Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decr...

A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A function reads a packet to indicate the next packet length. The next packet length is not verified, allowi...

In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication wh...

A vulnerability in the Open Agent Container (OAC) feature of Cisco Nexus Series Switches could allow an unauthenticated, local attacker to read and send packets outside the scope of the OAC. The vulne...

A vulnerability in motherboard console ports of line cards for Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical a...

An exploitable improper authorization vulnerability exists in miner_setGasPrice API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to ...

An exploitable improper authorization vulnerability exists in miner_setEtherbase API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to...

An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. An incomplete firmware signature allows a local attacker to upgrade the equipment (kernel, file sy...

Buffer overflow in CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary code via unspecified vectors.

CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.

Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an attacker to execute arbitrary OS commands via unspecified vectors.

The lockscreen on Elephone P9000 devices (running Android 6.0) allows physically proximate attackers to bypass a wrong-PIN lockout feature by pressing backspace after each PIN guess.

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Difficult to exploit vulnerability ...

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded...

Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Forgot Password). Supported versions that are affected are 12.0.2 and 12.0.3. Eas...

Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Web Client). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerabi...

Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery (CSRF) attack on the uploader contained in Mahara's filebrowser widget. T...

A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-35195787. References: B-RB#120532.

A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-34973477. References: B-RB#119898.

Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors.

An issue was discovered in Emerson DeltaV Easy Security Management DeltaV V12.3, DeltaV V12.3.1, and DeltaV V13.3. Critical vulnerabilities may allow a local attacker to elevate privileges within the ...

An issue was discovered in Tesla Motors Model S automobile, all firmware versions before version 7.1 (2.36.31) with web browser functionality enabled. The vehicle's Gateway ECU is susceptible to comma...

Incorrect access control mechanisms in Citrix Receiver Desktop Lock 4.5 allow an attacker to bypass the authentication requirement by leveraging physical access to a VDI for temporary disconnection of...

drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets.