| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-1900 |
189 |
|
|
2013-04-04 |
2013-04-10 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions." |
|
2 |
CVE-2013-1178 |
119 |
|
Exec Code Overflow |
2013-04-25 |
2013-04-25 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple buffer overflows in the Cisco Discovery Protocol (CDP) implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(4) and 6.x before 6.1(1), Nexus 5000 and 5500 devices 4.x and 5.x before 5.1(3)N1(1), Nexus 4000 devices before 4.1(2)E1(1h), Nexus 3000 devices 5.x before 5.0(3)U3(1), Nexus 1000V devices 4.x before 4.2(1)SV1(5.1), MDS 9000 devices 4.x and 5.x before 5.2(4), Unified Computing System (UCS) 6100 and 6200 devices before 2.0(2m), and Connected Grid Router (CGR) 1000 devices before CG4(1) allow remote attackers to execute arbitrary code via malformed CDP packets, aka Bug IDs CSCtu10630, CSCtu10551, CSCtu10550, CSCtw56581, CSCtu10548, CSCtu10544, and CSCuf61275. |
|
3 |
CVE-2013-0664 |
|
|
Exec Code |
2013-04-04 |
2013-04-04 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows remote authenticated users to send Modbus messages, and consequently execute arbitrary code, by embedding these messages in SOAP HTTP POST requests. |
|
4 |
CVE-2013-0487 |
287 |
|
|
2013-03-27 |
2013-03-27 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
The Java Console in IBM Domino 8.5.x allows remote authenticated users to hijack temporary credentials by leveraging knowledge of configuration details, aka SPR KLYH8TNNDN. |
|
5 |
CVE-2012-6439 |
|
|
DoS |
2013-01-24 |
2013-01-25 |
8.5 |
None |
Remote |
Low |
Not required |
None |
Partial |
Complete |
|
Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to cause a denial of service (control and communication outage) via a CIP message that modifies the (1) configuration or (2) network parameters. |
|
6 |
CVE-2012-5879 |
264 |
|
|
2013-03-28 |
2013-03-29 |
8.2 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Partial |
|
An ActiveX control in McHealthCheck.dll in McAfee Virtual Technician (MVT) and ePO-MVT 6.5.0.2101 and earlier allows remote attackers to modify or create arbitrary files via a full pathname argument to the Save method. |
|
7 |
CVE-2012-5458 |
264 |
|
+Priv |
2012-11-14 |
2012-11-19 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows use weak permissions for unspecified process threads, which allows host OS users to gain host OS privileges via a crafted application. |
|
8 |
CVE-2012-5215 |
|
|
DoS |
2013-03-09 |
2013-03-17 |
8.8 |
None |
Remote |
Medium |
Not required |
None |
Complete |
Complete |
|
Unspecified vulnerability on the HP LaserJet Pro M1212nf, M1213nf, M1214nfh, M1216nfh, M1217nfw, and M1219nf, and HotSpot LaserJet Pro M1218nfs, with firmware before 20130211; LaserJet Pro CP1025nw with firmware before 20130212; and LaserJet Pro P1102w and P1606dn with firmware before 20130213 allows remote attackers to modify data or cause a denial of service via unknown vectors. |
|
9 |
CVE-2012-4991 |
22 |
1
|
Dir. Trav. |
2012-12-13 |
2012-12-13 |
8.5 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
None |
|
Multiple directory traversal vulnerabilities in Axway SecureTransport 5.1 SP2 and earlier allow remote authenticated users to (1) read, (2) delete, or (3) create files, or (4) list directories, via a ..%5C (encoded dot dot backslash) in a URI. |
|
10 |
CVE-2012-4826 |
119 |
|
Exec Code Overflow |
2012-10-20 |
2013-03-01 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the SQL/PSM (aka SQL Persistent Stored Module) Stored Procedure (SP) infrastructure in IBM DB2 9.1, 9.5, 9.7 before FP7, 9.8, and 10.1 might allow remote authenticated users to execute arbitrary code by debugging a stored procedure. |
|
11 |
CVE-2012-4297 |
119 |
|
Exec Code Overflow |
2012-08-16 |
2012-09-07 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the dissect_gsm_rlcmac_downlink function in epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC MAC dissector in Wireshark 1.6.x before 1.6.10 and 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a malformed packet. |
|
12 |
CVE-2012-3703 |
|
|
DoS Exec Code Mem. Corr. |
2012-09-13 |
2013-05-03 |
8.3 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Complete |
|
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. |
|
13 |
CVE-2012-3590 |
|
|
DoS Exec Code Mem. Corr. |
2012-07-25 |
2012-09-21 |
8.8 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
None |
|
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. |
|
14 |
CVE-2012-3268 |
200 |
|
+Info |
2013-02-01 |
2013-04-04 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, and UTM Appliance products; certain HP 3Com Access Controller, Router, and Switch products; certain HP H3C Access Controller, Firewall, Router, Switch, and Switch and Route Processing Unit products; and certain Huawei Firewall/Gateway, Router, Switch, and Wireless products do not properly implement access control as defined in h3c-user.mib 2.0 and hh3c-user.mib 2.0, which allows remote authenticated users to discover credentials in UserInfoEntry values via an SNMP request with the read-only community. |
|
15 |
CVE-2012-3074 |
78 |
|
Exec Code |
2012-07-12 |
2012-07-16 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
An unspecified API on Cisco TelePresence Immersive Endpoint Devices before 1.9.1 allows remote attackers to execute arbitrary commands by leveraging certain adjacency and sending a malformed request on TCP port 61460, aka Bug ID CSCtz38382. |
|
16 |
CVE-2012-3022 |
264 |
|
|
2013-04-16 |
2013-04-16 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
The SaveToFile method in a certain ActiveX control in TrendDisplay.dll in Canary Labs TrendLink 9.0.2.27051 and earlier does not properly restrict the creation of files, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a crafted web site. |
|
17 |
CVE-2012-3009 |
264 |
|
|
2012-08-16 |
2012-08-16 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
Siemens COMOS before 9.1 Patch 413, 9.2 before Update 03 Patch 023, and 10.0 before Patch 005 allows remote authenticated users to obtain database administrative access via unspecified method calls. |
|
18 |
CVE-2012-3008 |
119 |
|
Exec Code Overflow |
2012-07-20 |
2012-07-23 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in OSIsoft PI OPC DA Interface before 2.3.20.9 allows remote authenticated users to execute arbitrary code by sending packet data during the processing of messages associated with OPC items. |
|
19 |
CVE-2012-3001 |
78 |
|
Exec Code |
2012-10-22 |
2013-03-01 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
Mutiny Standard before 4.5-1.12 allows remote attackers to execute arbitrary commands via the network-interface menu, related to a "command injection vulnerability." |
|
20 |
CVE-2012-2486 |
94 |
|
Exec Code |
2012-07-12 |
2012-07-16 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Cisco Discovery Protocol (CDP) implementation on Cisco TelePresence Multipoint Switch before 1.9.0, Cisco TelePresence Immersive Endpoint Devices before 1.9.1, Cisco TelePresence Manager before 1.9.0, and Cisco TelePresence Recording Server before 1.8.1 allows remote attackers to execute arbitrary code by leveraging certain adjacency and sending a malformed CDP packet, aka Bug IDs CSCtz40953, CSCtz40947, CSCtz40965, and CSCtz40953. |
|
21 |
CVE-2012-2441 |
310 |
|
|
2012-04-27 |
2012-04-30 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
RuggedCom Rugged Operating System (ROS) before 3.3 has a factory account with a password derived from the MAC Address field in a banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) SSH or (2) HTTPS session, a different vulnerability than CVE-2012-1803. |
|
22 |
CVE-2012-2287 |
287 |
|
Bypass |
2012-09-25 |
2013-03-21 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
The authentication functionality in EMC RSA Authentication Agent 7.1 and RSA Authentication Client 3.5 on Windows XP and Windows Server 2003, when an unspecified configuration exists, allows remote authenticated users to bypass an intended token-authentication step, and establish a login session to a remote host, by leveraging Windows credentials for that host. |
|
23 |
CVE-2012-2004 |
20 |
|
|
2012-05-02 |
2012-05-03 |
8.3 |
None |
Remote |
Medium |
Not required |
Complete |
Partial |
Partial |
|
Open redirect vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. |
|
24 |
CVE-2012-2002 |
20 |
|
|
2012-05-02 |
2012-05-11 |
8.3 |
None |
Remote |
Medium |
Not required |
Complete |
Partial |
Partial |
|
Open redirect vulnerability in HP SNMP Agents for Linux before 9.0.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. |
|
25 |
CVE-2012-1999 |
|
|
+Info |
2013-03-11 |
2013-03-18 |
8.5 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
None |
|
Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7.0 allows remote authenticated users to obtain sensitive information or modify data via unknown vectors. |
|
26 |
CVE-2012-1803 |
310 |
|
|
2012-04-27 |
2013-05-20 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
RuggedCom Rugged Operating System (ROS) 3.10.x and earlier has a factory account with a password derived from the MAC Address field in the banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) TELNET, (2) remote shell (aka rsh), or (3) serial-console session. |
|
27 |
CVE-2012-1667 |
189 |
|
DoS Mem. Corr. +Info |
2012-06-05 |
2013-04-18 |
8.5 |
None |
Remote |
Low |
Not required |
Partial |
None |
Complete |
|
ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record. |
|
28 |
CVE-2012-1518 |
264 |
|
+Priv |
2012-04-17 |
2012-04-20 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
VMware Workstation 8.x before 8.0.2, VMware Player 4.x before 4.0.2, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 though 5.0, and VMware ESX 3.5 through 4.1 use an incorrect ACL for the VMware Tools folder, which allows guest OS users to gain guest OS privileges via unspecified vectors. |
|
29 |
CVE-2012-1515 |
264 |
|
+Priv |
2012-04-02 |
2013-03-06 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
VMware ESXi 3.5, 4.0, and 4.1 and ESX 3.5, 4.0, and 4.1 do not properly implement port-based I/O operations, which allows guest OS users to gain guest OS privileges by overwriting memory locations in a read-only memory block associated with the Virtual DOS Machine. |
|
30 |
CVE-2012-1222 |
119 |
|
Exec Code Overflow |
2012-02-21 |
2012-03-20 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in RabidHamster R2/Extreme 1.65 and earlier allows remote authenticated users to execute arbitrary code via a long string to TCP port 23. |
|
31 |
CVE-2012-0992 |
20 |
|
Exec Code |
2012-02-07 |
2012-02-08 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
interface/fax/fax_dispatch.php in OpenEMR 4.1.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the file parameter. |
|
32 |
CVE-2012-0384 |
264 |
|
Exec Code Bypass |
2012-03-29 |
2013-03-25 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS before 3.1.2S, 3.2.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.1.xSG and 3.2.xSG before 3.2.2SG, when AAA authorization is enabled, allow remote authenticated users to bypass intended access restrictions and execute commands via a (1) HTTP or (2) HTTPS session, aka Bug ID CSCtr91106. |
|
33 |
CVE-2011-4879 |
20 |
1
|
DoS |
2012-02-03 |
2012-08-31 |
8.5 |
None |
Remote |
Low |
Not required |
Partial |
None |
Complete |
|
miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not properly handle URIs beginning with a 0xfa character, which allows remote attackers to read data from arbitrary memory locations or cause a denial of service (application crash) via a crafted POST request. |
|
34 |
CVE-2011-3416 |
264 |
|
Bypass |
2011-12-29 |
2013-01-29 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability." |
|
35 |
CVE-2011-2739 |
264 |
|
Exec Code |
2011-11-09 |
2012-02-13 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
The file-blocking feature in EMC Documentum eRoom 7.3.x and 7.4.x before 7.4.3.g does not properly restrict the uploading and opening of files with dangerous file types, which allows remote authenticated users to execute arbitrary code via an uploaded file. |
|
36 |
CVE-2011-2497 |
189 |
|
DoS Overflow Mem. Corr. |
2011-08-29 |
2012-03-19 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer underflow in the l2cap_config_req function in net/bluetooth/l2cap_core.c in the Linux kernel before 3.0 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a small command-size value within the command header of a Logical Link Control and Adaptation Protocol (L2CAP) configuration request, leading to a buffer overflow. |
|
37 |
CVE-2011-2401 |
|
|
|
2011-07-29 |
2011-09-06 |
8.3 |
None |
Remote |
Medium |
Not required |
Complete |
Partial |
Partial |
|
Session fixation vulnerability in HP SiteScope 9.x, 10.x, and 11.x allows remote attackers to hijack web sessions via unspecified vectors. |
|
38 |
CVE-2011-2301 |
|
|
|
2011-10-18 |
2012-05-14 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the Oracle Text component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and availability, related to CTXSYS.DRVDISP. |
|
39 |
CVE-2011-2193 |
119 |
|
Overflow +Priv |
2011-06-24 |
2012-01-18 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
Multiple buffer overflows in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.x before 2.4.14, 2.5.x before 2.5.6, and 3.x before 3.0.2 allow (1) remote authenticated users to gain privileges via a long Job_Name field in a qsub command to the server, and might allow (2) local users to gain privileges via vectors involving a long host variable in pbs_iff. |
|
40 |
CVE-2011-2074 |
|
|
DoS Exec Code |
2011-05-10 |
2011-05-26 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the client in Skype 5.x before 5.1.0.922 on Mac OS X allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via a crafted message. |
|
41 |
CVE-2011-1861 |
|
|
+Info |
2011-06-14 |
2011-09-21 |
8.3 |
None |
Remote |
Medium |
Not required |
Complete |
Partial |
Partial |
|
Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to modify data or obtain sensitive information via unknown vectors. |
|
42 |
CVE-2011-1857 |
|
|
Bypass |
2011-06-14 |
2011-09-21 |
8.2 |
None |
Remote |
Medium |
Single system |
Partial |
Complete |
Complete |
|
Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote authenticated users to bypass intended access restrictions via unknown vectors. |
|
43 |
CVE-2011-1774 |
20 |
|
Exec Code |
2011-07-21 |
2012-02-13 |
8.8 |
None |
Remote |
Medium |
Not required |
None |
Complete |
Complete |
|
WebKit in Apple Safari before 5.0.6 has improper libxslt security settings, which allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted web site. NOTE: this may overlap CVE-2011-1425. |
|
44 |
CVE-2011-1736 |
22 |
|
Dir. Trav. |
2011-05-07 |
2011-09-06 |
8.5 |
None |
Remote |
Low |
Not required |
Complete |
None |
Partial |
|
Directory traversal vulnerability in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to read arbitrary files via directory traversal sequences in a filename in a GET_FILE message. |
|
45 |
CVE-2011-1609 |
89 |
|
Exec Code Sql |
2011-05-03 |
2011-05-11 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
SQL injection vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtg85647. |
|
46 |
CVE-2011-1366 |
|
|
Exec Code |
2011-10-30 |
2011-11-21 |
8.8 |
None |
Remote |
Medium |
Not required |
None |
Complete |
Complete |
|
Unspecified vulnerability in the Import feature in IBM Rational AppScan Enterprise and AppScan Reporting Console 5.2 through 7.9.x and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary commands on an agent server via a crafted ZIP archive. |
|
47 |
CVE-2011-1347 |
|
|
Bypass |
2011-03-10 |
2011-09-06 |
8.8 |
None |
Remote |
Medium |
Not required |
None |
Complete |
Complete |
|
Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011. |
|
48 |
CVE-2011-1036 |
|
|
|
2011-02-25 |
2011-09-21 |
8.8 |
None |
Remote |
Medium |
Not required |
None |
Complete |
Complete |
|
The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods. |
|
49 |
CVE-2011-0648 |
|
|
+Priv |
2011-03-16 |
2011-09-21 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in EMC Avamar before 5.0.4-30 allows remote authenticated users to gain privileges via unknown vectors. |
|
50 |
CVE-2011-0454 |
119 |
|
Exec Code Overflow |
2011-03-01 |
2011-03-10 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the PPP Access Concentrator (PPPAC) on the SEIL/x86 with firmware 1.00 through 1.61, SEIL/B1 with firmware 1.00 through 3.11, SEIL/X1 with firmware 1.00 through 3.11, SEIL/X2 with firmware 1.00 through 3.11, SEIL/Turbo with firmware 1.80 through 2.10, and SEIL/neu 2FE Plus with firmware 1.80 through 2.10 might allow remote attackers to execute arbitrary code via a PPPoE packet. |
