GNU Bash through 4.3 processes trailing strings after function definitions in the values of env…

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterminist…

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle …

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI scrip…

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and…

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before…

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function def…

Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12…

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting …

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain config…

Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation …

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout fo…

Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Up…

Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x bef…

Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .…

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has …

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec app…

When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.…

DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a c…

Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via…

Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementat…

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 u…

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of …

An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege…

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and J…

A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vul…

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libre…

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider me…

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to rece…

A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this v…

Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow re…

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of …

Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is …

Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote …

Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of…

Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonk…

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header inf…

The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunde…

Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free …

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS …