Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code by leveraging an. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 88.7%.
Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.
Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.
Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.
Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.
The management interface in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway before X7.2.4, X8 before X8.1.2, and X8.2 before X8.2.2 and Cisco TelePresence Conductor before. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.
Integer overflow in Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.
Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code by leveraging an. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable.
The Session Description Protocol (SDP) implementation in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway before X8.2 and Cisco TelePresence Conductor before XC2.4 allows. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Race condition in the TLS implementation in MainApp in the management interface in Cisco Intrusion Prevention System (IPS) Software before 7.3(3)E4 allows remote attackers to cause a denial of. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.
Multiple untrusted search path vulnerabilities in (1) EQATEC.Analytics.Monitor.Win32_vc100.dll and (2) EQATEC.Analytics.Monitor.Win32_vc100-x64.dll in Telerik Analytics Monitor Library before 3.2.125. Rated medium severity (CVSS 6.9). No vendor patch available.
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF15 and 8.5.0 before CF05 allows remote attackers to hijack the authentication of arbitrary users for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.
Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass intended file-upload restrictions. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.
The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and earlier does not validate client certificates when "GnuTLSClientVerify require" is set, which allows remote attackers to spoof. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass the Same Origin Policy via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.
IBM WebSphere Commerce 7.0 Feature Pack 4 through 8 allows remote attackers to read arbitrary files and possibly obtain administrative privileges via an XML external entity declaration in conjunction. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF15 and 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.
Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix 5, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.
Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix 5, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.
Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager (RQM) 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.
Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager (RQM) 2.x and 3.x before 3.0.1.6 iFix 5, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.