Search
Total
3527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0845 | 1 Ibm | 2 Rational Doors Next Generation, Rational Requirements Composer | 2017-08-29 | 4.9 MEDIUM | N/A |
| Open redirect vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. | |||||
| CVE-2014-3338 | 1 Cisco | 1 Unified Communications Manager | 2017-08-29 | 8.5 HIGH | N/A |
| The CTIManager module in Cisco Unified Communications Manager (CM) 10.0(1), when single sign-on is enabled, does not properly validate Kerberos SSO tokens, which allows remote authenticated users to gain privileges and execute arbitrary commands via crafted token data, aka Bug ID CSCum95491. | |||||
| CVE-2014-3343 | 1 Cisco | 1 Ios Xr | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (DHCPv6 daemon crash) via a malformed DHCPv6 packet, aka Bug ID CSCuo59052. | |||||
| CVE-2014-3346 | 1 Cisco | 1 Transport Gateway Installation Software | 2017-08-29 | 6.3 MEDIUM | N/A |
| The web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) does not validate an unspecified parameter, which allows remote authenticated users to cause a denial of service (service crash) via a crafted string, aka Bug ID CSCuq31819. | |||||
| CVE-2014-3348 | 1 Cisco | 8 Integrated Management Controller, Unified Computing System E140d, Unified Computing System E140dp and 5 more | 2017-08-29 | 5.0 MEDIUM | N/A |
| The SSH module in the Integrated Management Controller (IMC) before 2.3.1 in Cisco Unified Computing System on E-Series blade servers allows remote attackers to cause a denial of service (IMC hang) via a crafted SSH packet, aka Bug ID CSCuo69206. | |||||
| CVE-2014-3349 | 1 Cisco | 1 Cloud Portal | 2017-08-29 | 4.0 MEDIUM | N/A |
| Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not validate file types during the handling of file submission, which allows remote authenticated users to upload arbitrary files via a crafted request, aka Bug ID CSCuh87410. | |||||
| CVE-2014-0677 | 1 Cisco | 1 Nx-os | 2017-08-29 | 5.0 MEDIUM | N/A |
| The Label Distribution Protocol (LDP) functionality in Cisco NX-OS allows remote attackers to cause a denial of service (temporary LDP session outage) via LDP discovery traffic containing malformed Hello messages, aka Bug ID CSCul88851. | |||||
| CVE-2014-3352 | 1 Cisco | 1 Cloud Portal | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) 2008.3_SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, related to an "iFrame vulnerability," aka Bug ID CSCuh84801. | |||||
| CVE-2014-3354 | 1 Cisco | 2 Ios, Ios Xe | 2017-08-29 | 7.8 HIGH | N/A |
| Cisco IOS 12.0, 12.2, 12.4, 15.0, 15.1, 15.2, and 15.3 and IOS XE 2.x and 3.x before 3.7.4S; 3.2.xSE and 3.3.xSE before 3.3.2SE; 3.3.xSG and 3.4.xSG before 3.4.4SG; and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allow remote attackers to cause a denial of service (device reload) via malformed RSVP packets, aka Bug ID CSCui11547. | |||||
| CVE-2014-0656 | 1 Cisco | 1 Context Directory Agent | 2017-08-29 | 4.0 MEDIUM | N/A |
| Cisco Context Directory Agent (CDA) allows remote authenticated users to trigger the omission of certain user-interface data via crafted field values, aka Bug ID CSCuj45353. | |||||
| CVE-2014-0655 | 1 Cisco | 1 Adaptive Security Appliance | 2017-08-29 | 4.3 MEDIUM | N/A |
| The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to change the user-cache contents via a replay attack involving crafted RADIUS Change of Authorization (CoA) messages, aka Bug ID CSCuj45332. | |||||
| CVE-2014-3376 | 1 Cisco | 1 Ios Xr | 2017-08-29 | 5.0 MEDIUM | N/A |
| Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed RSVP packet, aka Bug ID CSCuq12031. | |||||
| CVE-2014-0654 | 1 Cisco | 1 Context Directory Agent | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cisco Context Directory Agent (CDA) allows remote attackers to modify the cache via a replay attack involving crafted RADIUS accounting messages, aka Bug ID CSCuj45383. | |||||
