Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3190 | 1 Broadcom | 1 Igateway | 2021-04-09 | 7.5 HIGH | N/A |
| Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 before 4.0.050623, when running in debug mode, allows remote attackers to execute arbitrary code via HTTP GET requests. | |||||
| CVE-2007-5472 | 1 Broadcom | 1 Host-based Intrusion Prevention System | 2021-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Server component in CA Host-Based Intrusion Prevention System (HIPS) before 8.0.0.93 allows remote attackers to inject arbitrary web script or HTML via requests that are written to logs for later display in the log viewer. | |||||
| CVE-2007-6406 | 1 Broadcom | 1 Etrust Threat Management Console | 2021-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CA (formerly Computer Associates) eTrust Threat Management Console allow remote attackers to inject arbitrary web script or HTML via the IP Address field and other unspecified fields. | |||||
| CVE-2014-5214 | 1 Microfocus | 1 Access Manager | 2021-04-09 | 4.0 MEDIUM | N/A |
| nps/servlet/webacc in iManager in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated novlwww users to read arbitrary files via a query parameter containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2014-5215 | 1 Microfocus | 1 Access Manager | 2021-04-09 | 4.0 MEDIUM | N/A |
| NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated administrators to discover service-account passwords via a request to (1) roma/jsp/volsc/monitoring/dev_services.jsp or (2) roma/jsp/debug/debug.jsp. | |||||
| CVE-2014-5216 | 1 Microfocus | 1 Access Manager | 2021-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allow remote attackers to inject arbitrary web script or HTML via (1) the location parameter in a dev.Empty action to nps/servlet/webacc, (2) the error parameter to nidp/jsp/x509err.jsp, (3) the lang parameter to sslvpn/applet_agent.jsp, or (4) the secureLoggingServersA parameter to roma/system/cntl, a different issue than CVE-2014-9412. | |||||
| CVE-2014-5217 | 1 Microfocus | 1 Access Manager | 2021-04-09 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in nps/servlet/webacc in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.1 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via an fw.SetPassword action. | |||||
| CVE-2014-9412 | 1 Microfocus | 1 Access Manager | 2021-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.1 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter to roma/jsp/debug/debug.jsp or (2) an arbitrary parameter in a debug.DumpAll action to nps/servlet/webacc, a different issue than CVE-2014-5216. | |||||
| CVE-2005-2204 | 1 Broadcom | 1 Etrust Siteminder | 2021-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Computer Associates (CA) eTrust SiteMinder 5.5, when the "CSSChecking" parameter is set to "NO," allows remote attackers to inject arbitrary web script or HTML via the (1) PASSWORD or (2) BUFFER parameters to smpwservicescgi.exe, (3) the TARGET parameter to login.fcc, and possibly other vectors. | |||||
| CVE-2007-5923 | 1 Broadcom | 1 Etrust Siteminder | 2021-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in forms/smpwservices.fcc in CA (formerly Computer Associates) eTrust SiteMinder Agent allows remote attackers to inject arbitrary web script or HTML via the SMAUTHREASON parameter, a different vector than CVE-2005-2204. | |||||
| CVE-2006-4899 | 1 Broadcom | 1 Etrust Security Command Center | 2021-04-09 | 5.0 MEDIUM | N/A |
| The ePPIServlet script in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, when running on Windows, allows remote attackers to obtain the web server path via a "'" (single quote) in the PIProfile function, which leaks the path in an error message. | |||||
| CVE-2006-4900 | 1 Broadcom | 1 Etrust Security Command Center | 2021-04-09 | 5.5 MEDIUM | N/A |
