Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-1125 | 1 Cisco | 10 Application Networking Manager, Context Directory Agent, Identity Services Engine Software and 7 more | 2013-02-20 | 6.8 MEDIUM | N/A |
| The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified Provisioning Manager, and Network Services Manager does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCue46001, CSCud95790, CSCue46021, CSCue46025, CSCue46023, CSCue46058, CSCue46013, CSCue46031, CSCue46035, and CSCue46042. | |||||
| CVE-2013-1129 | 1 Cisco | 1 Unity Connection | 2013-02-20 | 5.0 MEDIUM | N/A |
| Memory leak in Cisco Unity Connection 9.x allows remote attackers to cause a denial of service (memory consumption and process crash) by sending many TCP requests, aka Bug ID CSCud59736. | |||||
| CVE-2012-2960 | 1 Hp | 4 Arcsight Connector Appliance, Arcsight Connector Appliance Firmware, Arcsight Logger Appliance and 1 more | 2013-02-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the import functionality in HP ArcSight Connector appliance 6.2.0.6244.0 and ArcSight Logger appliance 5.2.0.6288.0 allows remote attackers to inject arbitrary web script or HTML via a crafted file. | |||||
| CVE-2012-5188 | 1 Labelgate | 1 Mora Downloader | 2013-02-19 | 10.0 HIGH | N/A |
| Untrusted search path vulnerability in mora Downloader before 1.0.0.1 allows remote attackers to trigger the launch of a .exe file via unspecified vectors. | |||||
| CVE-2012-5564 | 1 Google | 1 Android Debug Bridge | 2013-02-19 | 3.3 LOW | N/A |
| android-tools 4.1.1 in Android Debug Bridge (ADB) allows local users to overwrite arbitrary files via a symlink attack on /tmp/adb.log. | |||||
| CVE-2013-0658 | 1 Schneider-electric | 1 Accutech Manager | 2013-02-19 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in RFManagerService.exe in Schneider Electric Accutech Manager 2.00.1 and earlier allows remote attackers to execute arbitrary code via a crafted HTTP request. | |||||
| CVE-2013-0705 | 1 Lsi | 1 3ware Disk Manager | 2013-02-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in LSI 3ware Disk Manager (3DM) before 2 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2012-4351 | 1 Symantec | 2 Encryption Desktop, Pgp Desktop | 2013-02-18 | 6.9 MEDIUM | N/A |
| Integer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 allows local users to gain privileges via a crafted application. | |||||
| CVE-2012-4352 | 1 Stone-ware | 1 Webnetwork | 2013-02-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Stoneware webNetwork 6.1 before SP1 allow remote attackers to inject arbitrary web script or HTML via the blogName parameter to (1) community/blog.jsp or (2) community/blogSearch.jsp, the (3) calendarType or (4) monthNumber parameter to community/calendar.jsp, or the (5) flag parameter to swDashboard/ajax/setAppFlag.jsp. | |||||
| CVE-2013-1128 | 1 Cisco | 1 Unified Meetingplace | 2013-02-18 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the server in Cisco Unified MeetingPlace before 7.1(2.2000) allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuc64903. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-4694 | 1 Moxa | 2 Edr-g903, Edr G903 Firmware | 2013-02-15 | 7.6 HIGH | N/A |
| Moxa EDR-G903 series routers with firmware before 2.11 do not use a sufficient source of entropy for (1) SSH and (2) SSL keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere. | |||||
| CVE-2012-4701 | 1 Tridium | 1 Niagra Ax Framework | 2013-02-15 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and 3.7 allows remote attackers to read sensitive files, and consequently execute arbitrary code, by leveraging (1) valid credentials or (2) the guest feature. | |||||
| CVE-2012-4712 | 1 Moxa | 2 Edr-g903, Edr G903 Firmware | 2013-02-15 | 5.0 MEDIUM | N/A |
| Moxa EDR-G903 series routers with firmware before 2.11 have a hardcoded account, which allows remote attackers to obtain unspecified device access via unknown vectors. | |||||
| CVE-2013-0703 | 1 Big | 1 Imgboard | 2013-02-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in imgboard.com imgboard before 1.22R6.1 u and 20xx before 2010u allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-0704 | 1 Gree | 1 Gree | 2013-02-15 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in the GREE application before 1.3.3 for Android allows remote attackers to obtain sensitive information via a crafted URL, which is not properly handled during interaction with other applications. | |||||
| CVE-2013-1405 | 1 Vmware | 6 Esx, Esxi, Vcenter Server and 3 more | 2013-02-15 | 10.0 HIGH | N/A |
| VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |||||
| CVE-2012-5625 | 1 Openstack | 2 Folsom, Grizzly | 2013-02-15 | 4.3 MEDIUM | N/A |
| OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume (LV). | |||||
| CVE-2013-1402 | 1 Digitiliti | 1 Digilibe | 2013-02-15 | 5.0 MEDIUM | N/A |
| DigiLIBE 3.4 and possibly other versions sends a redirect but does not exit, which allows remote attackers to obtain sensitive configuration information via a direct request to configuration/general_configuration.html. | |||||
| CVE-2012-0278 | 1 Irfanview | 2 Flashpix Plugin, Irfanview | 2013-02-15 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the FlashPix PlugIn before 4.3.4.0 for IrfanView might allow remote attackers to execute arbitrary code via a .fpx file containing a crafted FlashPix image that is not properly handled during decompression. | |||||
| CVE-2011-4314 | 3 Kay Framework Project, Openid, Redhat | 3 Kay Framework, Openid4java, Jboss Enterprise Application Platform | 2013-02-15 | 5.8 MEDIUM | N/A |
| message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack. | |||||
| CVE-2012-6127 | 2013-02-14 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This was originally reported as an issue in jakarta-commons-httpclient involving wildcard matching in the SSL hostname verifier, but further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2013-0702 | 1 Cybozu | 1 Garoon | 2013-02-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 through 3.5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-0701 | 1 Cybozu | 1 Garoon | 2013-02-14 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in Cybozu Garoon 2.5.0 through 3.5.3 allows remote authenticated users to execute arbitrary SQL commands by leveraging a logging privilege. | |||||
| CVE-2013-1100 | 1 Cisco | 85 Catalyst 2820, Catalyst 2900, Catalyst 2900 Vlan and 82 more | 2013-02-14 | 5.4 MEDIUM | N/A |
| The HTTP server in Cisco IOS on Catalyst switches does not properly handle TCP socket events, which allows remote attackers to cause a denial of service (device crash) via crafted packets on TCP port (1) 80 or (2) 443, aka Bug ID CSCuc53853. | |||||
| CVE-2013-1111 | 1 Cisco | 2 Ata 187 Analog Telephone Adaptor, Ata 187 Analog Telephone Adaptor Firmware | 2013-02-14 | 9.0 HIGH | N/A |
| The Cisco ATA 187 Analog Telephone Adaptor with firmware 9.2.1.0 and 9.2.3.1 before ES build 4 does not properly implement access control, which allows remote attackers to execute operating-system commands via vectors involving a session on TCP port 7870, aka Bug ID CSCtz67038. | |||||
| CVE-2013-1114 | 1 Cisco | 1 Unity Express Software | 2013-02-14 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unity Express before 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud87527. | |||||
| CVE-2013-1131 | 1 Cisco | 1 Small Business Wireless Access Ppoints | 2013-02-14 | 6.4 MEDIUM | N/A |
| Cisco Small Business Wireless Access Points WAP200, WAP2000, WAP200E, and WET200 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SSID that is not properly handled during a site survey, aka Bug IDs CSCua86182, CSCua91196, CSCud36155, and CSCua86190. | |||||
| CVE-2012-4617 | 1 Cisco | 3 Ios, Ios Xe, Ios Xr | 2013-02-14 | 7.1 HIGH | N/A |
| The BGP implementation in Cisco IOS 15.2, IOS XE 3.5.xS before 3.5.2S, and IOS XR 4.1.0 through 4.2.2 allows remote attackers to cause a denial of service (multiple connection resets) by leveraging a peer relationship and sending a malformed attribute, aka Bug IDs CSCtt35379, CSCty58300, CSCtz63248, and CSCtz62914. | |||||
| CVE-2012-4621 | 1 Cisco | 1 Ios | 2013-02-14 | 7.8 HIGH | N/A |
| The Device Sensor feature in Cisco IOS 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via a DHCP packet, aka Bug ID CSCty96049. | |||||
| CVE-2012-3582 | 1 Symantec | 1 Pgp Universal Server | 2013-02-14 | 2.9 LOW | N/A |
| Symantec PGP Universal Server 3.2.x before 3.2.1 MP2 does not properly manage sessions that include key search requests, which might allow remote attackers to read a private key in opportunistic circumstances by making a request near the end of a user's session. | |||||
| CVE-2012-2998 | 1 Trend Micro | 1 Control Manager | 2013-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager (TMCM) before 5.5.0.1823 and 6.0 before 6.0.0.1449 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-2289 | 1 Emc | 2 Applicationxtender Desktop, Applicationxtender Web Access .net | 2013-02-14 | 7.5 HIGH | N/A |
| EMC ApplicationXtender Desktop before 6.5 SP2 and ApplicationXtender Web Access .NET before 6.5 SP2 allow remote attackers to upload files to any location, and possibly execute arbitrary code, via unspecified vectors. | |||||
| CVE-2012-0272 | 1 Novell | 1 Groupwise | 2013-02-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 allows remote attackers to inject arbitrary web script or HTML via the merge parameter. | |||||
