Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage migration between domains, which allows remote authenticated users to cause a denial of service (prevent host start) by creating a long snapshot chain.

Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files in the directory.

Cross-site request forgery (CSRF) vulnerability in the user portal in Dell SonicWALL Secure Remote Access (SRA) products with firmware before 7.5.1.0-38sv and 8.x before 8.0.0.1-16sv allows remote attackers to hijack the authentication of users for requests that create bookmarks via a crafted request to cgi-bin/editBookmark.

The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.

Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors.

The Framework Daemon in AlienVault Unified Security Management before 4.15 allows remote attackers to execute arbitrary Python code via a crafted plugin configuration file (.cfg).

Samsung Security Manager (SSM) before 1.31 allows remote attackers to execute arbitrary code by uploading a file with an HTTP (1) PUT or (2) MOVE request.

Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted GIF in a PDF file.

Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via vectors related to digital signatures.