The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshak...
drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, which allows attackers to gain privileges or c...
Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3 through 184.108.40.206, 7.0.x through 220.127.116.11, 7.5.x through 18.104.22.168, 8.0.x before 22.214.171.124, and 8.5.x before 126.96.36.199 allows remote authenticated users to inject arbitrary web script or HTML vi...
The Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x through 188.8.131.52, 7.0.x through 184.108.40.206, 7.5.x through 220.127.116.11, 8.0.x before 18.104.22.168, and 8.5.x before 22.214.171.124 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture ...