
  CVE-2014-0742  The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via unspecified vectors,...
  CVE-2014-0743  The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and modify registered-device information via crafted data, aka Bug ID...
  CVE-2014-0747  The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to inject commands via unspecified CAPF programs, aka Bug ID CSCum95493.

2014-02-25  MITRE:22445  oval:org.mitre.oval:def:22445: Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK and Compiler before 4.0.0.1628 do not prevent access to address information, which makes it...
  MITRE:22201  oval:org.mitre.oval:def:22201: Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK and Compiler before 4.0.0.1628 allows remote attackers to...
  MITRE:22568  oval:org.mitre.oval:def:22568: Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK and Compiler before 4.0.0.1628 allows attackers to execute...

2014-02-22  CVE-2014-0731  The administration interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and read Java class files via a direct request, aka Bug ID CSCum46497.
  CVE-2014-1266  The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and...

2014-02-20  CVE-2014-0736  Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of arbitrary...
  CVE-2014-0732  The Real Time Monitoring Tool (RTMT) web application in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read application files via a direct...
  CVE-2014-0733  The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read ELM files via a direct request to a...
  CVE-2014-0734  SQL injection vulnerability in the Certificate Authority Proxy Function (CAPF) implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka...
  CVE-2014-0735  Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug...

2014-02-18  CVE-2014-2019  The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this...

2014-02-17  MITRE:22065  oval:org.mitre.oval:def:22065: VBScript Memory Corruption Vulnerability () - MS14-010, MS14-011

2014-02-15  REF000670  End of Windows XP support from Microsoft

2014-02-14  MITRE:22390  oval:org.mitre.oval:def:22390: RHSA-2014:0137: flash-plugin security update
  MITRE:22092  oval:org.mitre.oval:def:22092: RHSA-2014:0136: java-1.5.0-ibm security update
  MITRE:22292  oval:org.mitre.oval:def:22292: RHSA-2014:0134: java-1.7.0-ibm security update
  MITRE:22560  oval:org.mitre.oval:def:22560: RHSA-2014:0135: java-1.6.0-ibm security update

2014-02-13  CVE-2014-0722  The log4jinit web application in Cisco Unified Communications Manager (UCM) does not properly validate authentication, which allows remote attackers to cause a denial of service (performance degradation) via unspecified use of this application, aka...
  CVE-2014-0723  Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum05343.
  CVE-2014-0724  The bulk administration interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to bypass authentication and read arbitrary files by using an unspecified prompt, aka Bug ID CSCum05340.
  CVE-2014-0725  Cisco Unified Communications Manager (UCM) does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a "file storage location," aka Bug ID CSCum05337.
  CVE-2014-0726  SQL injection vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05326.
  CVE-2014-0727  SQL injection vulnerability in the CallManager Interactive Voice Response (CMIVR) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05318.
  CVE-2014-0728  SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05313.
  CVE-2014-0729  SQL injection vulnerability in the Enterprise Mobility Application (EMApp) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05302.

2014-02-05  MITRE:22436  oval:org.mitre.oval:def:22436: Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows allows remote attackers to execute arbitrary code via unspecified vectors

2014-02-04  CVE-2014-0686  Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and CSCul24908.

2014-01-28  MITRE:22499  oval:org.mitre.oval:def:22499: RHSA-2014:0028: flash-plugin security update

2014-01-23  CVE-2013-7313  The OSPF implementation in Juniper Junos through 13.x, JunosE, and ScreenOS through 6.3.x does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database,...

2014-01-22  CVE-2014-0661  The System Status Collection Daemon (SSCD) in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1.10.2(42), and 500-32, 1300-47, TX1310 65, and TX9xxx before 6.0.4(11), allows remote attackers to execute arbitrary commands or cause a...
  CVE-2014-0676  Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367.
  CVE-2014-0677  The Label Distribution Protocol (LDP) functionality in Cisco NX-OS allows remote attackers to cause a denial of service (temporary LDP session outage) via LDP discovery traffic containing malformed Hello messages, aka Bug ID CSCul88851.

2014-01-19  CVE-2013-3594  The SSH service on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote attackers to cause a denial of service (device reset) or possibly execute arbitrary code by sending many packets to TCP port 22.
  CVE-2013-3595  The OpenManage web application 2.5 build 1.19 on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote authenticated users to cause a denial of service (device reset) via a direct request to an unspecified OSPF URL.
  CVE-2013-3606  The login page in the GoAhead web server on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote attackers to cause a denial of service (device outage) via a long username.

2014-01-17  MITRE:22170  oval:org.mitre.oval:def:22170: Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, JRockit R27.7.7, Java SE Embedded 7u45 component of Oracle Java SE
  MITRE:22233  oval:org.mitre.oval:def:22233: Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, Java SE Embedded 7u45 component of Oracle Java SE
  MITRE:22214  oval:org.mitre.oval:def:22214: Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE
  MITRE:22270  oval:org.mitre.oval:def:22270: Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE
  MITRE:22289  oval:org.mitre.oval:def:22289: Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE
  MITRE:22304  oval:org.mitre.oval:def:22304: Vulnerability in Java SE 5.0u55, Java SE 6u65 and Java SE 7u45 component of Oracle Java SE
  MITRE:22200  oval:org.mitre.oval:def:22200: Vulnerability in Java SE 5.0u55, Java SE 6u65 and Java SE 7u45 component of Oracle Java SE
  MITRE:21384  oval:org.mitre.oval:def:21384: Vulnerability in Java SE 5.0u55, Java SE 6u65 and Java SE 7u45 component of Oracle Java SE
  MITRE:22227  oval:org.mitre.oval:def:22227: Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE
  MITRE:22372  oval:org.mitre.oval:def:22372: Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE
  MITRE:22096  oval:org.mitre.oval:def:22096: Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, JRockit R27.7.7, JRockit R28.2.9 and Java SE Embedded 7u45 component of Oracle Java SE
  MITRE:21979  oval:org.mitre.oval:def:21979: Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, JRockit R27.7.7, JRockit R28.2.9 and Java SE Embedded 7u45 component of Oracle Java SE
  MITRE:22402  oval:org.mitre.oval:def:22402: Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, Java SE Embedded 7u45 component of Oracle Java SE

