Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted Ope...

Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language inf...

In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner.

In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner.

LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value.

An issue was discovered in SageCRM 7.x before 7.3 SP3. The Component Manager functionality, provided by SageCRM, permits additional components to be added to the application to enhance provided functi...

The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows a rename attack that bypasses a "safe file extension" protection mechanism, leading to remote code execution.

Open-Xchange GmbH OX App Suite 7.8.3 is affected by: Incorrect Access Control.

Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Information Exposure.

The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print().

The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print().

The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().

The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().

An issue was discovered in Schneider Electric Tableau Server/Desktop Versions 7.0 to 10.1.3 in Wonderware Intelligence Versions 2014R3 and prior. These versions contain a system account that is instal...

An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An authentication bypass vulnerability has been identified. The existing file system architectur...

An Improper Neutralization of Special Elements (in an OS command) issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An improper neutralization of special elements vulnerab...

An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. An INFORMATION EXPOSURE flaw can be used to gain privileged access to the device.

An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Lack of authentication for remote service gives access to application set up and configuration.

An issue was discovered on Phoenix Contact mGuard devices that have been updated to Version 8.4.0. When updating an mGuard device to Version 8.4.0 via the update-upload facility, the update will succe...

An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL paramet...

An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack ...

An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. The access control flaw allows access to most application functions wit...

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Password is stored in clear text.

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Any user is able to disclose a password by accessing a specif...