| Directory traversal vulnerability in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, allows remote authenticated users to read and delete arbitrary files via ".." sequences in the eSCCAdHocHtmlFile parameter to eSMPAuditServlet, which is not properly handled by the getadhochtml function. | |||||
| CVE-2006-4901 | 1 Broadcom | 4 Etrust Audit Client, Etrust Audit Datatools, Etrust Audit Policy Manager and 1 more | 2021-04-09 | 6.4 MEDIUM | N/A |
| Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, and eTrust Audit 1.5 and r8, allows remote attackers to spoof alerts and conduct replay attacks by invoking eTSAPISend.exe with the desired arguments. | |||||
| CVE-2007-2522 | 1 Broadcom | 3 Antispyware For The Enterprise, Etrust Integrated Threat Management, Etrust Pestpatrol | 2021-04-09 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the inoweb Console Server in CA Anti-Virus for the Enterprise r8, Threat Manager r8, Anti-Spyware for the Enterprise r8, and Protection Suites r3 allows remote attackers to execute arbitrary code via a long (1) username or (2) password. | |||||
| CVE-2009-4225 | 1 Ca | 1 Etrust Pestpatrole Ppctl.dll Activex | 2021-04-09 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the PestPatrol ActiveX control (ppctl.dll) 5.6.7.9 in CA eTrust PestPatrol allows remote attackers to execute arbitrary code via a long argument to the Initialize method. | |||||
| CVE-2015-2944 | 1 Apache | 2 Sling Api, Sling Servlets Post | 2021-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to (1) org/apache/sling/api/servlets/HtmlResponse and (2) org/apache/sling/servlets/post/HtmlResponse. | |||||
| CVE-2005-0968 | 1 Broadcom | 1 Etrust Intrusion Detection | 2021-04-09 | 5.0 MEDIUM | N/A |
| Computer Associates (CA) eTrust Intrusion Detection 3.0 allows remote attackers to cause a denial of service via large size values that are not properly validated before calling the CPImportKey function in the Crypto API. | |||||
| CVE-2007-1005 | 2 Broadcom, Ca | 2 Etrust Intrusion Detection, Etrust Intrusion Detection | 2021-04-09 | 7.8 HIGH | N/A |
| Heap-based buffer overflow in SW3eng.exe in the eID Engine service in CA (formerly Computer Associates) eTrust Intrusion Detection 3.0.5.57 and earlier allows remote attackers to cause a denial of service (application crash) via a long key length value to the remote administration port (9191/tcp). | |||||
| CVE-2007-3302 | 2 Broadcom, Ca | 2 Etrust Intrusion Detection, Etrust Intrusion Detection | 2021-04-09 | 9.3 HIGH | N/A |
| The CallCode ActiveX control in caller.dll 3.0 before 20070713, and 3.0 SP1 before 3.0.5.81, in CA (formerly Computer Associates) eTrust Intrusion Detection allows remote attackers to load arbitrary DLLs on a client system, and execute code from these DLLs, via unspecified "scriptable functions." | |||||
| CVE-2007-5437 | 1 Broadcom | 1 Etrust Integrated Threat Management | 2021-04-09 | 5.8 MEDIUM | N/A |
| The web console in CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 allows remote attackers to redirect users to arbitrary web sites via a crafted HTTP URL on port 6689. | |||||
| CVE-2007-5439 | 1 Broadcom | 1 Etrust Integrated Threat Management | 2021-04-09 | 5.0 MEDIUM | N/A |
| CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 stores sensitive user information in log files with predictable names, which allows remote attackers to obtain this information via unspecified vectors. | |||||
| CVE-2000-0559 | 1 Broadcom | 1 Etrust Intrusion Detection | 2021-04-09 | 2.1 LOW | N/A |
| eTrust Intrusion Detection System (formerly SessionWall-3) uses weak encryption (XOR) to store administrative passwords in the registry, which allows local users to easily decrypt the passwords. | |||||
| CVE-2004-1149 | 1 Broadcom | 1 Etrust Ez Antivirus | 2021-04-09 | 7.2 HIGH | N/A |
| Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including 7.0.1.4, installs its files with insecure permissions (ACLs), which allows local users to gain privileges by replacing critical programs with malicious ones, as demonstrated using VetMsg.exe. | |||||
