Recent

VulDB is the number 1 vulnerability database documenting more than 89000 vulnerabilities since 1979. A team of experts is looking for newly disclosed vulnerabilities on a daily basis. After the analysis of the technical capabilities the issue is documented in the database. This kind makes it possible for administrators and security experts to deal with the fast moving vulnerability market. The following list shows the latest entries.

Total: 89731
Recent: 25 (24 hours)
Updates: 223 (24 hours)

08/25/2016 Micro Focus Novell Groupwise WebAccess/Post Office Agent Heap-based buffer

A vulnerability was found in Micro Focus Novell Groupwise up to 2014 R2 Service Pack 1. It has been rated as critical. This issue affects an unknown function of the component WebAccess/Post Office Agent. Applying the patch 2014 R2 Service Pack 1 Hot Patch 1 is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability.
79.8% complete

08/25/2016 Micro Focus Novell Groupwise Email Persistent cross site scripting

A vulnerability was found in Micro Focus Novell Groupwise up to 2014 R2 Service Pack 1. It has been declared as problematic. This vulnerability affects an unknown function of the component Email. Applying the patch 2014 R2 Service Pack 1 Hot Patch 1 is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability.
81.8% complete

08/25/2016 Micro Focus Novell Groupwise Administrator Console Reflected cross site

A vulnerability was found in Micro Focus Novell Groupwise up to 2014 R2 Service Pack 1. It has been classified as problematic. This affects an unknown function of the component Administrator Console. Applying the patch 2014 R2 Service Pack 1 Hot Patch 1 is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability.
81.3% complete

08/25/2016 Kaspersky Safe Browser iOS X.509 Certificate Handler weak authentication

A vulnerability was found in Kaspersky Safe Browser iOS up to 1.6.x and classified as critical. Affected by this issue is an unknown function of the component X.509 Certificate Handler. Upgrading to version 1.7.0 eliminates this vulnerability.
72.2% complete

08/25/2016 D-Link DIR-800 Session Cookie Handler Login buffer overflow

A vulnerability has been found in D-Link DIR-800 (the affected version is unknown) and classified as critical. Affected by this vulnerability is an unknown function of the file dws/api/Login of the component Session Cookie Handler. Upgrading eliminates this vulnerability.
71.7% complete

08/25/2016 UltraVNC Repeater Redirect privilege escalation [CVE-2016-5673]

A vulnerability, which was classified as critical, was found in UltraVNC Repeater. Affected is an unknown function. Upgrading to version 1300 eliminates this vulnerability.
71.2% complete

08/25/2016 RoundCube Webmail cross site request forgery [CVE-2016-4069]

A vulnerability, which was classified as problematic, has been found in RoundCube Webmail up to 1.1.4. This issue affects an unknown function. Upgrading to version 1.1.5 eliminates this vulnerability.
71.2% complete

08/25/2016 Apple iOS Kernel Trident information disclosure

A vulnerability was found in Apple iOS up to 9.3.4. It has been rated as problematic. Affected by this issue is an unknown function of the component Kernel. Upgrading to version 9.3.5 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
83.8% complete

08/25/2016 Apple iOS WebKit Trident buffer overflow

A vulnerability classified as critical was found in Apple iOS up to 9.3.4. This vulnerability affects an unknown function of the component WebKit. Upgrading to version 9.3.5 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
83.8% complete

08/25/2016 Apple iOS Kernel Trident buffer overflow

A vulnerability classified as critical has been found in Apple iOS up to 9.3.4. This affects an unknown function of the component Kernel. Upgrading to version 9.3.5 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
83.8% complete

08/23/2016 Alienvault USM/OSSIM reload.php cross site scripting

A vulnerability was found in Alienvault USM and OSSIM 5.2. It has been declared as problematic. Affected by this vulnerability is an unknown function of the file conf/reload.php. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
81.3% complete

08/24/2016 Cisco AnyConnect Secure Mobility Client INF File Handler privilege escalation

A vulnerability was found in Cisco AnyConnect Secure Mobility Client 4.2/4.3 on Windows. It has been classified as critical. Affected is an unknown function of the component INF File Handler. Upgrading to version 4.2.05015 or 4.3.02039 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
77.8% complete

08/25/2016 OpenSSL DTLS Replace Protection Sequence Number Handler denial of service

A vulnerability was found in OpenSSL (the affected version is unknown) and classified as problematic. This issue affects an unknown function of the component DTLS Replace Protection Sequence Number Handler. Upgrading eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published before and not just after the disclosure of the vulnerability.
76.8% complete

08/25/2016 OpenSSL DTLS Fragment Handler Memory denial of service

A vulnerability has been found in OpenSSL (the affected version is unknown) and classified as problematic. This vulnerability affects an unknown function of the component DTLS Fragment Handler. Upgrading eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published before and not just after the disclosure of the vulnerability.
78.3% complete

08/24/2016 OpenSSL 64-bit Block Cipher SWEET32 weak encryption

A vulnerability, which was classified as critical, was found in OpenSSL 1.0.1/1.0.2/1.1.0. This affects an unknown function of the component 64-bit Block Cipher. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
78.8% complete

08/22/2016 Splunk Redirect privilege escalation

A vulnerability, which was classified as critical, has been found in Splunk up to 6.4.2. Affected by this issue is an unknown function. Upgrading to version bis 5.0.16, 6.0.12, 6.1.11, 6.2.10, 6.3.6 or 6.4.3 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
76.3% complete

08/16/2016 OpenSSL bn_print.c BN_bn2dec denial of service

A vulnerability classified as problematic was found in OpenSSL (the affected version is unknown). Affected by this vulnerability is the function BN_bn2dec of the file crypto/bn/bn_print.c. Applying a patch is able to eliminate this problem. The bugfix is ready for download at git.openssl.org. A possible mitigation has been published immediately after the disclosure of the vulnerability.
79.8% complete

08/23/2016 VMware vRealize Automation privilege escalation [CVE-2016-5336]

A vulnerability classified as critical has been found in VMware vRealize Automation 7.0. Affected is an unknown function. Upgrading to version 7.1 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
75.8% complete

08/23/2016 VMware vRealize Automation/Identity Manager privilege escalation

A vulnerability was found in VMware vRealize Automation and Identity Manager 7.0. It has been rated as critical. This issue affects an unknown function. Upgrading to version 7.1 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
76.3% complete

08/17/2016 Microsoft Windows FON Font File Handler win32k.sys denial of service

A vulnerability was found in Microsoft Windows 7/8.1. It has been declared as problematic. This vulnerability affects an unknown function in the library win32k.sys of the component FON Font File Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
83.8% complete

08/24/2016 DotClear RSS Feed Handler Postscan privilege escalation

A vulnerability was found in DotClear 2.9.1. It has been classified as critical. This affects an unknown function of the component RSS Feed Handler. Upgrading to version 2.10 eliminates this vulnerability. A possible mitigation has been published even before and not after the disclosure of the vulnerability.
80.8% complete

08/24/2016 DotClear File Upload privilege escalation

A vulnerability was found in DotClear 2.9.1 and classified as critical. Affected by this issue is an unknown function of the component File Upload. Upgrading to version 2.10 eliminates this vulnerability. A possible mitigation has been published even before and not after the disclosure of the vulnerability.
77.3% complete

08/24/2016 DotClear ZIP Download Handler media.php privilege escalation

A vulnerability has been found in DotClear 2.9.1 and classified as critical. Affected by this vulnerability is an unknown function of the file /dotclear/admin/media.php of the component ZIP Download Handler. Upgrading to version 2.10 eliminates this vulnerability. A possible mitigation has been published even before and not after the disclosure of the vulnerability.
80.8% complete

08/24/2016 Watchguard Rapidstream ifconfig Command privilege escalation

A vulnerability, which was classified as problematic, was found in Watchguard Rapidstream (the affected version is unknown). Affected is an unknown function of the component ifconfig Command. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
69.7% complete

08/24/2016 Fortinet FortiOS Cookie Parser buffer overflow [CVE-2016-6909]

A vulnerability, which was classified as critical, has been found in Fortinet FortiOS up to 4.1.10/4.2.12/4.3.8. This issue affects an unknown function of the component Cookie Parser. Upgrading to version 4.1.11, 4.2.13 or 4.3.9 eliminates this vulnerability.
71.7% complete

08/24/2016 Moxa OnCell Config File Cleartext information disclosure

A vulnerability classified as problematic was found in Moxa OnCell (the affected version is unknown). This vulnerability affects an unknown function of the component Config File. Upgrading eliminates this vulnerability.
71.2% complete

08/24/2016 Moxa OnCell privilege escalation [CVE-2016-5799]

A vulnerability classified as critical has been found in Moxa OnCell (the affected version is unknown). This affects an unknown function. Upgrading eliminates this vulnerability.
70.7% complete

08/24/2016 ZModo ZP-NE14-S/ZP-IBH-13W weak authentication [CVE-2016-5650]

A vulnerability was found in ZModo ZP-NE14-S and ZP-IBH-13W (the affected version is unknown). It has been rated as critical. Affected by this issue is an unknown function. It is possible to mitigate the problem by applying the configuration setting .
70.7% complete

08/24/2016 Rockwell MicroLogix SNMP Service Default Credentials weak authentication

A vulnerability was found in Rockwell MicroLogix up to 1766-L32BXBA. It has been declared as critical. Affected by this vulnerability is an unknown function of the component SNMP Service. It is possible to mitigate the problem by applying the configuration setting .
72.2% complete

08/24/2016 ZModo ZP-NE14-S/ZP-IBH-13W Telnet Default Admin Password weak authentication

A vulnerability was found in ZModo ZP-NE14-S and ZP-IBH-13W (the affected version is unknown). It has been classified as very critical. Affected is an unknown function of the component Telnet. It is possible to mitigate the problem by applying the configuration setting .
71.7% complete

08/18/2016 ObiHai ObiPhone 1032/ObiPhone 1062 HTTP Header Handler NULL Pointer Dereference

A vulnerability was found in ObiHai ObiPhone 1032 and ObiPhone 1062 and classified as problematic. This issue affects an unknown function of the component HTTP Header Handler. Upgrading to version 5.0.0 Build 3497 eliminates this vulnerability.
82.3% complete

08/18/2016 ObiHai ObiPhone 1032/ObiPhone 1062 URL Handler obihai-xml denial of service

A vulnerability has been found in ObiHai ObiPhone 1032 and ObiPhone 1062 and classified as problematic. This vulnerability affects an unknown function of the file /obihai-xml of the component URL Handler. Upgrading to version 5.0.0 Build 3497 eliminates this vulnerability.
81.8% complete

08/18/2016 ObiHai ObiPhone 1032/ObiPhone 1062 Header Handler Segmentation Fault buffer

A vulnerability, which was classified as critical, was found in ObiHai ObiPhone 1032 and ObiPhone 1062. This affects an unknown function of the component Header Handler. Upgrading to version 5.0.0 Build 3497 eliminates this vulnerability.
81.3% complete

08/18/2016 ObiHai ObiPhone 1032/ObiPhone 1062 HTTP Digest Authentication Implementation

A vulnerability, which was classified as critical, has been found in ObiHai ObiPhone 1032 and ObiPhone 1062. Affected by this issue is an unknown function of the component HTTP Digest Authentication Implementation. Upgrading to version 5.0.0 Build 3497 eliminates this vulnerability.
80.8% complete

08/18/2016 ObiHai ObiPhone 1032/ObiPhone 1062 cross site request forgery

A vulnerability classified as critical was found in ObiHai ObiPhone 1032 and ObiPhone 1062. Affected by this vulnerability is an unknown function. Upgrading to version 5.0.0 Build 3497 eliminates this vulnerability.
76.3% complete

08/18/2016 ObiHai ObiPhone 1032/ObiPhone 1062 obiapp wifi buffer overflow

A vulnerability classified as critical has been found in ObiHai ObiPhone 1032 and ObiPhone 1062. Affected is an unknown function of the file /wifi of the component obiapp. Upgrading to version 5.0.0 Build 3497 eliminates this vulnerability.
81.8% complete

08/18/2016 ObiHai ObiPhone 1032/ObiPhone 1062 GET Request Handler strcpy denial of service

