Total
5466 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-2994 | 1 Cososys | 1 Endpoint Protector Appliace 4 | 2013-03-02 | 7.5 HIGH | N/A |
| The CoSoSys Endpoint Protector 4 appliance establishes an EPProot password based entirely on the appliance serial number, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||||
| CVE-2012-1833 | 1 Springsource | 1 Grails | 2013-03-02 | 5.0 MEDIUM | N/A |
| VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does not properly restrict data binding, which might allow remote attackers to bypass intended access restrictions and modify arbitrary object properties via a crafted request parameter to an application. | |||||
| CVE-2011-2709 | 1 Umich | 2 Libgssapi, Libgssglue | 2013-03-02 | 6.2 MEDIUM | N/A |
| libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPI_MECH_CONF environment variable, as demonstrated using mount.nfs. | |||||
| CVE-2013-1139 | 1 Cisco | 1 Cloud Portal | 2013-02-27 | 4.0 MEDIUM | N/A |
| The nsAPI interface in Cisco Cloud Portal 9.1 SP1 and SP2, and 9.3 through 9.3.2, does not properly check privileges, which allows remote authenticated users to obtain sensitive information via a crafted URL, aka Bug ID CSCud81134. | |||||
| CVE-2012-5586 | 2 Drupal, Marc Ingram | 2 Drupal, Services | 2013-02-26 | 2.1 LOW | N/A |
| The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "access user profiles" permission to access arbitrary users' emails via vectors related to the "user index method" and "the path to the user resource." | |||||
| CVE-2012-5530 | 1 Sgi | 1 Performance Co-pilot | 2013-02-26 | 2.1 LOW | N/A |
| The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot (PCP) before 3.6.10 allow local users to overwrite arbitrary files via a symlink attack on a /var/tmp/##### temporary file. | |||||
| CVE-2012-5417 | 1 Cisco | 1 Prime Data Center Network Manager | 2013-02-26 | 10.0 HIGH | N/A |
| Cisco Prime Data Center Network Manager (DCNM) before 6.1(1) does not properly restrict access to certain JBoss MainDeployer functionality, which allows remote attackers to execute arbitrary commands via JBoss Application Server Remote Method Invocation (RMI) services, aka Bug ID CSCtz44924. | |||||
| CVE-2012-3523 | 1 Isc | 1 Inn | 2013-02-22 | 6.8 MEDIUM | N/A |
| The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. | |||||
| CVE-2013-1111 | 1 Cisco | 2 Ata 187 Analog Telephone Adaptor, Ata 187 Analog Telephone Adaptor Firmware | 2013-02-14 | 9.0 HIGH | N/A |
| The Cisco ATA 187 Analog Telephone Adaptor with firmware 9.2.1.0 and 9.2.3.1 before ES build 4 does not properly implement access control, which allows remote attackers to execute operating-system commands via vectors involving a session on TCP port 7870, aka Bug ID CSCtz67038. | |||||
| CVE-2012-3582 | 1 Symantec | 1 Pgp Universal Server | 2013-02-14 | 2.9 LOW | N/A |
| Symantec PGP Universal Server 3.2.x before 3.2.1 MP2 does not properly manage sessions that include key search requests, which might allow remote attackers to read a private key in opportunistic circumstances by making a request near the end of a user's session. | |||||
| CVE-2012-2289 | 1 Emc | 2 Applicationxtender Desktop, Applicationxtender Web Access .net | 2013-02-14 | 7.5 HIGH | N/A |
| EMC ApplicationXtender Desktop before 6.5 SP2 and ApplicationXtender Web Access .NET before 6.5 SP2 allow remote attackers to upload files to any location, and possibly execute arbitrary code, via unspecified vectors. | |||||
| CVE-2013-0265 | 1 Bitbucket | 1 Xnbd | 2013-02-13 | 2.1 LOW | N/A |
| The redirect_stderr function in xnbd_common.c in xnbd-server and xndb-wrapper in xNBD 0.1.0 allow local users to overwrite arbitrary files via a symlink attack on /tmp/xnbd.log. | |||||
| CVE-2012-2244 | 1 Mahara | 1 Mahara | 2013-02-08 | 6.0 MEDIUM | N/A |
| Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote authenticated administrators to execute arbitrary programs by modifying the path to clamav. NOTE: this can be exploited without authentication by leveraging CVE-2012-2243. | |||||
| CVE-2012-5187 | 1 Weathernews | 1 Weathernews Touch | 2013-02-07 | 4.3 MEDIUM | N/A |
| The Weathernews Touch application 2.3.2 and earlier for Android allows attackers to obtain sensitive information about logged locations via a crafted application that leverages read permission for system log files. | |||||
| CVE-2009-3108 | 1 Symantec | 1 Altiris Deployment Solution | 2013-02-07 | 7.2 HIGH | N/A |
| The Aclient GUI in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 installs a client executable with insecure permissions (Everyone:Full Control), which allows local users to gain privileges by replacing the executable with a Trojan horse program. | |||||
| CVE-2012-2292 | 1 Emc | 2 Rsa Archer Egrc, Rsa Archer Smartsuite | 2013-02-06 | 7.5 HIGH | N/A |
| The Silverlight cross-domain policy in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 does not restrict access to the Archer application, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | |||||
| CVE-2013-1110 | 1 Cisco | 1 Webex Training Center | 2013-02-02 | 4.0 MEDIUM | N/A |
| Cisco WebEx Training Center allow remote authenticated users to bypass intended privilege restrictions and (1) enable or (2) disable training-center recordings via a crafted URL, aka Bug ID CSCzu81065. | |||||
| CVE-2013-1108 | 1 Cisco | 1 Webex Training Center | 2013-02-02 | 4.0 MEDIUM | N/A |
| Cisco WebEx Training Center allows remote authenticated users to remove hands-on lab-session reservations via a crafted URL, aka Bug ID CSCzu81064. | |||||
| CVE-2012-4022 | 1 Simon Brown | 1 Pebble | 2013-02-02 | 6.4 MEDIUM | N/A |
| Pebble before 2.6.4 allows remote attackers to trigger loss of blog-entry viewability via a crafted comment. | |||||
| CVE-2012-3516 | 2 Citrix, Xen | 2 Xenserver, Xen | 2013-02-01 | 6.9 MEDIUM | N/A |
| The GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall in Xen 4.2 and Citrix XenServer 6.0.2 allows local guest kernels or administrators to cause a denial of service (host crash) and possibly gain privileges via a crafted grant reference that triggers a write to an arbitrary hypervisor memory location. | |||||