| CVE-2000-0762 | 2 Broadcom, Ca | 2 Etrust Access Control, Etrust Access Control | 2021-04-09 | 10.0 HIGH | N/A |
| The default installation of eTrust Access Control (formerly SeOS) uses a default encryption key, which allows remote attackers to spoof the eTrust administrator and gain privileges. | |||||
| CVE-2007-3695 | 1 Broadcom | 1 Erwin Process Modeler | 2021-04-09 | 10.0 HIGH | N/A |
| Buffer overflow in LICRCMD.EXE in CA ERwin Process Modeler (formerly AllFusion Process Modeler) 7.1 allows attackers to execute arbitrary code via a long filename. NOTE: the researcher does not suggest any circumstances in which the filename would come from an untrusted source, and therefore perhaps the issue does not cross privilege boundaries and should not be included in CVE. | |||||
| CVE-2004-2305 | 1 Broadcom | 1 Etrust Antivirus Ee | 2021-04-09 | 5.0 MEDIUM | N/A |
| Computer Associates eTrust Antivirus EE 6.0 through 7.0 allows remote attackers to bypass virus scanning by including a password-protected file in a ZIP file, which causes eTrust to scan only the password protected file and skip the other files. | |||||
| CVE-2005-3225 | 1 Broadcom | 2 Etrust Antivirus, Etrust Antivirus Iris Engine | 2021-04-09 | 5.1 MEDIUM | N/A |
| Multiple interpretation error in unspecified versions of (1) eTrust-Iris and (2) eTrust-Vet Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | |||||
| CVE-2005-3372 | 1 Broadcom | 1 Etrust Antivirus | 2021-04-09 | 5.1 MEDIUM | N/A |
| Multiple interpretation error in eTrust CA 7.0.1.4 with the 11.9.1 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | |||||
| CVE-2006-3975 | 1 Broadcom | 1 Etrust Antivirus Webscan | 2021-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in CA eTrust Antivirus WebScan allows remote attackers to execute arbitrary code due to "improper bounds checking when processing certain user input." | |||||
| CVE-2006-3976 | 1 Broadcom | 1 Etrust Antivirus Webscan | 2021-04-09 | 9.3 HIGH | N/A |
| Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0.1048 allows remote attackers to install arbitrary files. | |||||
| CVE-2006-3977 | 1 Broadcom | 1 Etrust Antivirus Webscan | 2021-04-09 | 9.3 HIGH | N/A |
| Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0.1048 has unknown impact and remote attackers related to "improper processing of outdated WebScan components." | |||||
| CVE-2007-3696 | 1 Broadcom | 1 Erwin Data Model Validator | 2021-04-09 | 7.8 HIGH | N/A |
| CA ERwin Data Model Validator (formerly AllFusion Data Model Validator) allows remote attackers to (1) cause a denial of service (application hang) via a malformed .EXP database file and (2) cause a denial of service (aaplication crash) via a crafted .EXP database file, which triggers a NULL dereference. | |||||
| CVE-2007-5435 | 1 Broadcom | 1 Erwin Process Modeler | 2021-04-09 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in CA ERwin Process Modeler (formerly AllFusion Process Modeler) 7.2 might allow user-assisted remote attackers to cause a denial of service via a crafted Data Standards File (Datatype Standards File). | |||||
| CVE-2008-5529 | 1 Microsoft | 1 Internet Explorer | 2021-04-09 | 9.3 HIGH | N/A |
| CA eTrust Antivirus 31.6.6086, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2007-1345 | 1 Broadcom | 1 Etrust Admin | 2021-04-09 | 4.1 MEDIUM | N/A |
| Unspecified vulnerability in cube.exe in the GINA component for CA (Computer Associates) eTrust Admin 8.1.0 through 8.1.2 allows attackers with physical interactive or Remote Desktop access to bypass authentication and gain privileges via the password reset interface. | |||||
| CVE-2014-8361 | 2 D-link, Realtek | 11 Dir-600l, Dir-600l Firmware, Dir-605l and 8 more | 2021-04-09 | 10.0 HIGH | N/A |
| The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request. | |||||
| CVE-2020-8626 | 2021-04-08 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. | |||||