| CVE-2014-0653 | 1 Cisco | 1 Adaptive Security Appliance | 2017-08-29 | 4.3 MEDIUM | N/A |
| The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to trigger authentication-state modifications via a crafted NetBIOS logout probe response, aka Bug ID CSCuj45340. | |||||
| CVE-2014-3377 | 1 Cisco | 1 Ios Xr | 2017-08-29 | 4.0 MEDIUM | N/A |
| snmpd in Cisco IOS XR 5.1 and earlier allows remote authenticated users to cause a denial of service (process reload) via a malformed SNMPv2 packet, aka Bug ID CSCun67791. | |||||
| CVE-2014-3378 | 1 Cisco | 1 Ios Xr | 2017-08-29 | 5.0 MEDIUM | N/A |
| tacacsd in Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed TACACS+ packet, aka Bug ID CSCum00468. | |||||
| CVE-2013-5462 | 1 Ibm | 1 Content Navigator | 2017-08-29 | 4.3 MEDIUM | N/A |
| IBM/ECMClient/configure/explodedformat/navigator/header.jsp in IBM Content Navigator 2.0.0, 2.0.1 before 2.0.1.2-ICN-FP002, and 2.0.2 before 2.0.2.1-ICN-FP001 allows remote attackers to conduct clickjacking attacks via vectors involving FRAME elements. | |||||
| CVE-2013-3030 | 1 Ibm | 1 Cognos Business Intelligence | 2017-08-29 | 5.0 MEDIUM | N/A |
| The servlet gateway in IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote attackers to cause a denial of service (temporary gateway outage) via crafted HTTP requests. | |||||
| CVE-2013-3036 | 1 Ibm | 1 Rational Requirements Composer | 2017-08-29 | 4.9 MEDIUM | N/A |
| Open redirect vulnerability in IBM Rational Requirements Composer before 4.0.4 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. | |||||
| CVE-2013-3045 | 1 Ibm | 1 Lotus Sametime | 2017-08-29 | 3.5 LOW | N/A |
| The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to share crafted links via the Library function. | |||||
| CVE-2013-2992 | 1 Ibm | 1 Websphere Commerce | 2017-08-29 | 4.3 MEDIUM | N/A |
| The Search component in IBM WebSphere Commerce 7.0 FP4 through FP6, in certain search-term association configurations, allows remote attackers to cause a denial of service via a crafted query. | |||||
| CVE-2013-3443 | 1 Cisco | 1 Wide Area Application Services | 2017-08-29 | 10.0 HIGH | N/A |
| The web service framework in Cisco WAAS Software 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1 in a Central Manager (CM) configuration allows remote attackers to execute arbitrary code via a crafted POST request, aka Bug ID CSCuh26626. | |||||
| CVE-2013-3594 | 1 Dell | 3 Powerconnect 3348, Powerconnect 3524p, Powerconnect 5324 | 2017-08-29 | 10.0 HIGH | N/A |
| The SSH service on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote attackers to cause a denial of service (device reset) or possibly execute arbitrary code by sending many packets to TCP port 22. | |||||
| CVE-2013-2961 | 1 Ibm | 2 Application Manager For Smart Business, Tivoli Monitoring | 2017-08-29 | 4.3 MEDIUM | N/A |
| The internal web server in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business (formerly Tivoli Foundations Application Manager) 1.2.1 before 1.2.1.0-TIV-IAMSB-FP0004 and other products, allows remote attackers to perform unspecified redirection of HTTP requests, and bypass the proxy-server configuration, via crafted HTTP traffic. | |||||
| CVE-2013-3595 | 1 Dell | 3 Powerconnect 3348, Powerconnect 3524p, Powerconnect 5324 | 2017-08-29 | 6.8 MEDIUM | N/A |
| The OpenManage web application 2.5 build 1.19 on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote authenticated users to cause a denial of service (device reset) via a direct request to an unspecified OSPF URL. | |||||
| CVE-2013-3606 | 1 Dell | 3 Powerconnect 3348, Powerconnect 3524p, Powerconnect 5324 | 2017-08-29 | 7.8 HIGH | N/A |
| The login page in the GoAhead web server on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote attackers to cause a denial of service (device outage) via a long username. | |||||
| CVE-2013-3980 | 1 Ibm | 1 Sametime | 2017-08-29 | 5.0 MEDIUM | N/A |
| The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to cause a denial of service (room unusability) by generating a large number of fictitious users to enter a meeting room. | |||||
| CVE-2013-3983 | 1 Ibm | 1 Sametime | 2017-08-29 | 7.5 HIGH | N/A |
| The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not validate URLs in Cookie headers before using them in redirects, which has unspecified impact and remote attack vectors. | |||||
| CVE-2013-3988 | 1 Ibm | 1 Sametime | 2017-08-29 | 6.8 MEDIUM | N/A |
| The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||||
| CVE-2013-3996 | 1 Ibm | 1 Infosphere Biginsights | 2017-08-29 | 4.9 MEDIUM | N/A |
| IBM InfoSphere BigInsights 1.1 through 2.1 does not properly handle FRAME elements, which makes it easier for remote authenticated users to conduct phishing attacks via a crafted web site. | |||||
| CVE-2013-3997 | 1 Ibm | 1 Infosphere Biginsights | 2017-08-29 | 4.9 MEDIUM | N/A |
| Open redirect vulnerability in the Web Application Enterprise Console in IBM InfoSphere BigInsights 1.1 and 2.x before 2.1 FP2 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2013-4032 | 1 Ibm | 1 Db2 | 2017-08-29 | 5.0 MEDIUM | N/A |
| The Fast Communications Manager (FCM) in IBM DB2 Enterprise Server Edition and Advanced Enterprise Server Edition 10.1 before FP3 and 10.5, when a multi-node configuration is used, allows remote attackers to cause a denial of service via vectors involving arbitrary data. | |||||
| CVE-2013-4046 | 1 Ibm | 1 Spss Collaboration And Deployment Services | 2017-08-29 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2013-4053 | 1 Ibm | 2 Websphere Application Server, Websphere Application Server Feature Pack For Web Services | 2017-08-29 | 6.8 MEDIUM | N/A |
| The WS-Security implementation in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1, and WAS Feature Pack for Web Services 6.1 before 6.1.0.47, when a trust store is configured for XML Digital Signatures, does not properly verify X.509 certificates, which allows remote attackers to obtain privileged access via unspecified vectors. | |||||
| CVE-2013-4066 | 1 Ibm | 1 Infosphere Information Server | 2017-08-29 | 4.3 MEDIUM | N/A |
| IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to conduct clickjacking attacks by creating an overlay interface on top of the Web Console interface. | |||||
| CVE-2013-4129 | 1 Linux | 1 Linux Kernel | 2017-08-29 | 4.7 MEDIUM | N/A |
| The bridge multicast implementation in the Linux kernel through 3.10.3 does not check whether a certain timer is armed before modifying the timeout value of that timer, which allows local users to cause a denial of service (BUG and system crash) via vectors involving the shutdown of a KVM virtual machine, related to net/bridge/br_mdb.c and net/bridge/br_multicast.c. | |||||
| CVE-2013-4373 | 1 Redhat | 1 Jboss Operations Network | 2017-08-29 | 3.2 LOW | N/A |
| The storeFiles method in JPADriftServerBean in Red Hat JBoss Operations Network (JON) 3.1.2 allows local users to load arbitrary drift files into a server by writing the files to the temporary directory that is used to unpack zip files. | |||||
| CVE-2013-4551 | 1 Xen | 1 Xen | 2017-08-29 | 5.7 MEDIUM | N/A |
| Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not properly check the emulation paths for (1) VMLAUNCH and (2) VMRESUME, which allows local HVM guest users to cause a denial of service (host crash) via unspecified vectors related to "guest VMX instruction execution." | |||||
| CVE-2013-4912 | 1 Siemens | 1 Wincc | 2017-08-29 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks by leveraging improper configuration of SIMATIC HMI panels by the WinCC product. | |||||
| CVE-2013-5431 | 1 Ibm | 2 Tivoli Federated Identity Manager, Tivoli Federated Identity Manager Business Gateway | 2017-08-29 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.1.1 before IF 15, 6.2.0 before IF 14, 6.2.1, and 6.2.2 before IF 8 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1 before IF 15, 6.2.0 before IF 14, 6.2.1, and 6.2.2 before IF 8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2013-5394 | 1 Ibm | 1 Websphere Extreme Scale | 2017-08-29 | 4.9 MEDIUM | N/A |
| The monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 allows remote authenticated users to conduct phishing attacks via unspecified vectors. | |||||
| CVE-2013-5407 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2017-08-29 | 4.9 MEDIUM | N/A |
| IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not properly restrict use of FRAME elements, which allows remote authenticated users to bypass intended access restrictions or obtain sensitive information via a crafted web site, related to a "frame injection" issue. | |||||
| CVE-2013-5411 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2017-08-29 | 4.3 MEDIUM | N/A |
| IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote attackers to inject links and trigger unintended navigation or actions via unspecified vectors. | |||||
| CVE-2013-2994 | 1 Ibm | 1 Websphere Commerce | 2017-08-29 | 6.4 MEDIUM | N/A |
| IBM WebSphere Commerce 7.0 Feature Pack 4 and Feature Pack 5 incorrectly maintains a valid session after unspecified interaction with REST services, which allows remote attackers to issue REST requests in the context of an arbitrary user's active session via unknown vectors. | |||||
| CVE-2013-5523 | 1 Cisco | 1 Identity Services Engine Software | 2017-08-29 | 4.3 MEDIUM | N/A |
| The Sponsor Portal in Cisco Identity Services Engine (ISE) 1.2 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCui82666. | |||||
| CVE-2013-5488 | 1 Cisco | 4 Prime Lan Management Solution, Security Manager, Unified Operations Manager and 1 more | 2017-08-29 | 5.0 MEDIUM | N/A |
| Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, and Cisco Unified Operations Manager, does not properly interact with the ActiveMQ component, which allows remote attackers to cause a denial of service (memory consumption) via simultaneous TCP sessions, aka Bug IDs CSCuh54766, CSCuh01267, CSCuh95976, and CSCuh95969. | |||||
| CVE-2013-5498 | 1 Cisco | 1 Ios Xr | 2017-08-29 | 5.0 MEDIUM | N/A |
| The PPTP-ALG component in CRS Carrier Grade Services Engine (CGSE) and ASR 9000 Integrated Service Module (ISM) in Cisco IOS XR allows remote attackers to cause a denial of service (module reset) via crafted packet streams, aka Bug ID CSCue91963. | |||||
| CVE-2013-5527 | 1 Cisco | 2 Ios, Ios Xe | 2017-08-29 | 5.7 MEDIUM | N/A |
| The OSPF functionality in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted options in an LSA type 11 packet, aka Bug ID CSCui21030. | |||||
| CVE-2013-1952 | 1 Xen | 1 Xen | 2017-08-29 | 1.9 LOW | N/A |
| Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, does not properly check the source when accessing a bridge device's interrupt remapping table entries for MSI interrupts, which allows local guest domains to cause a denial of service (interrupt injection) via unspecified vectors. | |||||
| CVE-2013-5650 | 1 Juniper | 2 Junos Pulse Access Control Service, Junos Pulse Secure Access Service | 2017-08-29 | 5.4 MEDIUM | N/A |
| Junos Pulse Secure Access Service (IVE) 7.1 before 7.1r5, 7.2 before 7.2r10, 7.3 before 7.3r6, and 7.4 before 7.4r3 and Junos Pulse Access Control Service (UAC) 4.1 before 4.1r8.1, 4.2 before 4.2r5, 4.3 before 4.3r6 and 4.4 before 4.4r3, when a hardware SSL acceleration card is enabled, allows remote attackers to cause a denial of service (device hang) via a crafted packet. | |||||