Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2241 | 2 Broadcom, Ca | 4 Brightstor Arcserve Backup, Server Protection Suite, Brightstor Arcserve Backup and 1 more | 2021-04-09 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in caloggerd in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allows remote attackers to append arbitrary data to arbitrary files via directory traversal sequences in unspecified input fields, which are used in log messages. NOTE: this can be leveraged for code execution in many installation environments by writing to a startup file or configuration file. | |||||
| CVE-2008-4119 | 2 Broadcom, Ca | 2 Service Desk, Cmdb | 2021-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CA Service Desk 11.2 and CMDB 11.0 through 11.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "multiple web forms." | |||||
| CVE-2008-4397 | 2 Broadcom, Ca | 5 Arcserve Backup, Business Protection Suite, Server Protection Suite and 2 more | 2021-04-09 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a .. (dot dot) in an RPC call with opnum 0x10A. | |||||
| CVE-2008-4398 | 2 Broadcom, Ca | 5 Arcserve Backup, Business Protection Suite, Server Protection Suite and 2 more | 2021-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the tape engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request. | |||||
| CVE-2008-4399 | 2 Broadcom, Ca | 5 Arcserve Backup, Business Protection Suite, Server Protection Suite and 2 more | 2021-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the database engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request, related to "insufficient validation." | |||||
| CVE-2008-4400 | 2 Broadcom, Ca | 5 Arcserve Backup, Business Protection Suite, Server Protection Suite and 2 more | 2021-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash of multiple services) via crafted authentication credentials, related to "insufficient validation." | |||||
| CVE-2013-2630 | 1 Broadcom | 1 Service Desk Manager | 2021-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in CA Service Desk Manager 12.5 through 12.7 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
| CVE-2009-0042 | 2 Broadcom, Ca | 19 Anti-spyware, Anti-spyware For The Enterprise, Anti-virus and 16 more | 2021-04-09 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Arclib library (arclib.dll) before 7.3.0.15 in the CA Anti-Virus engine for CA Anti-Virus for the Enterprise 7.1, r8, and r8.1; Anti-Virus 2007 v8 and 2008; Internet Security Suite 2007 v3 and 2008; and other CA products allow remote attackers to bypass virus detection via a malformed archive file. | |||||
| CVE-2018-19634 | 2 Broadcom, Ca | 2 Service Desk Manager, Service Desk Manager | 2021-04-09 | 5.0 MEDIUM | 7.5 HIGH |
| CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to access survey information. | |||||
| CVE-2018-19635 | 2 Broadcom, Ca | 2 Service Desk Manager, Service Desk Manager | 2021-04-09 | 7.5 HIGH | 9.8 CRITICAL |
| CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to escalate privileges in the user interface. | |||||
| CVE-2006-2201 | 1 Broadcom | 1 Resource Initialization Manager | 2021-04-09 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in CA Resource Initialization Manager (CAIRIM) 1.x before 20060502, as used in z/OS Common Services and the LMP component in multiple products, allows attackers to violate integrity via a certain "problem state program" that uses SVC to gain access to supervisor state, key 0. | |||||
| CVE-2008-1984 | 1 Broadcom | 1 Secure Content Manager | 2021-04-09 | 7.8 HIGH | N/A |
| The eTrust Common Services (Transport) Daemon (eCSqdmn) in CA Secure Content Manager 8.0.28000.511 and earlier allows remote attackers to cause a denial of service (crash or CPU consumption) via a malformed packet to TCP port 1882. | |||||
| CVE-2011-1719 | 1 Broadcom | 1 Output Management Web Viewer | 2021-04-09 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in the Web Viewer ActiveX controls in CA Output Management Web Viewer 11.0 and 11.5 allow remote attackers to execute arbitrary code via (1) a long SRC property value to the PPSViewer ActiveX control in PPSView.ocx before 1.0.0.7 or (2) a long Title property value to the UOMWV_Helper ActiveX control in UOMWV_HelperActiveX.ocx before 11.5.0.1. | |||||
| CVE-2015-3316 | 6 Broadcom, Ca, Hp and 3 more | 11 Network And Systems Management, Client Automation, Network And Systems Management and 8 more | 2021-04-09 | 4.6 MEDIUM | N/A |
| CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, allows local users to gain privileges via an unspecified environment variable. | |||||
| CVE-2015-3317 | 5 Ca, Hp, Ibm and 2 more | 10 Client Automation, Network And Systems Management, Nsm Job Management Option and 7 more | 2021-04-09 | 4.6 MEDIUM | N/A |
| CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, does not properly perform bounds checking, which allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2015-3318 | 5 Ca, Hp, Ibm and 2 more | 10 Client Automation, Network And Systems Management, Nsm Job Management Option and 7 more | 2021-04-09 | 4.6 MEDIUM | N/A |
| CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, does not properly validate an unspecified variable, which allows local users to gain privileges via unknown vectors. | |||||
| CVE-2021-30151 | 1 Contribsys | 1 Sidekiq | 2021-04-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used. | |||||
| CVE-2021-28172 | 1 Deltaflow Project | 1 Deltaflow | 2021-04-09 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Path Traversal vulnerability in the file download function of Vangene deltaFlow E-platform. Remote attackers can access credential data with this leakage. | |||||
| CVE-2021-1758 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-04-09 | 9.3 HIGH | 7.8 HIGH |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. | |||||
| CVE-2021-1785 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-04-09 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2021-24196 | 1 Cm-wp | 1 Social Slider Widget | 2021-04-09 | 3.5 LOW | 5.4 MEDIUM |
| The Social Slider Widget WordPress plugin before 1.8.5 allowed Authenticated Reflected XSS in the plugin settings page as the ‘token_error’ parameter can be controlled by users and it is directly echoed without being sanitized | |||||
| CVE-2021-1783 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-04-09 | 6.8 MEDIUM | 7.8 HIGH |
| An access issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2012-0691 | 1 Broadcom | 1 License Software | 2021-04-09 | 7.2 HIGH | N/A |
| CA License (aka CA Licensing) before 1.90.03 does not properly restrict system commands, which allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2012-0692 | 1 Broadcom | 1 License Software | 2021-04-09 | 7.2 HIGH | N/A |
| CA License (aka CA Licensing) before 1.90.03 allows local users to modify or create arbitrary files, and consequently gain privileges, via unspecified vectors. | |||||
| CVE-2021-1756 | 1 Apple | 2 Ipados, Iphone Os | 2021-04-09 | 2.1 LOW | 2.4 LOW |
| A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 14.4 and iPadOS 14.4. An attacker with physical access to a device may be able to see private contact information. | |||||
| CVE-2020-19595 | 1 Coreftp | 1 Core Ftp | 2021-04-09 | 5.0 MEDIUM | 7.5 HIGH |
| Buffer overflow vulnerability in Core FTP Server v2 Build 697, via a crafted username. | |||||
| CVE-2020-19596 | 1 Coreftp | 1 Core Ftp | 2021-04-09 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow vulnerability in Core FTP Server v1.2 Build 583, via a crafted username. | |||||
| CVE-2021-27357 | 1 Riot-os | 1 Riot | 2021-04-09 | 7.5 HIGH | 9.8 CRITICAL |
| RIOT-OS 2020.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c. | |||||
| CVE-2016-7102 | 1 Owncloud | 1 Owncloud Desktop Client | 2021-04-09 | 4.6 MEDIUM | 8.4 HIGH |
| ownCloud Desktop before 2.2.3 allows local users to execute arbitrary code and possibly gain privileges via a Trojan library in a "special path" in the C: drive. | |||||
| CVE-2021-1781 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2021-04-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A malicious application may be able to leak sensitive user information. | |||||
| CVE-2021-27697 | 1 Riot-os | 1 Riot | 2021-04-09 | 7.5 HIGH | 9.8 CRITICAL |
| RIOT-OS 2021.01 contains a buffer overflow vulnerability in sys/net/gnrc/routing/rpl/gnrc_rpl_validation.c through the gnrc_rpl_validation_options() function. | |||||
| CVE-2021-27698 | 1 Riot-os | 1 Riot | 2021-04-09 | 7.5 HIGH | 9.8 CRITICAL |
| RIOT-OS 2021.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c through the _parse_options() function. | |||||
| CVE-2021-1780 | 1 Apple | 2 Ipados, Iphone Os | 2021-04-09 | 4.9 MEDIUM | 4.4 MEDIUM |
| A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 14.4 and iPadOS 14.4. An attacker in a privileged position may be able to perform a denial of service attack. | |||||
| CVE-2021-24172 | 1 Vm Backups Project | 1 Vm Backups | 2021-04-09 | 4.3 MEDIUM | 4.3 MEDIUM |
| The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the DB, plugins, and current . | |||||
| CVE-2005-0581 | 1 Broadcom | 1 License Software | 2021-04-09 | 4.6 MEDIUM | N/A |
| Multiple buffer overflows in Computer Associates (CA) License Client and Server 0.1.0.15 allow remote attackers to execute arbitrary code via (1) certain long fields in the Checksum item in a GCR request, (2) a long IP address, hostname, or netmask values in a GCR request, (3) a long last parameter in a GETCONFIG packet, or (4) long values in a request with an invalid format. | |||||
| CVE-2005-0582 | 1 Broadcom | 1 License Software | 2021-04-09 | 10.0 HIGH | N/A |
| Buffer overflow in Computer Associates (CA) License Client 0.1.0.15 allows remote attackers to execute arbitrary code via a long filename in a PUTOLF request. | |||||
| CVE-2005-0583 | 1 Broadcom | 1 License Software | 2021-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Computer Associates (CA) License Client 0.1.0.15 allows remote attackers to create arbitrary files via .. (dot dot) sequences in a PUTOLF request. | |||||
| CVE-2002-1598 | 1 Broadcom | 1 Mlink | 2021-04-09 | 4.6 MEDIUM | N/A |
| Buffer overflows in Computer Associates MLink (CA-MLink) 6.5 and earlier may allow local users to execute arbitrary code via long command line arguments to (1) mlclear or (2) mllock. | |||||
| CVE-2019-13658 | 1 Broadcom | 1 Network Flow Analysis | 2021-04-09 | 7.5 HIGH | 9.8 CRITICAL |
| CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security. | |||||
| CVE-2021-1779 | 1 Apple | 2 Mac Os X, Macos | 2021-04-09 | 9.3 HIGH | 7.8 HIGH |
| A logic error in kext loading was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. An application may be able to execute arbitrary code with system privileges. | |||||
| CVE-2021-1778 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-04-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read issue existed in the curl. This issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to a denial of service. | |||||
| CVE-2021-1777 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-04-09 | 6.8 MEDIUM | 7.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2021-1775 | 1 Apple | 2 Mac Os X, Macos | 2021-04-09 | 6.8 MEDIUM | 7.8 HIGH |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted font may lead to arbitrary code execution. | |||||
| CVE-2021-1776 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-04-09 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted font file may lead to arbitrary code execution. | |||||
| CVE-2021-28175 | 1 Asus | 6 Asmb8-ikvm, Asmb8-ikvm Firmware, Z10pe-d16 Ws and 3 more | 2021-04-09 | 4.0 MEDIUM | 4.9 MEDIUM |
| The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | |||||
| CVE-2021-1774 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-04-09 | 6.8 MEDIUM | 7.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2021-24175 | 1 Posimyth | 1 The Plus Addons For Elementor | 2021-04-09 | 7.5 HIGH | 9.8 CRITICAL |
| The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.7 was being actively exploited to by malicious actors to bypass authentication, allowing unauthenticated users to log in as any user (including admin) by just providing the related username, as well as create accounts with arbitrary roles, such as admin. These issues can be exploited even if registration is disabled, and the Login widget is not active. | |||||
| CVE-2021-24203 | 1 Elementor | 1 Website Builder | 2021-04-09 | 3.5 LOW | 5.4 MEDIUM |
| In the Elementor Website Builder WordPress plugin before 3.1.4, the divider widget (includes/widgets/divider.php) accepts an ‘html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request with this parameter set to ‘script’ and combined with a ‘text’ parameter containing JavaScript, which will then be executed when the saved page is viewed or previewed. | |||||
| CVE-2021-24204 | 1 Elementor | 1 Website Builder | 2021-04-09 | 3.5 LOW | 5.4 MEDIUM |
| In the Elementor Website Builder WordPress plugin before 3.1.4, the accordion widget (includes/widgets/accordion.php) accepts a ‘title_html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘title_html_tag’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed. | |||||
| CVE-2021-1773 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-04-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to a denial of service. | |||||