Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-3512 | 1 Gwos | 1 Groundwork Monitor | 2013-05-08 | 6.5 MEDIUM | N/A |
| The Cacti component in GroundWork Monitor Enterprise 6.7.0 does not properly perform authorization checks, which allows remote authenticated users to read or modify configuration settings via unspecified vectors, as demonstrated by reading credentials. | |||||
| CVE-2013-1232 | 1 Cisco | 3 Webex Meetings Server, Webex Node For Asr 1000 Series, Webex Node For Mcs | 2013-05-06 | 5.0 MEDIUM | N/A |
| The HTTP implementation in Cisco WebEx Node for MCS, WebEx Meetings Server, and WebEx Node for ASR 1000 Series allows remote attackers to read the contents of uninitialized memory locations via a crafted request, aka Bug IDs CSCue36672, CSCue31363, CSCuf17466, and CSCug61252. | |||||
| CVE-2013-1240 | 1 Cisco | 1 Unified Communications Manager | 2013-05-05 | 4.6 MEDIUM | N/A |
| The command-line interface in Cisco Unified Communications Manager (CUCM) does not properly validate input, which allows local users to read arbitrary files via unspecified vectors, aka Bug ID CSCue25770. | |||||
| CVE-2012-4520 | 1 Djangoproject | 1 Django | 2013-05-03 | 6.4 MEDIUM | N/A |
| The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values. | |||||
| CVE-2013-0945 | 1 Emc | 1 Avamar | 2013-05-03 | 9.3 HIGH | N/A |
| EMC Avamar Client before 6.1.101-89 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2013-1231 | 1 Cisco | 2 Webex Meetings Server, Webex Node For Mcs | 2013-05-03 | 5.0 MEDIUM | N/A |
| The HTTP implementation in Cisco WebEx Node for MCS and WebEx Meetings Server allows remote attackers to read cache files via a crafted request, aka Bug IDs CSCue36664 and CSCue36629. | |||||
| CVE-2013-1229 | 1 Cisco | 1 Telepresence Management Suite | 2013-05-01 | 5.0 MEDIUM | N/A |
| TMSSNMPService.exe in TelePresence Manager in Cisco TelePresence Management Suite (TMS) on 64-bit platforms allows remote attackers to cause a denial of service (process crash) via SNMP traps, aka Bug ID CSCue00028. | |||||
| CVE-2013-1196 | 1 Cisco | 11 Application Networking Manager, Context Directory Agent, Identity Services Engine Software and 8 more | 2013-04-30 | 6.8 MEDIUM | N/A |
| The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System, Prime LAN Management Solution (LMS), Prime Collaboration, Unified Provisioning Manager, Network Services Manager, Prime Data Center Network Manager (DCNM), and Quad does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCug29384, CSCug13866, CSCug29400, CSCug29406, CSCug29411, CSCug29413, CSCug29416, CSCug29418, CSCug29422, CSCug29425, and CSCug29426, a different issue than CVE-2013-1125. | |||||
| CVE-2013-1184 | 1 Cisco | 6 Unified Computing System 6120xp Fabric Interconnect, Unified Computing System 6140xp Fabric Interconnect, Unified Computing System 6248up Fabric Interconnect and 3 more | 2013-04-25 | 7.8 HIGH | N/A |
| The management API in the XML API management service in the Manager component in Cisco Unified Computing System (UCS) 1.x before 1.2(1b) allows remote attackers to cause a denial of service (service outage) via a malformed request, aka Bug ID CSCtg48206. | |||||
| CVE-2013-1176 | 1 Cisco | 12 Telepresence Mcu 4500 Series Software, Telepresence Mcu 4501, Telepresence Mcu 4501 Series Software and 9 more | 2013-04-18 | 7.1 HIGH | N/A |
| The DSP card on Cisco TelePresence MCU 4500 and 4501 devices before 4.3(2.30), TelePresence MCU MSE 8510 devices before 4.3(2.30), and TelePresence Server before 2.3(1.55) does not properly validate H.264 data, which allows remote attackers to cause a denial of service (device reload) via crafted RTP packets in a (1) SIP session or (2) H.323 session, aka Bug IDs CSCuc11328 and CSCub05448. | |||||
| CVE-2012-2242 | 1 Devscripts Devel Team | 1 Devscripts | 2013-04-18 | 6.8 MEDIUM | N/A |
| scripts/dget.pl in devscripts before 2.10.73 allows remote attackers to execute arbitrary commands via a crafted (1) .dsc or (2) .changes file, related to "arguments to external commands" that are not properly escaped, a different vulnerability than CVE-2012-2240. | |||||
| CVE-2012-2240 | 1 Devscripts Devel Team | 1 Devscripts | 2013-04-18 | 7.5 HIGH | N/A |
| scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to "arguments to external commands." | |||||
| CVE-2010-0547 | 1 Samba | 1 Samba | 2013-04-18 | 2.1 LOW | N/A |
| client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string. | |||||
| CVE-2012-4695 | 1 Rockwellautomation | 1 Rslinx Enterprise | 2013-04-17 | 7.1 HIGH | N/A |
| LogReceiver.exe in Rockwell Automation RSLinx Enterprise CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (service outage) via a zero-byte UDP packet that is not properly handled by Logger.dll. | |||||
| CVE-2013-1187 | 1 Cisco | 1 Jabber Extensible Communications Platform | 2013-04-16 | 5.0 MEDIUM | N/A |
| The Connection Manager in Cisco Jabber Extensible Communications Platform (aka Jabber XCP) does not properly validate login data, which allows remote attackers to cause a denial of service (service crash) by sending a series of malformed login packets, aka Bug ID CSCts76762. | |||||
| CVE-2013-1197 | 1 Cisco | 1 Unified Presence | 2013-04-16 | 6.8 MEDIUM | N/A |
| The XML parser in the server in Cisco Unified Presence (CUP) allows remote authenticated users to cause a denial of service (jabberd daemon crash) via crafted XML content in an XMPP message, aka Bug ID CSCue13912. | |||||
| CVE-2013-0285 | 1 Nori Gem Project | 1 Nori Gem | 2013-04-15 | 7.5 HIGH | N/A |
| The nori gem 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x before 1.0.3 for Ruby does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156. | |||||
| CVE-2012-3010 | 1 Ge | 1 Intelligent Platforms Proficy Real-time Information Portal | 2013-04-12 | 10.0 HIGH | N/A |
| rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a different vulnerability than CVE-2012-3021 and CVE-2012-3026. | |||||
| CVE-2012-3021 | 1 Ge | 1 Intelligent Platforms Proficy Real-time Information Portal | 2013-04-12 | 10.0 HIGH | N/A |
| rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a different vulnerability than CVE-2012-3010 and CVE-2012-3026. | |||||
| CVE-2012-3026 | 1 Ge | 1 Intelligent Platforms Proficy Real-time Information Portal | 2013-04-12 | 10.0 HIGH | N/A |
| rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a different vulnerability than CVE-2012-3010 and CVE-2012-3021. | |||||