| CVE-2020-8627 | 2021-04-08 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. | |||||
| CVE-2020-8628 | 2021-04-08 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. | |||||
| CVE-2020-8629 | 2021-04-08 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. | |||||
| CVE-2020-8630 | 2021-04-08 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. | |||||
| CVE-1999-0355 | 1 Broadcom | 1 Controlit | 2021-04-08 | 5.0 MEDIUM | N/A |
| Local or remote users can force ControlIT 4.5 to reboot or force a user to log out, resulting in a denial of service. | |||||
| CVE-2007-0449 | 1 Broadcom | 5 Brightstor Arcserve Backup Laptops Desktops, Brightstor Mobile Backup, Business Protection Suite and 2 more | 2021-04-08 | 10.0 HIGH | N/A |
| Multiple buffer overflows in LGSERVER.EXE in CA BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.1 SP1, Mobile Backup r4.0, Desktop and Business Protection Suite r2, and Desktop Management Suite (DMS) r11.0 and r11.1 allow remote attackers to execute arbitrary code via crafted packets to TCP port (1) 1900 or (2) 2200. | |||||
| CVE-2007-0672 | 2 Broadcom, Ca | 5 Brightstor Arcserve Backup Laptops Desktops, Business Protection Suite, Desktop Management Suite and 2 more | 2021-04-08 | 7.8 HIGH | N/A |
| LGSERVER.EXE in BrightStor Mobile Backup 4.0 allows remote attackers to cause a denial of service (disk consumption and daemon hang) via a value of 0xFFFFFF7F at a certain point in an authentication negotiation packet, which writes a large amount of data to a .USX file in CA_BABLDdata\Server\data\transfer\. | |||||
| CVE-2007-0673 | 2 Broadcom, Ca | 5 Brightstor Arcserve Backup Laptops Desktops, Business Protection Suite, Desktop Management Suite and 2 more | 2021-04-08 | 7.8 HIGH | N/A |
| LGSERVER.EXE in BrightStor ARCserve Backup for Laptops & Desktops r11.1 allows remote attackers to cause a denial of service (daemon crash) via a value of 0xFFFFFFFF at a certain point in an authentication negotiation packet, which results in an out-of-bounds read. | |||||
| CVE-2007-5003 | 2 Broadcom, Ca | 3 Brightstor Arcserve Backup Laptops Desktops, Desktop Management Suite, Protection Suites | 2021-04-08 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allow remote attackers to execute arbitrary code via a long (1) username or (2) password to the rxrLogin command in rxRPC.dll, or a long (3) username argument to the GetUserInfo function. | |||||
| CVE-2007-5004 | 2 Broadcom, Ca | 3 Brightstor Arcserve Backup Laptops Desktops, Desktop Management Suite, Protection Suites | 2021-04-08 | 9.3 HIGH | N/A |
| Integer overflow in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allows remote attackers to execute arbitrary code via a long username and a certain "useless" password. | |||||
| CVE-2007-5005 | 2 Broadcom, Ca | 3 Brightstor Arcserve Backup Laptops Desktops, Desktop Management Suite, Protection Suites | 2021-04-08 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in rxRPC.dll in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allows remote attackers to upload and overwrite arbitrary files via a ..\ (dot dot backslash) sequence in the destination filename argument to sub-function 8 in the rxrReceiveFileFromServer command. | |||||
| CVE-2007-5006 | 2 Broadcom, Ca | 3 Brightstor Arcserve Backup Laptops Desktops, Desktop Management Suite, Protection Suites | 2021-04-08 | 10.0 HIGH | N/A |
| Multiple command handlers in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 do not verify if a peer is authenticated, which allows remote attackers to add and delete users, and start client restores. | |||||
| CVE-2008-1328 | 2 Broadcom, Computer Associates | 3 Desktop Management Suite, Arcserve Backup Laptops And Desktops, Desktop Management Suite | 2021-04-08 | 9.3 HIGH | N/A |
| Buffer overflow in the LGServer service in CA ARCserve Backup for Laptops and Desktops r11.0 through r11.5, and Suite 11.1 and 11.2, allows remote attackers to execute arbitrary code via unspecified "command arguments." | |||||