2014-01-15  MITRE:21758  oval:org.mitre.oval:def:21758: RHSA-2011:0471: firefox security update
  MITRE:21898  oval:org.mitre.oval:def:21898: RHSA-2011:0305: samba security update
  MITRE:21138  oval:org.mitre.oval:def:21138: RHSA-2011:0197: postgresql security update
  MITRE:21857  oval:org.mitre.oval:def:21857: RHSA-2011:0206: flash-plugin security update
  MITRE:21931  oval:org.mitre.oval:def:21931: RHSA-2011:0281: java-1.6.0-openjdk security update
  MITRE:21856  oval:org.mitre.oval:def:21856: RHSA-2011:0337: vsftpd security update
  MITRE:21214  oval:org.mitre.oval:def:21214: RHSA-2011:0310: firefox security and bug fix update
  MITRE:21740  oval:org.mitre.oval:def:21740: RHSA-2011:0845: bind security update
  MITRE:21426  oval:org.mitre.oval:def:21426: RHSA-2011:0373: firefox security update
  MITRE:21627  oval:org.mitre.oval:def:21627: RHSA-2011:0318: libtiff security update
  MITRE:21713  oval:org.mitre.oval:def:21713: RHSA-2011:0214: java-1.6.0-openjdk security update
  MITRE:21684  oval:org.mitre.oval:def:21684: RHSA-2011:0472: nss security update
  MITRE:21822  oval:org.mitre.oval:def:21822: RHSA-2011:0324: logwatch security update
  MITRE:21616  oval:org.mitre.oval:def:21616: RHSA-2011:0859: cyrus-imapd security update
  MITRE:21479  oval:org.mitre.oval:def:21479: RHSA-2011:0180: pango security update
  MITRE:22006  oval:org.mitre.oval:def:22006: RHSA-2011:0926: bind security update
  MITRE:21920  oval:org.mitre.oval:def:21920: RHSA-2011:0506: rdesktop security update
  MITRE:21821  oval:org.mitre.oval:def:21821: RHSA-2011:0391: libvirt security update
  MITRE:21301  oval:org.mitre.oval:def:21301: RHSA-2011:0862: subversion security update
  MITRE:21847  oval:org.mitre.oval:def:21847: RHSA-2011:0332: scsi-target-utils security update
  MITRE:21712  oval:org.mitre.oval:def:21712: RHSA-2011:0428: dhcp security update
  MITRE:21165  oval:org.mitre.oval:def:21165: RHSA-2011:0433: xorg-x11-server-utils security update
  MITRE:21435  oval:org.mitre.oval:def:21435: RHSA-2011:0885: firefox security and bug fix update
  MITRE:21899  oval:org.mitre.oval:def:21899: RHSA-2011:0843: postfix security update
  MITRE:21813  oval:org.mitre.oval:def:21813: RHSA-2011:0154: hplip security update
  MITRE:21913  oval:org.mitre.oval:def:21913: RHSA-2011:0918: curl security update
  CVE-2014-0613  The XNM command processor in Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R5, 13.1 before...
  CVE-2014-0615  Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R5, 13.1 before 13.1R3-S1, 13.2 before 13.2R2,...
  CVE-2014-0616  Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R4-S2, 13.1 before 13.1R3-S1, 13.2 before 13.2R2,...
  CVE-2014-0617  Juniper Junos 10.4S before 10.4S15, 10.4R before 10.4R16, 11.4 before 11.4R9, and 12.1R before 12.1R7 on SRX Series service gateways allows remote attackers to cause a denial of service (flowd crash) via a crafted IP packet.

2014-01-14  MITRE:21334  oval:org.mitre.oval:def:21334: RHSA-2012:1245: java-1.5.0-ibm security update
  MITRE:21501  oval:org.mitre.oval:def:21501: RHSA-2012:1569: flash-plugin security update
  MITRE:21614  oval:org.mitre.oval:def:21614: RHSA-2012:1465: java-1.5.0-ibm security update
  MITRE:21660  oval:org.mitre.oval:def:21660: RHSA-2012:1431: flash-plugin security update
  MITRE:20413  oval:org.mitre.oval:def:20413: RHSA-2012:0144: flash-plugin security update
  MITRE:21594  oval:org.mitre.oval:def:21594: RHSA-2012:1346: flash-plugin security update
  MITRE:21011  oval:org.mitre.oval:def:21011: RHSA-2012:1466: java-1.6.0-ibm security update
  MITRE:21404  oval:org.mitre.oval:def:21404: RHSA-2012:0514: java-1.6.0-ibm security update
  MITRE:21162  oval:org.mitre.oval:def:21162: RHSA-2012:0688: flash-plugin security update
  MITRE:21447  oval:org.mitre.oval:def:21447: RHSA-2012:1238: java-1.6.0-ibm security update
  MITRE:21376  oval:org.mitre.oval:def:21376: RHSA-2012:0722: flash-plugin security update
  MITRE:21398  oval:org.mitre.oval:def:21398: RHSA-2012:0508: java-1.5.0-ibm security update

2014-01-10  CVE-2014-0618  Juniper Junos before 10.4 before 10.4R16, 11.4 before 11.4R8, 12.1R before 12.1R7, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on SRX Series service gateways, when used as a UAC enforcer and captive portal is enabled, allows remote...

2014-01-09  MITRE:21081  oval:org.mitre.oval:def:21081: RHSA-2013:1818: flash-plugin security update
  MITRE:21219  oval:org.mitre.oval:def:21219: RHSA-2013:1059: java-1.6.0-ibm security update
  MITRE:20806  oval:org.mitre.oval:def:20806: RHSA-2013:0643: flash-plugin security update
  MITRE:20942  oval:org.mitre.oval:def:20942: RHSA-2013:1035: flash-plugin security update
  MITRE:21078  oval:org.mitre.oval:def:21078: RHSA-2013:0730: flash-plugin security update
  MITRE:21196  oval:org.mitre.oval:def:21196: RHSA-2013:1081: java-1.5.0-ibm security update
  MITRE:20438  oval:org.mitre.oval:def:20438: RHSA-2013:0574: flash-plugin security update
  MITRE:21077  oval:org.mitre.oval:def:21077: RHSA-2013:0625: java-1.6.0-ibm security update
  MITRE:21109  oval:org.mitre.oval:def:21109: RHSA-2013:0624: java-1.5.0-ibm security update
  MITRE:21201  oval:org.mitre.oval:def:21201: RHSA-2013:0825: flash-plugin security update
  MITRE:21131  oval:org.mitre.oval:def:21131: RHSA-2013:1060: java-1.7.0-ibm security update
  MITRE:20926  oval:org.mitre.oval:def:20926: RHSA-2013:0243: flash-plugin security update
  MITRE:21111  oval:org.mitre.oval:def:21111: RHSA-2013:0823: java-1.6.0-ibm security update
  MITRE:20801  oval:org.mitre.oval:def:20801: RHSA-2013:0254: flash-plugin security update
  MITRE:21040  oval:org.mitre.oval:def:21040: RHSA-2013:0626: java-1.7.0-ibm security update
  MITRE:21241  oval:org.mitre.oval:def:21241: RHSA-2013:0855: java-1.5.0-ibm security update
  MITRE:20714  oval:org.mitre.oval:def:20714: RHSA-2013:1518: flash-plugin security update
  MITRE:20910  oval:org.mitre.oval:def:20910: RHSA-2013:0941: flash-plugin security update
  MITRE:20254  oval:org.mitre.oval:def:20254: RHSA-2013:0822: java-1.7.0-ibm security update
  MITRE:21151  oval:org.mitre.oval:def:21151: RHSA-2013:1507: java-1.7.0-ibm security update
  MITRE:20642  oval:org.mitre.oval:def:20642: RHSA-2013:1509: java-1.5.0-ibm security update
  MITRE:21027  oval:org.mitre.oval:def:21027: RHSA-2013:0551: acroread security update
  MITRE:20442  oval:org.mitre.oval:def:20442: RHSA-2013:0150: acroread security update
  MITRE:20740  oval:org.mitre.oval:def:20740: RHSA-2013:0826: acroread security update
  MITRE:21240  oval:org.mitre.oval:def:21240: RHSA-2013:1508: java-1.6.0-ibm security update
  MITRE:20796  oval:org.mitre.oval:def:20796: RHSA-2013:1402: Adobe Reader - notification of end of updates
  MITRE:21009  oval:org.mitre.oval:def:21009: RHSA-2013:0149: flash-plugin security update
  MITRE:20919  oval:org.mitre.oval:def:20919: RHSA-2013:1256: flash-plugin security update
  MITRE:20871  oval:org.mitre.oval:def:20871: Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK and Compiler before 3.9.0.1380 allow remote attackers to...
  MITRE:20738  oval:org.mitre.oval:def:20738: Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK and Compiler before 3.9.0.1380 allow attackers to execute...

2014-01-08  CVE-2013-6982  The BGP implementation in Cisco NX-OS 6.2(2a) and earlier does not properly handle the interaction of UPDATE messages with IPv6, VPNv4, and VPNv6 labeled unicast-address families, which allows remote attackers to cause a denial of service (peer...
  CVE-2014-0653  The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to trigger authentication-state modifications via a crafted NetBIOS logout probe response, aka Bug ID CSCuj45340.
  CVE-2014-0655  The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to change the user-cache contents via a replay attack involving crafted RADIUS Change of Authorization (CoA) messages, aka Bug ID...
  CVE-2014-0657  The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-based access control via multiple visits to a...

2013-12-27  CVE-2013-6981  Cisco IOS XE 3.7S(.1) and earlier allows remote attackers to cause a denial of service (Packet Processor crash) via fragmented MPLS IP packets, aka Bug ID CSCul00709.

2013-12-23  CVE-2013-6979  The VTY authentication implementation in Cisco IOS XE 03.02.xxSE and 03.03.xxSE incorrectly relies on the Linux-IOS internal-network configuration, which allows remote attackers to bypass authentication by leveraging access to a 192.168.x.2 source...

2013-12-21  CVE-2012-4131  Directory traversal vulnerability in tar in Cisco NX-OS allows local users to access arbitrary files via crafted command-line arguments, aka Bug IDs CSCty07157, CSCty07159, CSCty07162, and CSCty07164.
  CVE-2012-4135  Directory traversal vulnerability in filesys in Cisco NX-OS 6.1(2) and earlier allows local users to access arbitrary files via crafted command-line arguments during a delete action, aka Bug IDs CSCty07270, CSCty07271, CSCty07273, and CSCty07275.
  CVE-2013-6978  The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug...

2013-12-18  CVE-2013-4775  NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware 5.3.0.17; and GS752TXS and GS728TXS with firmware...
  CVE-2013-4776  NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier, GS748Tv4 5.4.1.14, and GS510TP 5.0.4.4 allows remote attackers to cause a denial of service (reboot or crash) via a crafted HTTP request to filesystem/.
  CVE-2013-5196  WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2013-5197  WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2013-5198  WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2013-5199  WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2013-5225  WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
  CVE-2013-5228  WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...

2013-12-14  CVE-2013-6271  Android 4.0 through 4.3 allows attackers to bypass intended access restrictions and remove device locks via a crafted application that invokes the updateUnlockMethodAndFinish method in the com.android.settings.ChooseLockGeneric class...

2013-12-13  CVE-2013-6956  Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web...
  CVE-2013-6958  Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet.

2013-12-12  CVE-2013-2751  Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to...
  CVE-2013-2752  Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_handler.pl in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to hijack the authentication of users.
  CVE-2013-7030  ** DISPUTED ** The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential...

2013-12-10  MITRE:20434  oval:org.mitre.oval:def:20434: Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
  MITRE:20459  oval:org.mitre.oval:def:20459: Stack-based buffer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 and Adobe AIR before 3.3.0.3610 on Windows, allows attackers to execute arbitrary code via unspecified vectors
  MITRE:20915  oval:org.mitre.oval:def:20915: Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  MITRE:20472  oval:org.mitre.oval:def:20472: Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on Windows allows remote attackers to execute arbitrary code via a crafted file, related to an "object confusion vulnerability"
  MITRE:20424  oval:org.mitre.oval:def:20424: Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 and Adobe AIR before 3.3.0.3610 on Windows, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
  MITRE:20770  oval:org.mitre.oval:def:20770: Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  MITRE:19994  oval:org.mitre.oval:def:19994: Integer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 and Adobe AIR before 3.5.0.880 on Windows, allows attackers to execute arbitrary code via unspecified vectors
  MITRE:20840  oval:org.mitre.oval:def:20840: Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 and Adobe AIR before 3.3.0.3610 on Windows, allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors
  MITRE:20651  oval:org.mitre.oval:def:20651: Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 and Adobe AIR before 3.4.0.2540 on Windows, allow remote attackers to read content from a different domain via a crafted web site
  MITRE:20880  oval:org.mitre.oval:def:20880: Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 and Adobe AIR before 3.4.0.2540 on Windows, allow attackers to cause a denial of service...
  MITRE:20589  oval:org.mitre.oval:def:20589: Unspecified vulnerability in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows has unknown impact and attack vectors
  MITRE:20772  oval:org.mitre.oval:def:20772: Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 and Adobe AIR before 3.5.0.880 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors
  MITRE:20654  oval:org.mitre.oval:def:20654: Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 and Adobe AIR before 3.3.0.3610 on Windows, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
  MITRE:20873  oval:org.mitre.oval:def:20873: Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 and Adobe AIR before 3.4.0.2540 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
  MITRE:20934  oval:org.mitre.oval:def:20934: Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  MITRE:20727  oval:org.mitre.oval:def:20727: Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
  MITRE:20656  oval:org.mitre.oval:def:20656: Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  MITRE:20893  oval:org.mitre.oval:def:20893: Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  MITRE:20035  oval:org.mitre.oval:def:20035: Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified...
  MITRE:20963  oval:org.mitre.oval:def:20963: Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  MITRE:19970  oval:org.mitre.oval:def:19970: Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
  MITRE:20632  oval:org.mitre.oval:def:20632: Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 and Adobe AIR before 3.3.0.3610 on Windows, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors
  MITRE:20879  oval:org.mitre.oval:def:20879: Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
  MITRE:20693  oval:org.mitre.oval:def:20693: Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 and Adobe AIR before 3.4.0.2540 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
  MITRE:20892  oval:org.mitre.oval:def:20892: Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 and Adobe AIR before 3.5.0.600 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than...
  MITRE:20318  oval:org.mitre.oval:def:20318: Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content
  MITRE:20954  oval:org.mitre.oval:def:20954: Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
  MITRE:20904  oval:org.mitre.oval:def:20904: Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 and Adobe AIR before 3.5.0.600 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than...
  MITRE:20556  oval:org.mitre.oval:def:20556: Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 and Adobe AIR before 3.4.0.2540 on Windows, allow attackers to cause a denial of service (application crash) by leveraging a logic error during handling of Firefox dialogs
  MITRE:20701  oval:org.mitre.oval:def:20701: Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  MITRE:20607  oval:org.mitre.oval:def:20607: Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  MITRE:20928  oval:org.mitre.oval:def:20928: Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 and Adobe AIR before 3.5.0.600 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than...
  MITRE:20876  oval:org.mitre.oval:def:20876: Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  MITRE:20323  oval:org.mitre.oval:def:20323: Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 and Adobe AIR before 3.5.0.600 on Windows allow attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors
  MITRE:20925  oval:org.mitre.oval:def:20925: Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  MITRE:20789  oval:org.mitre.oval:def:20789: Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
  MITRE:20739  oval:org.mitre.oval:def:20739: Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 and Adobe AIR before 3.5.0.600 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors
  MITRE:20395  oval:org.mitre.oval:def:20395: Buffer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 and Adobe AIR before 3.5.0.880 on Windows, allows attackers to execute arbitrary code via unspecified vectors
  MITRE:20859  oval:org.mitre.oval:def:20859: Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
  MITRE:20844  oval:org.mitre.oval:def:20844: Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  MITRE:20799  oval:org.mitre.oval:def:20799: Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
  MITRE:20838  oval:org.mitre.oval:def:20838: Integer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 and Adobe AIR before 3.3.0.3610 on Windows, allows attackers to execute arbitrary code via unspecified vectors
  MITRE:20958  oval:org.mitre.oval:def:20958: Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
  MITRE:20274  oval:org.mitre.oval:def:20274: Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 and Adobe AIR before 3.5.0.600 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than...
  MITRE:20674  oval:org.mitre.oval:def:20674: Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  MITRE:20510  oval:org.mitre.oval:def:20510: Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
  MITRE:19949  oval:org.mitre.oval:def:19949: Integer overflow in Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 and Adobe AIR before 3.4.0.2540 on Windows, allows attackers to execute arbitrary code via unspecified vectors
  MITRE:20964  oval:org.mitre.oval:def:20964: Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  MITRE:20559  oval:org.mitre.oval:def:20559: Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  MITRE:20148  oval:org.mitre.oval:def:20148: Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  MITRE:20846  oval:org.mitre.oval:def:20846: Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 and Adobe AIR before 3.5.0.600 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than...
  MITRE:20968  oval:org.mitre.oval:def:20968: Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
  MITRE:20688  oval:org.mitre.oval:def:20688: Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...

2013-12-05  MITRE:19856  oval:org.mitre.oval:def:19856: Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Adobe AIR before 3.7.0.1530 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified...
  MITRE:20079  oval:org.mitre.oval:def:20079: Use-after-free vulnerability in Adobe Flash Player before 10.3.183.68, 11.x before 11.6.602.180 and Adobe AIR before 3.6.0.6090 on Windows allows attackers to execute arbitrary code via unspecified vectors
  MITRE:19929  oval:org.mitre.oval:def:19929: Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows Adobe AIR before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different...
  MITRE:19913  oval:org.mitre.oval:def:19913: Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows Adobe AIR before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different...
  MITRE:19805  oval:org.mitre.oval:def:19805: Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a...
  MITRE:19930  oval:org.mitre.oval:def:19930: Buffer overflow in the broker service in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows allows attackers to execute arbitrary code via unspecified vectors
  MITRE:19896  oval:org.mitre.oval:def:19896: Heap-based buffer overflow in Adobe Flash Player before 10.3.183.68, 11.x before 11.6.602.180 and Adobe AIR before 3.6.0.6090 on Windows allows attackers to execute arbitrary code via unspecified vectors
  MITRE:19661  oval:org.mitre.oval:def:19661: Adobe Flash Player before 10.3.183.68, 11.x before 11.6.602.180 and Adobe AIR before 3.6.0.6090 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors
  MITRE:20133  oval:org.mitre.oval:def:20133: Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows; Adobe AIR before 3.9.0.1210 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors,...
  MITRE:19467  oval:org.mitre.oval:def:19467: Buffer overflow in Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows, allows remote attackers to execute arbitrary code via crafted SWF content
  MITRE:20111  oval:org.mitre.oval:def:20111: Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a...
  MITRE:19907  oval:org.mitre.oval:def:19907: Integer overflow in Adobe Flash Player before 10.3.183.68, 11.x before 11.6.602.180 and Adobe AIR before 3.6.0.6090 on Windows allows attackers to execute arbitrary code via unspecified vectors
  MITRE:19898  oval:org.mitre.oval:def:19898: Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows allows remote attackers to execute arbitrary code via crafted SWF content
  MITRE:19629  oval:org.mitre.oval:def:19629: Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Adobe AIR before 3.7.0.1530 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different...
  MITRE:19957  oval:org.mitre.oval:def:19957: Heap-based buffer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows allows attackers to execute arbitrary code via unspecified vectors
  MITRE:19802  oval:org.mitre.oval:def:19802: Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows; Adobe AIR before 3.9.0.1210 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors,...
  MITRE:20078  oval:org.mitre.oval:def:20078: Use-after-free vulnerability in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified...
  MITRE:20011  oval:org.mitre.oval:def:20011: Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Adobe AIR before 3.7.0.1530 do not properly initialize pointer arrays, which allows attackers to execute arbitrary code or cause a...
  MITRE:20004  oval:org.mitre.oval:def:20004: Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allow attackers to obtain sensitive information via unspecified vectors
  MITRE:20080  oval:org.mitre.oval:def:20080: Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via...
  MITRE:19427  oval:org.mitre.oval:def:19427: Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than...
  MITRE:19961  oval:org.mitre.oval:def:19961: Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a...
  MITRE:19824  oval:org.mitre.oval:def:19824: Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Adobe AIR before 3.7.0.1530 allows remote attackers to execute arbitrary code via unspecified vectors
  MITRE:19510  oval:org.mitre.oval:def:19510: Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability...
  MITRE:20081  oval:org.mitre.oval:def:20081: The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content
  MITRE:19525  oval:org.mitre.oval:def:19525: Use-after-free vulnerability in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified...
  MITRE:19410  oval:org.mitre.oval:def:19410: Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a...
  MITRE:19528  oval:org.mitre.oval:def:19528: Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors
  MITRE:20096  oval:org.mitre.oval:def:20096: Buffer overflow in Adobe Flash Player before 10.3.183.50 and 11.x before 11.5.502.146 on Windows and in Adobe AIR before 3.5.0.1060, allows attackers to execute arbitrary code via unspecified vectors
  MITRE:19694  oval:org.mitre.oval:def:19694: Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows Adobe AIR before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different...
  MITRE:20015  oval:org.mitre.oval:def:20015: Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows Adobe AIR before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different...
  MITRE:19966  oval:org.mitre.oval:def:19966: Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a...
  MITRE:20025  oval:org.mitre.oval:def:20025: Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via...
  MITRE:20125  oval:org.mitre.oval:def:20125: Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a...
  MITRE:20006  oval:org.mitre.oval:def:20006: Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a...
  MITRE:19869  oval:org.mitre.oval:def:19869: Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a...
  MITRE:20073  oval:org.mitre.oval:def:20073: Integer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors
  MITRE:19826  oval:org.mitre.oval:def:19826: Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content
  MITRE:20044  oval:org.mitre.oval:def:20044: Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a...
  MITRE:20137  oval:org.mitre.oval:def:20137: Integer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows allows attackers to execute arbitrary code via PCM data that is not properly handled during resampling

2013-12-03  CVE-2013-6704  Cisco IOS XE does not properly manage memory for TFTP UDP flows, which allows remote attackers to cause a denial of service (memory consumption) via TFTP (1) client or (2) server traffic, aka Bug IDs CSCuh09324 and CSCty42686.
  CVE-2013-6705  The IP Device Tracking (IPDT) feature in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (IPDT AVL corruption and device reload) via a crafted sequence of ARP packets, aka Bug ID CSCuh38133.

