Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-4177 | 1 Ubi | 1 Uplay Pc | 2013-04-01 | 10.0 HIGH | N/A |
| The web browser plugin for Ubisoft Uplay PC before 2.0.4 allows remote attackers to execute arbitrary programs via the -orbit_exe_path command line argument. | |||||
| CVE-2012-1338 | 1 Cisco | 9 Catalyst 3560, Catalyst 3560-e, Catalyst 3560-x and 6 more | 2013-04-01 | 6.3 MEDIUM | N/A |
| Cisco IOS 15.0 and 15.1 on Catalyst 3560 and 3750 series switches allows remote authenticated users to cause a denial of service (device reload) by completing local web authentication quickly, aka Bug ID CSCts88664. | |||||
| CVE-2012-1340 | 1 Cisco | 2 Mds 9000, Mds 9000 Nx-os | 2013-04-01 | 5.0 MEDIUM | N/A |
| The Fibre Channel over IP (FCIP) implementation in Cisco MDS NX-OS 4.2 and 5.2 on MDS 9000 series switches allows remote attackers to cause a denial of service (module reload) via a crafted FCIP header, aka Bug ID CSCtn93151. | |||||
| CVE-2012-1344 | 1 Cisco | 1 Ios | 2013-04-01 | 3.5 LOW | N/A |
| Cisco IOS 15.1 and 15.2, when a clientless SSL VPN is configured, allows remote authenticated users to cause a denial of service (device reload) by using a web browser to refresh the SSL VPN portal page, as demonstrated by the Android browser, aka Bug ID CSCtr86328. | |||||
| CVE-2012-0680 | 1 Apple | 1 Safari | 2013-04-01 | 5.0 MEDIUM | N/A |
| Apple Safari before 6.0 does not properly handle the autocomplete attribute of a password input element, which allows remote attackers to bypass authentication by leveraging an unattended workstation. | |||||
| CVE-2012-0681 | 1 Apple | 1 Apple Remote Desktop | 2013-04-01 | 4.3 MEDIUM | N/A |
| Apple Remote Desktop before 3.6.1 does not recognize the "Encrypt all network data" setting during connections to third-party VNC servers, which allows remote attackers to obtain cleartext VNC session content by sniffing the network. | |||||
| CVE-2012-0878 | 1 Pythonpaste | 1 Paste | 2013-04-01 | 5.1 MEDIUM | N/A |
| Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leveraging a web application that uses the local filesystem. | |||||
| CVE-2012-0271 | 1 Novell | 1 Groupwise | 2013-04-01 | 10.0 HIGH | N/A |
| Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before 8.0.3 HP1 and 2012 before SP1 might allow remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow, as demonstrated by a request with -1 in the Content-Length HTTP header. | |||||
| CVE-2012-0304 | 1 Symantec | 1 Liveupdate Administrator | 2013-04-01 | 6.9 MEDIUM | N/A |
| Symantec LiveUpdate Administrator before 2.3.1 uses weak permissions (Everyone: Full Control) for the installation directory, which allows local users to gain privileges via a Trojan horse file. | |||||
| CVE-2012-0410 | 1 Novell | 1 Groupwise | 2013-04-01 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in WebAccess in Novell GroupWise before 8.03 allows remote attackers to read arbitrary files via the User.interface parameter. | |||||
| CVE-2013-0659 | 1 Siemens | 4 Cp 1604, Cp 1604 Firmware, Cp 1616 and 1 more | 2013-04-01 | 10.0 HIGH | N/A |
| The debugging feature on the Siemens CP 1604 and CP 1616 interface cards with firmware before 2.5.2 allows remote attackers to execute arbitrary code via a crafted packet to UDP port 17185. | |||||
| CVE-2013-2264 | 1 Asterisk | 4 Business Edition, Certified Asterisk, Digiumphones and 1 more | 2013-04-01 | 5.0 MEDIUM | N/A |
| The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur. | |||||
| CVE-2013-2686 | 1 Asterisk | 3 Certified Asterisk, Digiumphones, Open Source | 2013-04-01 | 5.0 MEDIUM | N/A |
| main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which allows remote attackers to conduct stack-consumption attacks and cause a denial of service (daemon crash) via a crafted HTTP POST request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-5976. | |||||
| CVE-2013-0130 | 1 Coreftp | 1 Coreftp | 2013-03-29 | 5.1 MEDIUM | N/A |
| Multiple buffer overflows in Core FTP before 2.2 build 1769 allow remote FTP servers to execute arbitrary code or cause a denial of service (application crash) via a long directory name in a (1) DELE, (2) LIST, or (3) VIEW command. | |||||
| CVE-2013-1082 | 1 Novell | 1 Zenworks Mobile Management | 2013-03-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in DUSAP.php in Novell ZENworks Mobile Management before 2.7.1 allows remote attackers to include and execute arbitrary local files via the language parameter. | |||||
| CVE-2013-1085 | 1 Novell | 2 Groupwise Messenger, Messenger | 2013-03-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the nim: protocol handler in Novell GroupWise Messenger 2.04 and earlier, and Novell Messenger 2.1.x and 2.2.x before 2.2.2, allows remote attackers to execute arbitrary code via an import command containing a long string in the filename parameter. | |||||
| CVE-2013-2301 | 1 Omron | 1 Openwnn | 2013-03-29 | 4.3 MEDIUM | N/A |
| The OMRON OpenWnn application before 1.3.6 for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem. | |||||
| CVE-2013-1148 | 1 Cisco | 2 Ios, Ios Xe | 2013-03-29 | 7.8 HIGH | N/A |
| The General Responder implementation in the IP Service Level Agreement (SLA) feature in Cisco IOS 15.2 and IOS XE 3.1.xS through 3.4.xS before 3.4.5S and 3.5.xS through 3.7.xS before 3.7.2S allows remote attackers to cause a denial of service (device reload) via crafted (1) IPv4 or (2) IPv6 IP SLA packets on UDP port 1167, aka Bug ID CSCuc72594. | |||||
| CVE-2013-1146 | 1 Cisco | 1 Ios | 2013-03-29 | 7.8 HIGH | N/A |
| The Smart Install client functionality in Cisco IOS 12.2 and 15.0 through 15.3 on Catalyst switches allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in Smart Install packets, aka Bug ID CSCub55790. | |||||
| CVE-2012-5879 | 1 Mcafee | 2 Epo Mcafee Virtual Technician, Mcafee Virtual Technician | 2013-03-29 | 8.2 HIGH | N/A |
| An ActiveX control in McHealthCheck.dll in McAfee Virtual Technician (MVT) and ePO-MVT 6.5.0.2101 and earlier allows remote attackers to modify or create arbitrary files via a full pathname argument to the Save method. | |||||