Search
Total
21119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-2412 | 1 Hp | 1 Business Service Automation Essentials | 2012-02-14 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP Business Service Automation (BSA) Essentials 2.01 allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2011-4534 | 1 Copadata | 1 Zenon | 2012-02-13 | 7.5 HIGH | N/A |
| ZenSysSrv.exe in Ing. Punzenberger COPA-DATA zenon 6.51 SP0 allows remote attackers to cause a denial of service (service crash) or possibly execute arbitrary code via a series of connections and disconnections on TCP port 1101, aka Reference Number 25212. | |||||
| CVE-2011-4533 | 1 Copadata | 1 Zenon | 2012-02-13 | 7.5 HIGH | N/A |
| zenAdminSrv.exe in Ing. Punzenberger COPA-DATA zenon 6.51 SP0 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted packet to TCP port 50777, aka Reference Number 25240. | |||||
| CVE-2011-3531 | 1 Oracle | 1 Fusion Middleware | 2012-02-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote attackers to affect availability via unknown vectors related to Web Services Security. | |||||
| CVE-2011-3574 | 1 Oracle | 1 Communications Unified | 2012-02-07 | 3.3 LOW | N/A |
| Unspecified vulnerability in Oracle Communications Unified 7.0 allows local users to affect confidentiality and integrity via unknown vectors related to Calendar Server. | |||||
| CVE-2011-3573 | 1 Oracle | 1 Communications Unified | 2012-02-07 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Communications Unified 7.0 allows remote authenticated users to affect availability via unknown vectors related to Calendar Server. | |||||
| CVE-2011-3570 | 1 Oracle | 1 Communications Unified | 2012-02-07 | 2.1 LOW | N/A |
| Unspecified vulnerability in Oracle Communications Unified 7.0 allows local users to affect confidentiality via unknown vectors related to Calendar Server. | |||||
| CVE-2011-3569 | 1 Oracle | 1 Fusion Middleware | 2012-02-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote attackers to affect confidentiality via unknown vectors related to Web Services Security. | |||||
| CVE-2011-3565 | 1 Oracle | 1 Communications Unified | 2012-02-07 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Communications Unified 7.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Calendar Server. | |||||
| CVE-2011-4513 | 1 Siemens | 5 Simatic Hmi Panels, Wincc, Wincc Flexible and 2 more | 2012-02-06 | 10.0 HIGH | N/A |
| Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allow user-assisted remote attackers to execute arbitrary code via a crafted project file, related to the HMI web server and runtime loader. | |||||
| CVE-2011-3462 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-02-03 | 5.0 MEDIUM | N/A |
| Time Machine in Apple Mac OS X before 10.7.3 does not verify the unique identifier of its remote AFP volume or Time Capsule, which allows remote attackers to obtain sensitive information contained in new backups by spoofing this storage object, a different vulnerability than CVE-2010-1803. | |||||
| CVE-2011-3446 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-02-03 | 7.5 HIGH | N/A |
| Apple Type Services (ATS) in Apple Mac OS X before 10.7.3 does not properly manage memory for data-font files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font that is accessed by Font Book. | |||||
| CVE-2011-5075 | 1 Sitracker | 1 Support Incident Tracker | 2012-02-02 | 5.0 MEDIUM | N/A |
| translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to obtain sensitive information via a direct request using the save action, which reveals the installation path. | |||||
| CVE-2007-5635 | 1 Sitracker | 1 Support Incident Tracker | 2012-02-02 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Salford Software Support Incident Tracker (SiT!) before 3.30 have unknown impact and attack vectors. | |||||
| CVE-2011-4164 | 1 Hp | 1 Database Archiving Software | 2012-02-02 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1214. | |||||
| CVE-2011-4165 | 1 Hp | 1 Database Archiving Software | 2012-02-02 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1263. | |||||
| CVE-2011-4163 | 1 Hp | 1 Database Archiving Software | 2012-02-02 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1213. | |||||
| CVE-2011-4899 | 1 Wordpress | 1 Wordpress | 2012-01-31 | 7.5 HIGH | N/A |
| ** DISPUTED ** wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not ensure that the specified MySQL database service is appropriate, which allows remote attackers to configure an arbitrary database via the dbhost and dbname parameters, and subsequently conduct static code injection and cross-site scripting (XSS) attacks via (1) an HTTP request or (2) a MySQL query. NOTE: the vendor disputes the significance of this issue; however, remote code execution makes the issue important in many realistic environments. | |||||
| CVE-2012-0937 | 1 Wordpress | 1 Wordpress | 2012-01-31 | 5.0 MEDIUM | N/A |
| ** DISPUTED ** wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not limit the number of MySQL queries sent to external MySQL database servers, which allows remote attackers to use WordPress as a proxy for brute-force attacks or denial of service attacks via the dbhost parameter, a different vulnerability than CVE-2011-4898. NOTE: the vendor disputes the significance of this issue because an incomplete WordPress installation might be present on the network for only a short time. | |||||
| CVE-2012-0885 | 1 Asterisk | 1 Open Source | 2012-01-26 | 4.3 MEDIUM | N/A |
| chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and media support is improperly configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted SDP message with a crypto attribute and a (1) video or (2) text media type, as demonstrated by CSipSimple. | |||||
| CVE-2011-4873 | 1 Atvise | 1 Atvise | 2012-01-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the server in Certec EDV atvise before 2.1 allows remote attackers to cause a denial of service (daemon crash) via crafted requests to TCP port 4840. | |||||
| CVE-2011-3568 | 1 Oracle | 1 Fusion Middleware | 2012-01-19 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Web Services Security. | |||||
| CVE-2011-3564 | 1 Oracle | 1 Sun Glassfish Enterprise Server | 2012-01-19 | 2.1 LOW | N/A |
| Unspecified vulnerability in Oracle GlassFish Enterprise Server 2.1.1 allows local users to affect confidentiality via unknown vectors related to Administration. | |||||
| CVE-2011-2318 | 1 Oracle | 1 Fusion Middleware | 2012-01-19 | 1.5 LOW | N/A |
| Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4.0, 10.0.2.0, 10.3.3.0, 10.3.4.0, and 10.3.5.0 allows local users to affect confidentiality, related to WLS Security. | |||||
| CVE-2011-2271 | 1 Oracle | 1 E-business Suite | 2012-01-19 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote authenticated users to affect integrity via unknown vectors related to Attachments / File Upload. | |||||
| CVE-2011-3566 | 1 Oracle | 1 Fusion Middleware | 2012-01-19 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4, 10.0.2, 10.3.3, 10.3.4, and 10.3.5 allows remote attackers to affect availability via unknown vectors related to Web Container. | |||||
| CVE-2011-2171 | 1 Google | 1 Chrome Os | 2012-01-18 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the dbugs package in Google Chrome OS before R12 0.12.433.38 Beta has unknown impact and attack vectors. | |||||
| CVE-2011-2308 | 1 Oracle | 1 E-business Suite | 2012-01-14 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Online Help. | |||||
| CVE-2011-2327 | 1 Oracle | 1 Sun Products Suite | 2012-01-12 | 2.1 LOW | N/A |
| Unspecified vulnerability in the Oracle Communications Unified component in Oracle Sun Products Suite 7.0 allows local users to affect confidentiality via unknown vectors related to Delegated Administrator. | |||||
| CVE-2011-2323 | 1 Oracle | 1 Industry Applications | 2012-01-12 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Health Sciences - Oracle Thesaurus Management System component in Oracle Industry Applications 4.6.1 and 4.6.2 allows remote attackers to affect integrity, related to TMS Help. | |||||
| CVE-2011-2309 | 1 Oracle | 1 Industry Applications | 2012-01-12 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Health Sciences - Oracle Clinical, Remote Data Capture component in Oracle Industry Applications 4.6 and 4.6.2 allows remote attackers to affect integrity, related to RDC Help. | |||||