2013-12-02  CVE-2013-6696  Cisco Adaptive Security Appliance (ASA) Software does not properly handle errors during the processing of DNS responses, which allows remote attackers to cause a denial of service (device reload) via a malformed response, aka Bug ID CSCuj28861.

2013-11-28  CVE-2013-6700  The SNMP module in Cisco IOS XR allows remote attackers to cause a denial of service (process reload) via a request for an unspecified MIB, aka Bug ID CSCuh43144.
  CVE-2013-6706  The Cisco Express Forwarding processing module in Cisco IOS XE allows remote attackers to cause a denial of service (device reload) via crafted MPLS packets that are not properly handled during IP header validation, aka Bug ID CSCuj23992.

2013-11-22  CVE-2013-6694  The IPSec implementation in Cisco IOS allows remote attackers to cause a denial of service (MTU change and tunnel-session drop) via crafted ICMP packets, aka Bug ID CSCul29918.
  CVE-2013-6698  The web interface on Cisco Wireless LAN Controller (WLC) devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site,...
  CVE-2013-6699  The Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service via a crafted CAPWAP packet that triggers a buffer over-read,...

2013-11-21  CVE-2013-6692  Cisco IOS XE 3.8S(.2) and earlier does not properly use a DHCP pool during assignment of an IP address, which allows remote authenticated users to cause a denial of service (device reload) via an AAA packet that triggers an address requirement, aka...
  CVE-2013-6693  The MLDP implementation in Cisco IOS 15.3(3)S and earlier on 7600 routers, when many VRFs are configured, allows remote attackers to cause a denial of service (chunk corruption and device reload) by establishing many multicast flows, aka Bug ID...

2013-11-17  CVE-2013-5556  The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual Security Gateway 4.2(1)VSG1(1) for Nexus 1000V switches...
  CVE-2013-5193  The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App purchase by leveraging previous...
  CVE-2013-6686  The SSL VPN implementation in Cisco IOS 15.3(1)T2 and earlier allows remote authenticated users to cause a denial of service (interface queue wedge) via crafted DTLS packets in an SSL session, aka Bug IDs CSCuh97409 and CSCud90568.
  CVE-2013-6688  Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted...
  CVE-2013-6689  Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or create arbitrary files, via an "overload" of the command-line utility, aka Bug ID CSCui58229.

2013-11-13  CVE-2013-5552  Cisco IOS 12.4(24)MDB9 and earlier on Content Services Gateway (CSG) devices does not properly implement the "parse error drop" feature, which allows remote attackers to bypass intended access restrictions via a crafted series of packets, aka Bug ID...
  CVE-2013-6683  The IPv6 implementation in Cisco NX-OS does not properly handle neighbor-table adjacencies, which allows remote attackers to cause a denial of service (NS processing outage) via a series of malformed packets, aka Bug ID CSCtd15904.
  CVE-2013-6684  The web framework on Cisco Wireless LAN Controller (WLC) devices does not properly validate configuration parameters, which allows remote authenticated users to cause a denial of service via a crafted HTTP request, aka Bug ID CSCuh81011.

2013-11-07  CVE-2013-5553  Multiple memory leaks in Cisco IOS 15.1 before 15.1(4)M7 allow remote attackers to cause a denial of service (memory consumption or device reload) by sending a crafted SIP message over (1) IPv4 or (2) IPv6, aka Bug IDs CSCuc42558 and CSCug25383.
  CVE-2013-5565  The OSPFv3 functionality in Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (process crash) via a malformed LSA Type-1 packet, aka Bug ID CSCuj82176.
  CVE-2013-5566  Cisco NX-OS 5.0 and earlier on MDS 9000 devices allows remote attackers to cause a denial of service (supervisor CPU consumption) via Authentication Header (AH) authentication in a Virtual Router Redundancy Protocol (VRRP) frame, aka Bug ID CSCte27874.

2013-11-05  CVE-2013-6618  jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary commands via the rsargs parameter in an exec action.

2013-10-31  CVE-2013-5543  Cisco IOS XE 3.4 before 3.4.2S and 3.5 before 3.5.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via malformed ICMP error packets associated with a (1) TCP or (2) UDP session that is under inspection by...
  CVE-2013-5545  The PPTP ALG implementation in Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending many PPTP packets over NAT, aka Bug ID CSCuh19936.
  CVE-2013-5546  The TCP reassembly feature in Cisco IOS XE 3.7 before 3.7.3S and 3.8 before 3.8.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via large TCP packets that are processed by the (1) NAT or (2) ALG component,...
  CVE-2013-5547  Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending malformed EoGRE packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCuf08269.
  CVE-2013-5548  The IKEv2 implementation in Cisco IOS, when AES-GCM or AES-GMAC is used, allows remote attackers to bypass certain IPsec anti-replay features via IPsec tunnel traffic, aka Bug ID CSCuj47795.
  CVE-2013-5555  Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to cause a denial of service (service restart) via a crafted SIP message, aka Bug ID CSCub54349.

2013-10-28  CVE-2013-6012  Juniper Junos 12.1X44 before 12.1.X44-D20 and 12.1X45 before 12.1X45-D15, when the no-validate option is enabled, does not properly handle configuration validation errors during the config commit phase of the boot-up sequence, which allows remote...
  CVE-2013-6014  Juniper Junos 10.4 before 10.4S15, 11.4 before 11.4R9, 11.4X27 before 11.4X27.44, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.2 before 12.2R6, 12.3 before 12.3R3, 13.1 before 13.1R3, and 13.2 before 13.2R1, when...

2013-10-24  MITRE:19002  oval:org.mitre.oval:def:19002: Unspecified vulnerability in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  MITRE:19088  oval:org.mitre.oval:def:19088: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  MITRE:18894  oval:org.mitre.oval:def:18894: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  MITRE:19207  oval:org.mitre.oval:def:19207: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
  MITRE:19101  oval:org.mitre.oval:def:19101: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
  MITRE:19032  oval:org.mitre.oval:def:19032: Unspecified vulnerability in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  MITRE:18990  oval:org.mitre.oval:def:18990: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  MITRE:19024  oval:org.mitre.oval:def:19024: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  MITRE:18645  oval:org.mitre.oval:def:18645: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
  MITRE:19188  oval:org.mitre.oval:def:19188: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, and JRockit R27.7.6 and earlier
  MITRE:19150  oval:org.mitre.oval:def:19150: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  MITRE:19020  oval:org.mitre.oval:def:19020: Unspecified vulnerability in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  MITRE:18971  oval:org.mitre.oval:def:18971: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  MITRE:18733  oval:org.mitre.oval:def:18733: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  MITRE:19185  oval:org.mitre.oval:def:19185: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  MITRE:18504  oval:org.mitre.oval:def:18504: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  MITRE:19189  oval:org.mitre.oval:def:19189: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  MITRE:19046  oval:org.mitre.oval:def:19046: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
  MITRE:19096  oval:org.mitre.oval:def:19096: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
  MITRE:18436  oval:org.mitre.oval:def:18436: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
  MITRE:18874  oval:org.mitre.oval:def:18874: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
  CVE-2013-5522  Cisco IOS on Catalyst 3750X switches has default Service Module credentials, which makes it easier for local users to gain privileges via a Service Module login, aka Bug ID CSCue92286.
  CVE-2013-5549  Cisco IOS XR 3.8.1 through 4.2.0 does not properly process fragmented packets within the RP-A, RP-B, PRP, and DRP-B route-processor components, which allows remote attackers to cause a denial of service (transmission outage) via (1) IPv4 or (2) IPv6...

2013-10-23  CVE-2013-5144  Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emergency-call button during a certain...
  CVE-2013-5162  Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcode-entry view after use of the Phone app.
  CVE-2013-5164  Multiple race conditions in the Phone app in Apple iOS before 7.0.3 allow physically proximate attackers to bypass the locked state, and dial the telephone numbers in arbitrary Contacts entries, by visiting the Contacts pane.

2013-10-19  CVE-2013-6027  Stack-based buffer overflow in the RuntimeDiagnosticPing function in /bin/webs on D-Link DIR-100 routers might allow remote authenticated administrators to execute arbitrary commands via a long set/runtime/diagnostic/pingIp parameter to...

2013-10-17  CVE-2013-4689  J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1R before 12.1R6, 12.1X44 before 12.1X44-D15, 12.1x45 before 12.1X45-D10, 12.2 before 12.2R3, 12.3 before 12.3R2, and 13.1 before 13.1R3 allow remote attackers to bypass the cross-site...
  CVE-2013-6013  Buffer overflow in the flow daemon (flowd) in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7-S2, 12.1.X44 before 12.1X44-D15, 12.1X45 before 12.1X45-D10 on SRX devices, when using telnet pass-through authentication on the firewall, might...
  CVE-2013-6015  Juniper Junos before 10.4S14, 11.4 before 11.4R5-S2, 12.1R before 12.1R3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D15 on SRX Series services gateways, when a plugin using TCP proxy is configured, allows remote attackers to cause a...
  CVE-2013-6170  Juniper Junos 10.0 before 10.0S28, 10.4 before 10.4R7, 11.1 before 11.1R5, 11.2 before 11.2R2, and 11.4 before 11.4R1, when in a Next-Generation Multicast VPN (NGEN MVPN) environment, allows remote attackers to cause a denial of service (RPD routing...

2013-10-16  MITRE:19036  oval:org.mitre.oval:def:19036: Denial of service vulnerability in Microsoft SharePoint () - MS13-067
  MITRE:19136  oval:org.mitre.oval:def:19136: Cross-site scripting vulnerability in Microsoft SharePoint () - MS13-067
  MITRE:18750  oval:org.mitre.oval:def:18750: Cross-site scripting vulnerability in Microsoft SharePoint () - MS13-067

2013-10-13  CVE-2012-4076  Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in a command that calls the system library function, aka Bug IDs CSCtf23559 and CSCtf27780.
  CVE-2012-4077  Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via the sed e option, aka Bug IDs CSCtf25457 and CSCtf27651.
  CVE-2012-4097  The BGP implementation in Cisco NX-OS does not properly filter segment types in AS paths, which allows remote attackers to cause a denial of service (BGP service reset) via a malformed UPDATE message, aka Bug ID CSCtn13043.
  CVE-2012-4099  The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13065.
  CVE-2012-4121  Cisco NX-OS allows local users to gain privileges, and read or modify arbitrary files, via the sed (1) r and (2) w commands, aka Bug IDs CSCts56559, CSCts56565, CSCts56570, and CSCts56574.

2013-10-10  CVE-2013-5527  The OSPF functionality in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted options in an LSA type 11 packet, aka Bug ID CSCui21030.
  CVE-2013-5528  Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug...
  CVE-2013-5499  The remember feature in the DHCP server in Cisco IOS allows remote attackers to cause a denial of service (device reload) by acquiring a lease and then sending a DHCPRELEASE message, aka Bug ID CSCuh46822.

2013-10-05  CVE-2012-4075  Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in unspecified command parameters, aka Bug IDs CSCtf19827 and CSCtf27788.
  CVE-2012-4090  The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089.
  CVE-2012-4091  The RIP service engine in Cisco NX-OS allows remote attackers to cause a denial of service (engine restart) via a malformed (1) RIPv4 or (2) RIPv6 message, aka Bug ID CSCtj73415.
  CVE-2012-4098  The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13055.
  CVE-2012-4122  The CLI parser in Cisco NX-OS allows local users to bypass intended access restrictions, and overwrite or create arbitrary files, via shell output redirection, aka Bug IDs CSCts56672 and CSCts56669.
  CVE-2012-4141  Directory traversal vulnerability in the CLI parser in Cisco NX-OS allows local users to create arbitrary script files via a relative pathname in the "file name" parameter, aka Bug IDs CSCua71557 and CSCua71551.

2013-10-03  CVE-2013-5519  Cross-site scripting (XSS) vulnerability in the management interface on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuf77810.

2013-10-02  MITRE:18986  oval:org.mitre.oval:def:18986: Apache Subversion vulnerability 1.6.0 before 1.6.23 and 1.7.x before 1.7.10 in VisualSVN Server
  MITRE:18087  oval:org.mitre.oval:def:18087: Apache Subversion vulnerability 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 in VisualSVN Server
  MITRE:18827  oval:org.mitre.oval:def:18827: Apache HTTP vulnerability 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 in VisualSVN Server
  MITRE:19057  oval:org.mitre.oval:def:19057: Apache Subversion vulnerability 1.6.0 before 1.6.23 and 1.7.x before 1.7.10 in VisualSVN Server
  MITRE:18835  oval:org.mitre.oval:def:18835: Apache HTTP vulnerability before 2.2.25 in VisualSVN Server
  MITRE:18985  oval:org.mitre.oval:def:18985: OpenSSL vulnerability 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c in VisualSVN Server
  MITRE:18554  oval:org.mitre.oval:def:18554: Apache Subversion vulnerability from 1.4.0 through 1.7.12 and from 1.8.0 through 1.8.1 in VisualSVN Server
  MITRE:18999  oval:org.mitre.oval:def:18999: Apache Subversion vulnerability 1.5.x and 1.6.x before 1.6.17 in VisualSVN Server
  MITRE:18973  oval:org.mitre.oval:def:18973: Apache Subversion vulnerability 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 in VisualSVN Server
  MITRE:18967  oval:org.mitre.oval:def:18967: Apache Subversion vulnerability before 1.6.16 in VisualSVN Server
  MITRE:18910  oval:org.mitre.oval:def:18910: OpenSSL vulnerability before 0.9.8q, and 1.0.x before 1.0.0c in VisualSVN Server
  MITRE:18790  oval:org.mitre.oval:def:18790: Apache HTTP vulnerability from 2.2.x before 2.2.25 in VisualSVN Server
  MITRE:18621  oval:org.mitre.oval:def:18621: Apache Subversion vulnerability from 1.7.0 through 1.7.10 and from 1.8.x before 1.8.1 in VisualSVN Server
  MITRE:19039  oval:org.mitre.oval:def:19039: OpenSSL vulnerability before 1.0.0c in VisualSVN Server
  MITRE:19081  oval:org.mitre.oval:def:19081: OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d in VisualSVN Server
  MITRE:18868  oval:org.mitre.oval:def:18868: OpenSSL vulnerability 1.0.1 before 1.0.1d in VisualSVN Server
  MITRE:18980  oval:org.mitre.oval:def:18980: Apache Subversion vulnerability 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 in VisualSVN Server
  MITRE:18154  oval:org.mitre.oval:def:18154: Apache HTTP vulnerability before 2.2.21 in VisualSVN Server
  MITRE:18922  oval:org.mitre.oval:def:18922: Apache Subversion vulnerability before 1.6.17 in VisualSVN Server
  MITRE:19016  oval:org.mitre.oval:def:19016: OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d in VisualSVN Server
  MITRE:18788  oval:org.mitre.oval:def:18788: Apache Subversion vulnerability 1.7.0 through 1.7.8 in VisualSVN Server
  MITRE:19007  oval:org.mitre.oval:def:19007: Apache Subversion vulnerability 1.5.x before 1.5.8 and 1.6.x before 1.6.13 in VisualSVN Server
  MITRE:18538  oval:org.mitre.oval:def:18538: Apache Subversion vulnerability 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 in VisualSVN Server
  MITRE:18772  oval:org.mitre.oval:def:18772: Apache Subversion vulnerability 1.6.0 before 1.6.23 in VisualSVN Server
  MITRE:18889  oval:org.mitre.oval:def:18889: Apache Subversion vulnerability 1.5.x and 1.6.x before 1.6.17 in VisualSVN Server
  CVE-2013-5503  The UDP process in Cisco IOS XR 4.3.1 does not free packet memory upon detecting full packet queues, which allows remote attackers to cause a denial of service (memory consumption) via UDP packets to listening ports, aka Bug ID CSCue69413.

2013-09-30  CVE-2013-5516  The Media Snapshot implementation on Cisco TelePresence Multipoint Switch (CTMS) devices allows remote authenticated users to cause a denial of service (device reload) by sending many Media Snapshot requests at the time of a meeting termination, aka...

2013-09-27  MITRE:18997  oval:org.mitre.oval:def:18997: The iTunes ActiveX control in Apple iTunes before 11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site
  CVE-2013-5472  The NTP implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.1, and IOS XE 2.1 through 3.3, does not properly handle encapsulation of multicast NTP packets within MSDP SA messages, which allows remote attackers to cause a denial of...
  CVE-2013-5473  Memory leak in Cisco IOS 12.2, 15.1, and 15.2; IOS XE 3.4.2S through 3.4.5S; and IOS XE 3.6.xS before 3.6.1S allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed IKEv1 packets, aka Bug ID CSCtx66011.
  CVE-2013-5474  Race condition in the IPv6 virtual fragmentation reassembly (VFR) implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.3 allows remote attackers to cause a denial of service (device reload or hang) via fragmented IPv6 packets, aka Bug...
  CVE-2013-5475  Cisco IOS 12.2 through 12.4 and 15.0 through 15.3, and IOS XE 2.1 through 3.9, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets that are processed locally by a (1) server or (2) relay agent, aka Bug ID...
  CVE-2013-5476  The Zone-Based Firewall (ZFW) feature in Cisco IOS 15.1 through 15.2, when content filtering or HTTP ALG inspection is enabled, allows remote attackers to cause a denial of service (device reload or hang) via crafted IPv4 HTTP traffic, aka Bug ID...
  CVE-2013-5477  The T1/E1 driver-queue functionality in Cisco IOS 12.2 and 15.0 through 15.3, when an HDLC32 driver is used, allows remote attackers to cause a denial of service (interface queue wedge) via bursty network traffic, aka Bug ID CSCub67465.
  CVE-2013-5478  Cisco IOS 15.0 through 15.3 and IOS XE 3.2 through 3.8, when a VRF interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via crafted UDP RSVP packets, aka Bug ID CSCuf17023.
  CVE-2013-5479  The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCtn53730.
  CVE-2013-5480  The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCuf28733.
  CVE-2013-5481  The PPTP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted TCP port-1723 packets, aka Bug ID CSCtq14817.
  CVE-2013-5498  The PPTP-ALG component in CRS Carrier Grade Services Engine (CGSE) and ASR 9000 Integrated Service Module (ISM) in Cisco IOS XR allows remote attackers to cause a denial of service (module reset) via crafted packet streams, aka Bug ID CSCue91963.
  CVE-2013-5160  Passcode Lock in Apple iOS before 7.0.2 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by making a series of taps of the emergency-call button...
  CVE-2013-5161  Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened...

2013-09-19  CVE-2011-2391  The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets.
  CVE-2013-5154  The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a...
  CVE-2013-5155  The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random.
  CVE-2013-5156  The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct...
  CVE-2013-1121  The regex engine in the BGP implementation in Cisco NX-OS, when a complex regular expression is configured for inbound routes, allows remote attackers to cause a denial of service (device reload) via a crafted AS path set, aka Bug ID CSCuf49554.
  CVE-2013-0957  Data Protection in Apple iOS before 7 allows attackers to bypass intended limits on incorrect passcode entry, and consequently avoid a configured Erase Data setting, by leveraging the presence of an app in the third-party sandbox.
  CVE-2013-1036  Safari in Apple iOS before 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
  CVE-2013-1043  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1044  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1037  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1038  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1039  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1040  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1041  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1042  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1045  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1046  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-1047  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-5125  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-5126  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-5127  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-5128  WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
  CVE-2013-5129  Multiple cross-site scripting (XSS) vulnerabilities in WebKit in Apple iOS before 7 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation.
  CVE-2013-5131  Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
  CVE-2013-5137  IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API.
  CVE-2013-5138  IOCatalogue in IOKitUser in Apple iOS before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted application.
  CVE-2013-5139  The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds array access) via a crafted application.
  CVE-2013-5140  The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment.
  CVE-2013-5141  The kernel in Apple iOS before 7 uses an incorrect data size for a certain integer variable, which allows attackers to cause a denial of service (infinite loop and device hang) via a crafted application, related to an "integer...
  CVE-2013-5142  The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2) segctl API.
  CVE-2013-5145  kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message.
  CVE-2013-5147  Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of...
  CVE-2013-5149  The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that employs a crafted push-notification...
  CVE-2013-5150  The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation.
  CVE-2013-5151  Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file.
  CVE-2013-5152  Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site.
  CVE-2013-5153  Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors.
  CVE-2013-5157  The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests to the daemon.
  CVE-2013-5158  The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Twitter interaction via unspecified...
  CVE-2013-5159  WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element.

2013-09-16  CVE-2013-1025  Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document.
  CVE-2013-1026  Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document.
  CVE-2013-1028  The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive...
  CVE-2013-5496  Open Network Environment Platform (ONEP) in Cisco NX-OS allows remote authenticated users to cause a denial of service (network-element reload) via a crafted packet, aka Bug ID CSCui51551.

2013-09-13  CVE-2013-5649  Multiple cross-site scripting (XSS) vulnerabilities in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.1 before 7.1r15, 7.2 before 7.2r11, 7.3 before 7.3r6, and 7.4 before 7.4r3 allow (1) remote attackers to inject arbitrary...

2013-09-07  CVE-2013-3458  Cisco Adaptive Security Appliances (ASA) devices, when SMP is used, do not properly process X.509 certificates, which allows remote attackers to cause a denial of service (device crash) via a large volume of (1) SSL or (2) TLS traffic, aka Bug ID...

2013-08-30  CVE-2013-3474  The Web Administrator Interface on Cisco Wireless LAN Controller (WLC) devices allows remote authenticated users to cause a denial of service (device crash) by leveraging membership in the Full Manager managers group, Read Only managers group, or...
  CVE-2013-5469  The TCP implementation in Cisco IOS does not properly implement the transitions from the ESTABLISHED state to the CLOSED state, which allows remote attackers to cause a denial of service (flood of ACK packets) via a crafted series of ACK and FIN...

2013-08-29  CVE-2013-3463  The protocol-inspection feature on Cisco Adaptive Security Appliances (ASA) devices does not properly implement the idle timeout, which allows remote attackers to cause a denial of service (connection-table exhaustion) via crafted requests that use...
  CVE-2013-3470  The RIP process in Cisco IOS XR allows remote attackers to cause a denial of service (process crash) via a crafted version-2 RIP packet, aka Bug ID CSCue46731.
  CVE-2013-3472  Cross-site request forgery (CSRF) vulnerability in the Enterprise License Manager (ELM) in Cisco Unified Communications Manager (CM) allows remote attackers to hijack the authentication of arbitrary users for requests that make ELM modifications,...

2013-08-24  CVE-2013-3459  Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6a does not properly handle errors, which allows remote attackers to cause a denial of service (service disruption) via malformed registration messages, aka Bug ID CSCuf93466.
  CVE-2013-3460  Memory leak in Cisco Unified Communications Manager (Unified CM) 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(1) allows remote attackers to cause a denial of service (service disruption) via a high rate of UDP packets, aka...
  CVE-2013-3461  Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption,...
  CVE-2013-3462  Buffer overflow in Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6, 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(2) allows remote authenticated users to execute arbitrary code via unspecified...

2013-08-22  CVE-2013-3453  Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (memory and CPU consumption) by making many TCP...

2013-08-19  MITRE:18318  oval:org.mitre.oval:def:18318: Vulnerability in Active Directory Federation Services could allow information disclosure - MS13-066

2013-08-13  CVE-2013-3464  Cisco IOS XR allows local users to cause a denial of service (Silicon Packet Processor memory corruption, improper mutex handling, and device reload) by starting an outbound flood of large ICMP Echo Request packets and stopping this with a CTRL-C...

2013-08-12  CVE-2013-4806  The OSPF implementation on HP JD9##A routers; HP J4###A, J484#B, J8###A, JD3##A, JE###A, and JF55#A switches; HP 3COM routers and switches; and HP H3C routers and switches does not consider the possibility of duplicate Link State ID values in Link...

2013-08-08  CVE-2013-3454  Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices, has a default password for the pwrecovery account, which makes it easier for remote attackers to modify the...

2013-08-05  CVE-2013-3442  The web portal in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854.
  CVE-2013-3450  Cross-site request forgery (CSRF) vulnerability in the User WebDialer page in Cisco Unified Communications Manager (Unified CM) allows remote attackers to hijack the authentication of arbitrary users for requests that dial calls, aka Bug ID CSCui13028.
  CVE-2013-3451  Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Unified Communications Manager (Unified CM) allow remote attackers to hijack the authentication of arbitrary users for requests that perform arbitrary Unified CM operations, aka Bug...

2013-08-01  CVE-2012-5460  Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText...

2013-07-30  MITRE:17486  oval:org.mitre.oval:def:17486: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17384  oval:org.mitre.oval:def:17384: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:16762  oval:org.mitre.oval:def:16762: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17413  oval:org.mitre.oval:def:17413: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17530  oval:org.mitre.oval:def:17530: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17020  oval:org.mitre.oval:def:17020: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17269  oval:org.mitre.oval:def:17269: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:16903  oval:org.mitre.oval:def:16903: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17212  oval:org.mitre.oval:def:17212: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17161  oval:org.mitre.oval:def:17161: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17427  oval:org.mitre.oval:def:17427: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17544  oval:org.mitre.oval:def:17544: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17241  oval:org.mitre.oval:def:17241: WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly parse HTML elements associated with document namespaces, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory...
  MITRE:17458  oval:org.mitre.oval:def:17458: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17128  oval:org.mitre.oval:def:17128: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17441  oval:org.mitre.oval:def:17441: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17334  oval:org.mitre.oval:def:17334: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17204  oval:org.mitre.oval:def:17204: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:16879  oval:org.mitre.oval:def:16879: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17387  oval:org.mitre.oval:def:17387: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17304  oval:org.mitre.oval:def:17304: Buffer overflow in Apple iTunes before 4.8 allows remote attackers to execute arbitrary code via a crafted MPEG4 file
  MITRE:17199  oval:org.mitre.oval:def:17199: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17288  oval:org.mitre.oval:def:17288: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17368  oval:org.mitre.oval:def:17368: WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17246  oval:org.mitre.oval:def:17246: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17546  oval:org.mitre.oval:def:17546: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17365  oval:org.mitre.oval:def:17365: WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17605  oval:org.mitre.oval:def:17605: Apple iTunes before 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate
  MITRE:17127  oval:org.mitre.oval:def:17127: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
  MITRE:17264  oval:org.mitre.oval:def:17264: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17352  oval:org.mitre.oval:def:17352: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17163  oval:org.mitre.oval:def:17163: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17082  oval:org.mitre.oval:def:17082: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17300  oval:org.mitre.oval:def:17300: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17076  oval:org.mitre.oval:def:17076: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17133  oval:org.mitre.oval:def:17133: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:16780  oval:org.mitre.oval:def:16780: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:17207  oval:org.mitre.oval:def:17207: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:17366  oval:org.mitre.oval:def:17366: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17433  oval:org.mitre.oval:def:17433: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
  MITRE:16714  oval:org.mitre.oval:def:16714: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
  MITRE:16678  oval:org.mitre.oval:def:16678: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
  MITRE:17072  oval:org.mitre.oval:def:17072: WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly access glyph data during layout actions for floating blocks associated with pseudo-elements, which allows man-in-the-middle attackers to execute arbitrary code or...