Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and ...

Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.9 and 12.1.3.0 allows remote attackers to affect confidentiality via vectors related to SSL/TLS Module.

Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality vi...

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attac...

Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect confidentiality via vectors re...

IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer hea...

IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x before 8.0.0.13, 8.5.0.x before 8.5.5.10, 8.5.0.x and 16.0.0.x Liberty before Liberty Fix Pack 16.0.0.3, and 9.0.0.x before 9.0.0.1 ...

IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 does not require SSL, which allows remote attackers to obtain sensitive cleartext information by sniffing the network.

IBM BigFix Remote Control before 9.1.3 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP.

IBM BigFix Remote Control before 9.1.3 does not properly set the default encryption strength, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the n...

IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 does not properly encrypt data, which makes it easier for remote attackers to obtain ...

CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP header...

CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XS...

ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clock...

Cisco FireSIGHT System Software 6.1.0 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to enumerate valid usernames by measuring timing diff...

NTT Data TERASOLUNA Server Framework for Java(WEB) 2.0.0.1 through 2.0.6.1, as used in Fujitsu Interstage Business Application Server and other products, allows remote attackers to bypass a file-exten...

CRLF injection vulnerability in the on_req function in lib/handler/redirect.c in H2O before 1.6.2 and 1.7.x before 1.7.0-beta3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP...

In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other par...

Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks.

The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for ...

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via vectors related to Core Compone...

Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 12.1.2.0 allows remote attackers to affect confidentiality via vectors related to OSSL Module.

IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3, when the installation lacks a default error page, allows remote attackers to obtain sensitive information by triggering an exception.

IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 b...