Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 104477.

main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods.

Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104222, 104910, 105071, and 105175.

Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103997, 104413, 104414, 104777, and 104791.

Buffer overflow in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors.

Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103956, 103995, 104475, 104838, and 104839.

Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive kernel address information via unspecified vectors.

Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive information from kernel memory via unspecified vectors.

Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code by overwriting a function pointer.

Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the check_ajax_referer function, a related issue to CVE-2016-6896.