From DHS/US-CERT's National Vulnerability Database
PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.
tp4a TELEPORT 3.1.0 allows XSS via the login page because a crafted username is mishandled when an administrator later views the system log.
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
The Bluetooth subsystem on Polycom Trio devices with software before 5.5.4 has Incorrect Access Control. An attacker can connect without authentication and subsequently record audio from the device microphone.
The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS.