Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-5121 | 1 Comodo | 1 Comodo Internet Security | 2012-08-27 | 10.0 HIGH | N/A |
| The Antivirus component in Comodo Internet Security before 5.3.175888.1227 does not properly check whether unspecified X.509 certificates are revoked, which has unknown impact and remote attack vectors. | |||||
| CVE-2012-0048 | 1 Openttd | 1 Openttd | 2012-08-27 | 4.3 MEDIUM | N/A |
| OpenTTD 0.3.5 through 1.1.4 allows remote attackers to cause a denial of service (game pause) by connecting to the server and not finishing the (1) authorization phase or (2) map download, aka a "slow read" attack. | |||||
| CVE-2012-1175 | 1 Gnu | 1 Gnash | 2012-08-27 | 6.8 MEDIUM | N/A |
| Integer overflow in the GnashImage::size method in libbase/GnashImage.h in GNU Gnash 0.8.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SWF file, which triggers a heap-based buffer overflow. | |||||
| CVE-2012-2146 | 1 Ematia | 1 Elixir | 2012-08-27 | 4.3 MEDIUM | N/A |
| Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector (IV), which makes it easier for context-dependent users to obtain sensitive information and decrypt the database. | |||||
| CVE-2012-3477 | 1 Thomas Hunter | 1 Neoinvoice | 2012-08-27 | 7.5 HIGH | N/A |
| SQL injection vulnerability in signup_check.php in NeoInvoice allows remote attackers to execute arbitrary SQL commands via the value parameter in a username action. | |||||
| CVE-2012-3483 | 1 Google | 1 Tunnelblick | 2012-08-27 | 6.2 MEDIUM | N/A |
| Race condition in the runScript function in Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by replacing a script file. | |||||
| CVE-2012-3484 | 1 Google | 1 Tunnelblick | 2012-08-27 | 7.2 HIGH | N/A |
| Tunnelblick 3.3beta20 and earlier relies on a test for specific ownership and permissions to determine whether a program can be safely executed, which allows local users to bypass intended access restrictions and gain privileges via a (1) user-mountable image or (2) network share. | |||||
| CVE-2012-3486 | 1 Google | 1 Tunnelblick | 2012-08-27 | 6.9 MEDIUM | N/A |
| Tunnelblick 3.3beta20 and earlier allows local users to gain privileges via an OpenVPN configuration file that specifies execution of a script upon occurrence of an OpenVPN event. | |||||
| CVE-2012-3487 | 1 Google | 1 Tunnelblick | 2012-08-27 | 1.2 LOW | N/A |
| Race condition in Tunnelblick 3.3beta20 and earlier allows local users to kill unintended processes by waiting for a specific PID value to be assigned to a target process. | |||||
| CVE-2012-3501 | 1 Darold | 1 Squidclamav | 2012-08-27 | 5.0 MEDIUM | N/A |
| The squidclamav_check_preview_handler function in squidclamav.c in SquidClamav 5.x before 5.8 and 6.x before 6.7 passes an unescaped URL to a system command call, which allows remote attackers to cause a denial of service (daemon crash) via a URL with certain characters, as demonstrated using %0D or %0A. | |||||
| CVE-2012-4668 | 1 Roundcube | 1 Webmail | 2012-08-27 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the signature in an email. | |||||
| CVE-2012-4669 | 1 Isode | 1 M-link | 2012-08-27 | 5.8 MEDIUM | N/A |
| M-Link R14.6 before R14.6v14 and R15.1 before R15.1v10 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted. | |||||
| CVE-2012-4671 | 1 Psyced | 1 Psyced | 2012-08-27 | 5.8 MEDIUM | N/A |
| psyced before 20120821 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted. | |||||
| CVE-2012-4673 | 1 Thomas Hunter | 1 Neoinvoice | 2012-08-27 | 7.5 HIGH | N/A |
| SQL injection vulnerability in application/controllers/invoice.php in NeoInvoice might allow remote attackers to execute arbitrary SQL commands via vectors involving the sort_col variable in the list_items function, a different vulnerability than CVE-2012-3477. | |||||
| CVE-2012-4676 | 1 Google | 1 Tunnelblick | 2012-08-27 | 1.2 LOW | N/A |
| The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and earlier allows local users to delete arbitrary files by constructing a (1) symlink or (2) hard link, a different vulnerability than CVE-2012-3485. | |||||
| CVE-2012-4677 | 1 Google | 1 Tunnelblick | 2012-08-27 | 4.4 MEDIUM | N/A |
| Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by using a crafted Info.plist file to control the gOkIfNotSecure value. | |||||
| CVE-2010-5166 | 2 Mcafee, Microsoft | 2 Total Protection 2010, Windows Xp | 2012-08-25 | 6.2 MEDIUM | N/A |
| ** DISPUTED ** Race condition in McAfee Total Protection 2010 10.0.580 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. | |||||
| CVE-2012-2488 | 1 Cisco | 3 Asr 9000 Rsp440 Router, Crs Performance Route Processor, Ios Xr | 2012-08-25 | 7.8 HIGH | N/A |
| Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series devices allows remote attackers to cause a denial of service (packet transmission outage) via a crafted packet, aka Bug IDs CSCty94537 and CSCtz62593. | |||||
| CVE-2012-1904 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2012-08-25 | 4.3 MEDIUM | N/A |
| mp4fformat.dll in the QuickTime File Format plugin in RealNetworks RealPlayer 15 and earlier, and RealPlayer SP 1.1.4 Build 12.0.0.756 and earlier, allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted MP4 file. | |||||
| CVE-2011-5117 | 1 Sophos | 3 Disk Encryption, Safeguard Easy Device Encryption Client, Safeguard Enterprise Device Encryption | 2012-08-24 | 6.9 MEDIUM | N/A |
| Sophos SafeGuard Enterprise Device Encryption 5.x through 5.50.8.13, Sophos SafeGuard Easy Device Encryption Client 5.50.x, and Sophos Disk Encryption 5.50.x have a delay before removal of (1) out-of-date credentials and (2) invalid credentials, which allows physically proximate attackers to defeat the full-disk encryption feature by leveraging knowledge of these credentials. | |||||
| CVE-2011-5112 | 2 Blueflyingfish, Joomla | 2 Com Alameda, Joomla\! | 2012-08-24 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Alameda (com_alameda) component before 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the storeid parameter to index.php. | |||||
| CVE-2011-5113 | 2 Joomla, Techdeluge | 2 Joomla\!, Com Techfolio | 2012-08-24 | 7.5 HIGH | N/A |
| SQL injection vulnerability in frontend/models/techfoliodetail.php in Techfolio (com_techfolio) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2011-5114 | 1 Barraguard | 2 Barracuda Link Balancer, Barracuda Link Balancer Series Firmware | 2012-08-24 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Authoritative DNS - DNS Zones page in Barracuda Link Balancer 330 Firmware 1.3.2.005 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) zoneid or (2) scope parameter. | |||||
| CVE-2011-5115 | 1 Dlguard | 1 Dlguard | 2012-08-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in DLGuard, possibly 4.6 and earlier, allows remote attackers to inject arbitrary web script or HTML via the searchCart parameter to index.php. | |||||
| CVE-2011-5116 | 1 Setseed | 1 Setseed Cms | 2012-08-24 | 7.5 HIGH | N/A |
| SQL injection vulnerability in setseed-hub in SetSeed CMS 5.8.20, 5.11.2, and earlier allows remote attackers to execute arbitrary SQL commands via the loggedInUser cookie. | |||||
| CVE-2012-2496 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2012-08-24 | 6.8 MEDIUM | N/A |
| A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict use of Java components, which allows remote attackers to execute arbitrary code via a crafted web site, aka Bug ID CSCty45925. | |||||
| CVE-2012-2674 | 1 Google | 1 Bionic | 2012-08-24 | 4.3 MEDIUM | N/A |
| Multiple integer overflows in the (1) chk_malloc, (2) leak_malloc, and (3) leak_memalign functions in libc/bionic/malloc_debug_leak.c in Bionic (libc) for Android, when libc.debug.malloc is set, make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected. | |||||
| CVE-2012-3371 | 1 Openstack | 3 Compute, Essex, Folsom | 2012-08-24 | 3.5 LOW | N/A |
| The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section. | |||||
| CVE-2012-4026 | 1 Johnsoncontrols | 2 Pegasys P2000 Server, Pegasys P2000 Server Software | 2012-08-24 | 5.0 MEDIUM | N/A |
| The Johnson Controls Pegasys P2000 server with software before 3.11 allows remote attackers to trigger false alerts via crafted packets to TCP port 41013 (aka the upload port), a different vulnerability than CVE-2012-2607. | |||||
| CVE-2012-4337 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Windows 7, Windows Xp | 2012-08-24 | 9.3 HIGH | N/A |
| Foxit Reader before 5.3 on Windows XP and Windows 7 allows remote attackers to execute arbitrary code via a PDF document with a crafted attachment that triggers calculation of a negative number during processing of cross references. | |||||
| CVE-2011-5102 | 1 Websense | 4 Websense Web Filter, Websense Web Security, Websense Web Security Gateway and 1 more | 2012-08-23 | 7.5 HIGH | N/A |
| The Investigative Reports web interface in the TRITON management console in Websense Web Security 7.1 before Hotfix 109, 7.1.1 before Hotfix 06, 7.5 before Hotfix 78, 7.5.1 before Hotfix 12, 7.6 before Hotfix 24, and 7.6.2 before Hotfix 12; Web Filter; Web Security Gateway; and Web Security Gateway Anywhere allows remote attackers to execute commands via unspecified vectors. | |||||
| CVE-2009-5119 | 1 Websense | 2 Websense Web Filter, Websense Web Security | 2012-08-23 | 4.3 MEDIUM | N/A |
| The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data. | |||||
| CVE-2009-5120 | 1 Websense | 2 Websense Web Filter, Websense Web Security | 2012-08-23 | 4.3 MEDIUM | N/A |
| The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port. | |||||
| CVE-2009-5121 | 1 Websense | 1 Websense Email Security | 2012-08-23 | 5.0 MEDIUM | N/A |
| Websense Email Security 7.1 before Hotfix 4 allows remote attackers to bypass the sender-based blacklist by using the 8BITMIME EHLO keyword in the SMTP session. | |||||
| CVE-2010-5144 | 1 Websense | 3 Websense, Websense Web Filter, Websense Web Security | 2012-08-23 | 4.3 MEDIUM | N/A |
| The ISAPI Filter plug-in in Websense Enterprise, Websense Web Security, and Websense Web Filter 6.3.3 and earlier, when used in conjunction with a Microsoft ISA or Microsoft Forefront TMG server, allows remote attackers to bypass intended filtering and monitoring activities for web traffic via an HTTP Via header. | |||||
| CVE-2010-5147 | 1 Websense | 2 Websense Web Filter, Websense Web Security | 2012-08-23 | 5.0 MEDIUM | N/A |
| The Remote Filtering component in Websense Web Security and Web Filter before 6.3.3 Hotfix 18 and 7.x before 7.1.1 allows remote attackers to cause a denial of service (daemon exit) via a large volume of traffic. | |||||
| CVE-2012-4604 | 1 Websense | 1 Websense Web Security | 2012-08-23 | 4.3 MEDIUM | N/A |
| The TRITON management console in Websense Web Security before 7.6 Hotfix 24 allows remote attackers to bypass authentication and read arbitrary reports via a crafted uid field, in conjunction with a crafted userRoles field, in a cookie, as demonstrated by a request to explorer_wse/favorites.exe. | |||||
| CVE-2012-4586 | 1 Mcafee | 2 Email And Web Security, Email Gateway | 2012-08-22 | 3.5 LOW | N/A |
| McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, accesses files with the privileges of the root user, which allows remote authenticated users to bypass intended permission settings by requesting a file. | |||||
| CVE-2009-5116 | 1 Mcafee | 1 Linuxshield | 2012-08-22 | 6.5 MEDIUM | N/A |
| McAfee LinuxShield 1.5.1 and earlier does not properly implement client authentication, which allows remote authenticated users to obtain Admin access to the statistics server by leveraging a client account. | |||||
| CVE-2010-3496 | 1 Mcafee | 1 Virusscan Enterprise | 2012-08-22 | 6.4 MEDIUM | N/A |
| McAfee VirusScan Enterprise 8.5i and 8.7i does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. | |||||
| CVE-2010-3497 | 1 Symantec | 1 Norton Antivirus | 2012-08-22 | 6.4 MEDIUM | N/A |
| Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that this issue "falls into the work of our Firewall and not our AV (per our methodology of layers of defense)." | |||||
| CVE-2010-3498 | 1 Avg | 1 Anti-virus | 2012-08-22 | 6.4 MEDIUM | N/A |
| AVG Anti-Virus does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. | |||||
| CVE-2010-3499 | 1 F-secure | 1 Anti-virus | 2012-08-22 | 6.4 MEDIUM | N/A |
| F-Secure Anti-Virus does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that "the inability to catch these files are caused by lacking functionality rather than programming errors." | |||||
| CVE-2010-5143 | 1 Mcafee | 1 Virusscan Enterprise | 2012-08-22 | 2.6 LOW | N/A |
| McAfee VirusScan Enterprise before 8.8 allows local users to disable the product by leveraging administrative privileges to execute an unspecified Metasploit Framework module. | |||||
| CVE-2011-5100 | 1 Mcafee | 1 Firewall Reporter | 2012-08-22 | 7.5 HIGH | N/A |
| The web interface in McAfee Firewall Reporter before 5.1.0.13 does not properly implement cookie authentication, which allows remote attackers to obtain access, and disable anti-virus functionality, via an HTTP request. | |||||
| CVE-2012-4580 | 1 Mcafee | 2 Email And Web Security, Email Gateway | 2012-08-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote attackers to inject arbitrary web script or HTML via vectors related to the McAfee Security Appliance Management Console/Dashboard. | |||||
| CVE-2012-4581 | 1 Mcafee | 2 Email And Web Security, Email Gateway | 2012-08-22 | 6.8 MEDIUM | N/A |
| McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, does not disable the server-side session token upon the closing of the Management Console/Dashboard, which makes it easier for remote attackers to hijack sessions by capturing a session cookie and then modifying the response to a login attempt, related to a "Logout Failure" issue. | |||||
| CVE-2012-4588 | 1 Mcafee | 2 Enterprise Mobility Manager, Enterprise Mobility Manager Agent | 2012-08-22 | 4.3 MEDIUM | N/A |
| McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1 record all invalid usernames presented in failed login attempts, and place them on a list of accounts that an administrator may wish to unlock, which allows remote attackers to cause a denial of service (excessive list size in the EMM Database) via a long sequence of login attempts with different usernames. | |||||
| CVE-2012-4593 | 1 Mcafee | 2 Application Control, Change Control | 2012-08-22 | 5.0 MEDIUM | N/A |
| McAfee Application Control and Change Control 5.1.x and 6.0.0 do not enforce an intended password requirement in certain situations involving attributes of the password file, which allows local users to bypass authentication by executing a command. | |||||
| CVE-2012-4598 | 1 Mcafee | 2 Epo Mcafee Virtual Technician, Mcafee Virtual Technician | 2012-08-22 | 9.3 HIGH | N/A |
| An unspecified ActiveX control in McAfee Virtual Technician (MVT) before 6.4, and ePO-MVT, allows remote attackers to execute arbitrary code or cause a denial of service (Internet Explorer crash) via a crafted web site. | |||||