| CVE-2011-2292 | 1 Oracle | 1 Solaris | 2012-01-12 | 2.4 LOW | N/A |
| Unspecified vulnerability in Oracle Solaris 9 and 11 Express allows local users to affect confidentiality and integrity via unknown vectors related to xscreensaver. | |||||
| CVE-2011-2310 | 1 Oracle | 1 Sun Products Suite | 2012-01-12 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Oracle Waveset component in Oracle Sun Products Suite 8.1.0 and 8.1.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to User Administration. | |||||
| CVE-2011-4056 | 1 Siemens | 1 Tecnomatix Factorylink | 2012-01-09 | 5.8 MEDIUM | N/A |
| An unspecified ActiveX control in ActBar.ocx in Siemens Tecnomatix FactoryLink 6.6.1 (aka 6.6 SP1), 7.5.217 (aka 7.5 SP2), and 8.0.2.54 allows remote attackers to create or overwrite arbitrary files via the save method. | |||||
| CVE-2011-2304 | 1 Oracle | 1 Solaris | 2011-12-24 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect confidentiality, related to Network Services Library (libnsl). | |||||
| CVE-2011-2312 | 1 Oracle | 1 Solaris | 2011-12-24 | 1.7 LOW | N/A |
| Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, related to ZFS. | |||||
| CVE-2011-2314 | 1 Oracle | 1 Fusion Middleware | 2011-12-24 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors related to JavaServer Pages. | |||||
| CVE-2011-2320 | 1 Oracle | 1 Fusion Middleware | 2011-12-24 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4.0, 10.0.2.0, 10.3.3.0, 10.3.4.0, and 10.3.5.0 allows remote attackers to affect confidentiality via unknown vectors related to Web Services. | |||||
| CVE-2011-2286 | 1 Oracle | 1 Solaris | 2011-12-24 | 2.1 LOW | N/A |
| Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows remote authenticated users to affect availability, related to ZFS. | |||||
| CVE-2009-3091 | 1 Asus | 1 Asus Wl-330ge | 2011-12-21 | 10.0 HIGH | N/A |
| Unspecified vulnerability on the ASUS WL-330gE has unknown impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2011-1511 | 1 Oracle | 1 Sun Products Suite | 2011-12-21 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Products Suite 2.1.1 and 3.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to Administration. | |||||
| CVE-2011-2306 | 1 Oracle | 1 Linux | 2011-12-15 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Linux 4 and 5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to "Oracle validated." | |||||
| CVE-2009-3819 | 2 Typo3, Urs Maag | 2 Typo3, Maag Randomimage | 2011-12-14 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Random Images (maag_randomimage) extension 1.6.4 and earlier for TYPO3 allows remote attackers to execute arbitrary shell commands via unspecified vectors. | |||||
| CVE-2011-3587 | 2 Plone, Zope | 2 Plone, Zope | 2011-10-21 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules. | |||||
| CVE-2011-2946 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2011-10-06 | 10.0 HIGH | N/A |
| Unspecified vulnerability in an ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2011-2563 | 1 Cisco | 2 Intercompany Media Engine, Unified Communications Manager | 2011-10-06 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth26669. | |||||
| CVE-2011-2564 | 1 Cisco | 2 Intercompany Media Engine, Unified Communications Manager | 2011-10-06 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth19417. | |||||
| CVE-2011-2296 | 1 Sun | 1 Sunos | 2011-10-05 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability, related to Kernel/SCTP. | |||||
| CVE-2011-2279 | 1 Oracle | 2 Peoplesoft Enterprise Hrms, Peoplesoft Products | 2011-10-05 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1, Bundle, and #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Talent Acquisition Manager. | |||||
| CVE-2011-2278 | 1 Oracle | 2 Peoplesoft Enterprise Hrms, Peoplesoft Products | 2011-10-05 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 8.9, Bundle, #24, 9.0, Bundle, #17, 9.1, Bundle, and #6 allows remote authenticated users to affect confidentiality via unknown vectors related to Talent Acquisition Manager. | |||||