| CVE-2012-0306 | 1 Symantec | 1 Ghost Solutions Suite | 2013-02-14 | 6.8 MEDIUM | N/A |
| Symantec Ghost Solution Suite 2.x through 2.5.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted backup file. | |||||
| CVE-2012-0417 | 1 Novell | 1 Groupwise | 2013-02-14 | 10.0 HIGH | N/A |
| Integer overflow in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2012-0418 | 2 Microsoft, Novell | 2 Windows, Groupwise | 2013-02-14 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the client in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 on Windows allows user-assisted remote attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2011-5129 | 1 Xchat | 1 Xchat | 2013-02-14 | 5.0 MEDIUM | N/A |
| Heap-based buffer overflow in XChat 2.8.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long response string. | |||||
| CVE-2011-5212 | 1 Intelliants | 1 Subrion Cms | 2013-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/index.php in Subrion CMS 2.0.4 allows remote attackers to execute arbitrary SQL commands via the (1) user name or (2) password field. | |||||
| CVE-2011-4312 | 1 Reviewboard | 1 Review Board | 2013-02-14 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the commenting system in Review Board before 1.5.7 and 1.6.x before 1.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) diff viewer or (2) screenshot component. | |||||
| CVE-2010-2494 | 1 Bogofilter | 1 Bogofilter | 2013-02-14 | 5.0 MEDIUM | N/A |
| Multiple buffer underflows in the base64 decoder in base64.c in (1) bogofilter and (2) bogolexer in bogofilter before 1.2.2 allow remote attackers to cause a denial of service (heap memory corruption and application crash) via an e-mail message with invalid base64 data that begins with an = (equals) character. | |||||
| CVE-2013-1622 | 2013-02-13 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is not a security issue. Further investigation showed that, because of RFC noncompliance, no version or configuration of the product had the vulnerability previously associated with this ID. Notes: none. | |||||
| CVE-2011-5256 | 1 Limesurvey | 1 Limesurvey | 2013-02-13 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the tooltips in LimeSurvey before 1.91+ Build 11379-20111116, when viewing survey results, allows remote attackers to inject arbitrary web script or HTML via unknown parameters. | |||||
| CVE-2011-5257 | 2 Appthemes, Wordpress | 2 Classipress, Wordpress | 2013-02-13 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Classipress theme before 3.1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) twitter_id parameter related to the Twitter widget and (2) facebook_id parameter related to the Facebook widget. | |||||
| CVE-2011-5262 | 1 Sonicwall | 4 Aventail Sra Ex6000, Aventail Sra Ex7000, Aventail Sra Ex9000 and 1 more | 2013-02-13 | 7.5 HIGH | N/A |
| SQL injection vulnerability in prodpage.cfm in SonicWALL Aventail allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter. | |||||
| CVE-2013-0265 | 1 Bitbucket | 1 Xnbd | 2013-02-13 | 2.1 LOW | N/A |
| The redirect_stderr function in xnbd_common.c in xnbd-server and xndb-wrapper in xNBD 0.1.0 allow local users to overwrite arbitrary files via a symlink attack on /tmp/xnbd.log. | |||||
| CVE-2012-2127 | 1 Linux | 1 Linux Kernel | 2013-02-12 | 5.0 MEDIUM | N/A |
| fs/proc/root.c in the procfs implementation in the Linux kernel before 3.2 does not properly interact with CLONE_NEWPID clone system calls, which allows remote attackers to cause a denial of service (reference leak and memory consumption) by making many connections to a daemon that uses PID namespaces to isolate clients, as demonstrated by vsftpd. | |||||
| CVE-2012-2187 | 1 Ibm | 4 Remote Supervisor Adapter Ii Firmware, X3650, X3850 and 1 more | 2013-02-12 | 5.0 MEDIUM | N/A |
| IBM Remote Supervisor Adapter II firmware for System x3650, x3850 M2, and x3950 M2 1.13 and earlier generates weak RSA keys, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors. | |||||
| CVE-2012-2286 | 1 Emc | 1 Rsa Adaptive Authentication On-premise | 2013-02-12 | 2.9 LOW | N/A |
| Unspecified vulnerability in EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 before SP3 P3 allows remote attackers to obtain sensitive information via unknown vectors. | |||||
| CVE-2012-6126 | 2013-02-11 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4525, CVE-2012-4526. Reason: This candidate is a duplicate of CVE-2012-4525 and CVE-2012-4526. Notes: All CVE users should reference CVE-2012-4525 and/or CVE-2012-4526 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2012-5189 | 2013-02-11 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none. | |||||