Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of reputation data.
The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure.
A IBM Spectrum Protect 7.l client backup or archive operation running for an HP-UX VxFS object is silently skipping Access Control List (ACL) entries from backup or archive if there are more than twel...
Apple Safari before 9.1 allows remote attackers to spoof the user interface via a web page that places text in a crafted context, leading to unintended use of that text within a Safari dialog.
Microsoft Internet Explorer 9 through 11 and Microsoft Edge misparse HTTP responses, which allows remote attackers to spoof web sites via a crafted URL, aka "Microsoft Browser Spoofing Vulnerability."
WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles attachment URLs, which makes it easier for remote web servers to track users via unspecified vectors.
Google Chrome prior to 55.0.2883.75 for Windows mishandled downloaded files, which allowed a remote attacker to prevent the downloaded file from receiving the Mark of the Web via a crafted HTML page.