A vulnerability was found in ObiHai ObiPhone 1032 and ObiPhone 1062. It has been rated as critical. This issue affects the function strcpy of the component GET Request Handler. Upgrading to version 5.0.0 Build 3497 eliminates this vulnerability.
81.3% complete

08/18/2016 ObiHai ObiPhone 1032/ObiPhone 1062 WiFi Config wifi privilege escalation

A vulnerability was found in ObiHai ObiPhone 1032 and ObiPhone 1062. It has been declared as critical. This vulnerability affects an unknown function of the file /wifi of the component WiFi Config. Upgrading to version 5.0.0 Build 3497 eliminates this vulnerability.
82.3% complete

08/18/2016 ObiHai ObiPhone 1032/ObiPhone 1062 URL Handler free buffer overflow

A vulnerability was found in ObiHai ObiPhone 1032 and ObiPhone 1062. It has been classified as critical. This affects the function free of the component URL Handler. Upgrading to version 5.0.0 Build 3497 eliminates this vulnerability.
79.8% complete

08/17/2016 ownCloud Windows Client privilege escalation

A vulnerability was found in ownCloud Windows Client and classified as problematic. Affected by this issue is an unknown function of the file C:\usr\i686-w64-mingw32\sys-root\mingw\lib\qt5\plugins. Upgrading to version 2.2.3 eliminates this vulnerability. A possible mitigation has been published even before and not after the disclosure of the vulnerability.
75.3% complete

08/19/2016 SAP HANA information disclosure

A vulnerability has been found in SAP HANA (the affected version is unknown) and classified as problematic. Affected by this vulnerability is an unknown function. Upgrading eliminates this vulnerability. A possible mitigation has been published 4 months after the disclosure of the vulnerability.
75.3% complete

08/18/2016 Doorkeeper Gem OAuth Token Revocation Handler privilege escalation

A vulnerability, which was classified as critical, was found in Doorkeeper Gem up to 4.1.0. Affected is an unknown function of the component OAuth Token Revocation Handler. Upgrading to version 4.2.0 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published immediately after the disclosure of the vulnerability.
74.7% complete

08/22/2016 Jaws CMS cross site request forgery

A vulnerability, which was classified as problematic, has been found in Jaws CMS 1.1.1. This issue affects an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
76.8% complete

08/17/2016 phpCollab CMS edituser.php cross site request forgery

A vulnerability classified as problematic was found in phpCollab CMS 2.5. This vulnerability affects an unknown function of the file /phpcollab/users/edituser.php. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
76.8% complete

08/22/2016 AVS Audio Converter buffer overflow

A vulnerability classified as critical has been found in AVS Audio Converter 8.2.1. This affects an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
75.8% complete

08/16/2016 ISPConfig database_user_edit.php cross site scripting

A vulnerability was found in ISPConfig 3.0.5.4 p6. It has been rated as problematic. Affected by this issue is an unknown function of the file /sites/database_user_edit.php. The best possible mitigation is suggested to be Workaround.
77.3% complete

08/22/2016 WordPress privilege escalation [CVE-2016-6897]

A vulnerability was found in WordPress 4.5.3. It has been declared as critical. Affected by this vulnerability is an unknown function. Upgrading to version 4.6 eliminates this vulnerability. The upgrade is hosted for download at codex.wordpress.org. A possible mitigation has been published even before and not after the disclosure of the vulnerability.
77.3% complete

08/22/2016 WordPress ajax-actions.php wp_ajax_update_plugin() denial of service

A vulnerability was found in WordPress 4.5.3. It has been classified as problematic. Affected is the function wp_ajax_update_plugin() of the file ajax-actions.php. Upgrading to version 4.6 eliminates this vulnerability. The upgrade is hosted for download at codex.wordpress.org. A possible mitigation has been published even before and not after the disclosure of the vulnerability.
81.3% complete

08/23/2016 Cisco FirePOWER Management Center cross site scripting [CVE-2016-6365]

A vulnerability was found in Cisco FirePOWER Management Center up to 5.4.0 and classified as problematic. This issue affects an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
71.2% complete

08/22/2016 Cisco Transport Gateway Installation Software cross site scripting

A vulnerability has been found in Cisco Transport Gateway Installation Software 4.1(4.0) and classified as problematic. This vulnerability affects an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
71.2% complete