LanGuard reports



Supported OVAL Bulletins


More information on 2017 updates



ID:
CVE-2013-6981
Title:
Cisco IOS XE 3.7S(.1) and earlier allows remote attackers to cause a denial of service (Packet Processor crash) via fragmented MPLS IP packets, aka Bug ID CSCul00709.
Type:
Hardware
Bulletins:
CVE-2013-6981
SFBID64514
Severity:
Medium
Description:
Cisco IOS XE 3.7S(.1) and earlier allows remote attackers to cause a denial of service (Packet Processor crash) via fragmented MPLS IP packets, aka Bug ID CSCul00709.
Applies to:
Created:
2013-12-27
Updated:
2017-06-03

ID:
CVE-2013-6979
Title:
The VTY authentication implementation in Cisco IOS XE 03.02.xxSE and 03.03.xxSE incorrectly relies on the Linux-IOS internal-network configuration, which allows remote attackers to bypass authentication by leveraging access to a 192.168.x.2 source...
Type:
Hardware
Bulletins:
CVE-2013-6979
SFBID64502
Severity:
Medium
Description:
The VTY authentication implementation in Cisco IOS XE 03.02.xxSE and 03.03.xxSE incorrectly relies on the Linux-IOS internal-network configuration, which allows remote attackers to bypass authentication by leveraging access to a 192.168.x.2 source IP address, aka Bug ID CSCuj90227.
Applies to:
Created:
2013-12-23
Updated:
2017-06-03

ID:
CVE-2012-4131
Title:
Directory traversal vulnerability in tar in Cisco NX-OS allows local users to access arbitrary files via crafted command-line arguments, aka Bug IDs CSCty07157, CSCty07159, CSCty07162, and CSCty07164.
Type:
Hardware
Bulletins:
CVE-2012-4131
Severity:
Medium
Description:
Directory traversal vulnerability in tar in Cisco NX-OS allows local users to access arbitrary files via crafted command-line arguments, aka Bug IDs CSCty07157, CSCty07159, CSCty07162, and CSCty07164.
Applies to:
Created:
2013-12-21
Updated:
2017-06-03

ID:
CVE-2012-4135
Title:
Directory traversal vulnerability in filesys in Cisco NX-OS 6.1(2) and earlier allows local users to access arbitrary files via crafted command-line arguments during a delete action, aka Bug IDs CSCty07270, CSCty07271, CSCty07273, and CSCty07275.
Type:
Hardware
Bulletins:
CVE-2012-4135
Severity:
Medium
Description:
Directory traversal vulnerability in filesys in Cisco NX-OS 6.1(2) and earlier allows local users to access arbitrary files via crafted command-line arguments during a delete action, aka Bug IDs CSCty07270, CSCty07271, CSCty07273, and CSCty07275.
Applies to:
Created:
2013-12-21
Updated:
2017-06-03

ID:
CVE-2013-6978
Title:
The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug...
Type:
Hardware
Bulletins:
CVE-2013-6978
SFBID64421
Severity:
Medium
Description:
The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug ID CSCuj39249.
Applies to:
Unified Communications Manager
Created:
2013-12-21
Updated:
2017-06-03

ID:
CVE-2013-5196
Title:
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2013-5196
Severity:
Medium
Description:
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
Applies to:
Created:
2013-12-18
Updated:
2017-06-03

ID:
CVE-2013-5197
Title:
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2013-5197
Severity:
Medium
Description:
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
Applies to:
Created:
2013-12-18
Updated:
2017-06-03

ID:
CVE-2013-5198
Title:
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2013-5198
Severity:
Medium
Description:
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
Applies to:
Created:
2013-12-18
Updated:
2017-06-03

ID:
CVE-2013-4775
Title:
NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware 5.3.0.17; and GS752TXS and GS728TXS with firmware...
Type:
Hardware
Bulletins:
CVE-2013-4775
Severity:
High
Description:
NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware 5.3.0.17; and GS752TXS and GS728TXS with firmware 6.1.0.12 allows remote attackers to read encrypted administrator credentials and other startup configurations via a direct request to filesystem/startup-config.
Applies to:
GS724Tv3 Smart Switch
GS716Tv2 Smart Switch
GS728TPS Stack Smart Switch
GS728TS Stack Smart Switch
GS752TPS Stack Smart Switch
Created:
2013-12-18
Updated:
2017-06-03

ID:
CVE-2013-4776
Title:
NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier, GS748Tv4 5.4.1.14, and GS510TP 5.0.4.4 allows remote attackers to cause a denial of service (reboot or crash) via a crafted HTTP request to filesystem/.
Type:
Hardware
Bulletins:
CVE-2013-4776
Severity:
High
Description:
NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier, GS748Tv4 5.4.1.14, and GS510TP 5.0.4.4 allows remote attackers to cause a denial of service (reboot or crash) via a crafted HTTP request to filesystem/.
Applies to:
GS724Tv3 Smart Switch
GS716Tv2 Smart Switch
Created:
2013-12-18
Updated:
2017-06-03

ID:
CVE-2013-5199
Title:
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2013-5199
SFBID64361
Severity:
Medium
Description:
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
Applies to:
Created:
2013-12-18
Updated:
2017-06-03

ID:
CVE-2013-5225
Title:
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2013-5225
Severity:
Medium
Description:
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
Applies to:
Created:
2013-12-18
Updated:
2017-06-03

ID:
CVE-2013-5228
Title:
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2013-5228
Severity:
Medium
Description:
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
Applies to:
Created:
2013-12-18
Updated:
2017-06-03

ID:
CVE-2013-6271
Title:
Android 4.0 through 4.3 allows attackers to bypass intended access restrictions and remove device locks via a crafted application that invokes the updateUnlockMethodAndFinish method in the com.android.settings.ChooseLockGeneric class...
Type:
Mobile Devices
Bulletins:
CVE-2013-6271
Severity:
High
Description:
Android 4.0 through 4.3 allows attackers to bypass intended access restrictions and remove device locks via a crafted application that invokes the updateUnlockMethodAndFinish method in the com.android.settings.ChooseLockGeneric class with the PASSWORD_QUALITY_UNSPECIFIED option.
Applies to:
Created:
2013-12-14
Updated:
2017-06-03

ID:
CVE-2013-6956
Title:
Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web...
Type:
Hardware
Bulletins:
CVE-2013-6956
Severity:
Low
Description:
Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web rewrite is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Applies to:
Created:
2013-12-13
Updated:
2017-06-03

ID:
CVE-2013-6958
Title:
Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet.
Type:
Hardware
Bulletins:
CVE-2013-6958
Severity:
High
Description:
Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet.
Applies to:
Created:
2013-12-13
Updated:
2017-06-03

ID:
CVE-2013-2751
Title:
Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to...
Type:
Hardware
Bulletins:
CVE-2013-2751
Severity:
High
Description:
Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to the "forgot password workflow."
Applies to:
Created:
2013-12-12
Updated:
2017-06-03

ID:
CVE-2013-2752
Title:
Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_handler.pl in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to hijack the authentication of users.
Type:
Hardware
Bulletins:
CVE-2013-2752
Severity:
Medium
Description:
Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_handler.pl in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to hijack the authentication of users.
Applies to:
Created:
2013-12-12
Updated:
2017-06-03

ID:
CVE-2013-7030
Title:
** DISPUTED ** The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential...
Type:
Hardware
Bulletins:
CVE-2013-7030
Severity:
Medium
Description:
** DISPUTED ** The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential field in an SPDefault.cnf.xml file. NOTE: the vendor reportedly disputes the significance of this report, stating that this is an expected default behavior, and that the product's documentation describes use of the TFTP Encrypted Config option in addressing this issue.
Applies to:
Unified Communications Manager
Created:
2013-12-12
Updated:
2017-06-03

ID:
OVAL20770
Title:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
Type:
Web
Bulletins:
OVAL20770
CVE-2012-5254
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20656
Title:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
Type:
Web
Bulletins:
OVAL20656
CVE-2012-5265
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20893
Title:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
Type:
Web
Bulletins:
OVAL20893
CVE-2012-5260
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20846
Title:
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 and Adobe AIR before 3.5.0.600 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than...
Type:
Web
Bulletins:
OVAL20846
CVE-2012-5277
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, and CVE-2012-5280.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20651
Title:
Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 and Adobe AIR before 3.4.0.2540 on Windows, allow remote attackers to read content from a different domain via a crafted web site
Type:
Web
Bulletins:
OVAL20651
CVE-2012-4168
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow remote attackers to read content from a different domain via a crafted web site.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20607
Title:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
Type:
Web
Bulletins:
OVAL20607
CVE-2012-5248
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20915
Title:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
Type:
Web
Bulletins:
OVAL20915
CVE-2012-5253
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20318
Title:
Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content
Type:
Web
Bulletins:
OVAL20318
CVE-2012-1535
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document.
Applies to:
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20693
Title:
Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 and Adobe AIR before 3.4.0.2540 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
Type:
Web
Bulletins:
OVAL20693
CVE-2012-4163
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4164 and CVE-2012-4165.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20632
Title:
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 and Adobe AIR before 3.3.0.3610 on Windows, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors
Type:
Web
Bulletins:
OVAL20632
CVE-2012-2038
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20035
Title:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified...
Type:
Web
Bulletins:
OVAL20035
CVE-2012-5256
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20434
Title:
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
Type:
Web
Bulletins:
OVAL20434
CVE-2012-5263
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20323
Title:
Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 and Adobe AIR before 3.5.0.600 on Windows allow attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors
Type:
Web
Bulletins:
OVAL20323
CVE-2012-5278
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allow attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20739
Title:
Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 and Adobe AIR before 3.5.0.600 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors
Type:
Web
Bulletins:
OVAL20739
CVE-2012-5279
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20589
Title:
Unspecified vulnerability in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows has unknown impact and attack vectors
Type:
Web
Bulletins:
OVAL20589
CVE-2012-5673
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 has unknown impact and attack vectors.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20395
Title:
Buffer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 and Adobe AIR before 3.5.0.880 on Windows, allows attackers to execute arbitrary code via unspecified vectors
Type:
Web
Bulletins:
OVAL20395
CVE-2012-5676
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20958
Title:
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
Type:
Web
Bulletins:
OVAL20958
CVE-2012-5271
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20880
Title:
Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 and Adobe AIR before 3.4.0.2540 on Windows, allow attackers to cause a denial of service...
Type:
Web
Bulletins:
OVAL20880
CVE-2012-5054
Severity:
Low
Description:
Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 11.4.402.265 allows remote attackers to execute arbitrary code via malformed arguments.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL19970
Title:
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
Type:
Web
Bulletins:
OVAL19970
CVE-2012-5252
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20876
Title:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
Type:
Web
Bulletins:
OVAL20876
CVE-2012-5251
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20459
Title:
Stack-based buffer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 and Adobe AIR before 3.3.0.3610 on Windows, allows attackers to execute arbitrary code via unspecified vectors
Type:
Web
Bulletins:
OVAL20459
CVE-2012-2035
Severity:
Low
Description:
Stack-based buffer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20424
Title:
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 and Adobe AIR before 3.3.0.3610 on Windows, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
Type:
Web
Bulletins:
OVAL20424
CVE-2012-2037
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2034.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20963
Title:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
Type:
Web
Bulletins:
OVAL20963
CVE-2012-5285
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20925
Title:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
Type:
Web
Bulletins:
OVAL20925
CVE-2012-5262
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20873
Title:
Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 and Adobe AIR before 3.4.0.2540 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
Type:
Web
Bulletins:
OVAL20873
CVE-2012-4165
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4163 and CVE-2012-4164.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL19949
Title:
Integer overflow in Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 and Adobe AIR before 3.4.0.2540 on Windows, allows attackers to execute arbitrary code via unspecified vectors
Type:
Web
Bulletins:
OVAL19949
CVE-2012-4167
Severity:
Low
Description:
Integer overflow in Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20789
Title:
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
Type:
Web
Bulletins:
OVAL20789
CVE-2012-5272
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20928
Title:
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 and Adobe AIR before 3.5.0.600 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than...
Type:
Web
Bulletins:
OVAL20928
CVE-2012-5276
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5277, and CVE-2012-5280.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL19994
Title:
Integer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 and Adobe AIR before 3.5.0.880 on Windows, allows attackers to execute arbitrary code via unspecified vectors
Type:
Web
Bulletins:
OVAL19994
CVE-2012-5677
Severity:
Low
Description:
Integer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20964
Title:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
Type:
Web
Bulletins:
OVAL20964
CVE-2012-5259
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20838
Title:
Integer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 and Adobe AIR before 3.3.0.3610 on Windows, allows attackers to execute arbitrary code via unspecified vectors
Type:
Web
Bulletins:
OVAL20838
CVE-2012-2036
Severity:
Low
Description:
Integer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20954
Title:
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
Type:
Web
Bulletins:
OVAL20954
CVE-2012-5270
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20879
Title:
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
Type:
Web
Bulletins:
OVAL20879
CVE-2012-5261
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20510
Title:
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
Type:
Web
Bulletins:
OVAL20510
CVE-2012-5269
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20559
Title:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
Type:
Web
Bulletins:
OVAL20559
CVE-2012-5249
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20472
Title:
Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on Windows allows remote attackers to execute arbitrary code via a crafted file, related to an "object confusion vulnerability"
Type:
Web
Bulletins:
OVAL20472
CVE-2012-0779
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on Windows, Mac OS X, and Linux; before 11.1.111.9 on Android 2.x and 3.x; and before 11.1.115.8 on Android 4.x allows remote attackers to execute arbitrary code via a crafted file, related to an "object confusion vulnerability," as exploited in the wild in May 2012.
Applies to:
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20654
Title:
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 and Adobe AIR before 3.3.0.3610 on Windows, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
Type:
Web
Bulletins:
OVAL20654
CVE-2012-2034
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2037.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20674
Title:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
Type:
Web
Bulletins:
OVAL20674
CVE-2012-5250
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20934
Title:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
Type:
Web
Bulletins:
OVAL20934
CVE-2012-5264
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20859
Title:
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
Type:
Web
Bulletins:
OVAL20859
CVE-2012-5267
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20148
Title:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
Type:
Web
Bulletins:
OVAL20148
CVE-2012-5266
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20556
Title:
Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 and Adobe AIR before 3.4.0.2540 on Windows, allow attackers to cause a denial of service (application crash) by leveraging a logic error during handling of Firefox dialogs
Type:
Web
Bulletins:
OVAL20556
CVE-2012-4171
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow attackers to cause a denial of service (application crash) by leveraging a logic error during handling of Firefox dialogs.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20772
Title:
Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 and Adobe AIR before 3.5.0.880 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors
Type:
Web
Bulletins:
OVAL20772
CVE-2012-5678
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20274
Title:
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 and Adobe AIR before 3.5.0.600 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than...
Type:
Web
Bulletins:
OVAL20274
CVE-2012-5275
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5276, CVE-2012-5277, and CVE-2012-5280.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20701
Title:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
Type:
Web
Bulletins:
OVAL20701
CVE-2012-5286
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20844
Title:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
Type:
Web
Bulletins:
OVAL20844
CVE-2012-5287
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20688
Title:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
Type:
Web
Bulletins:
OVAL20688
CVE-2012-5255
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20799
Title:
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
Type:
Web
Bulletins:
OVAL20799
CVE-2012-5268
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20968
Title:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
Type:
Web
Bulletins:
OVAL20968
CVE-2012-5257
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20892
Title:
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 and Adobe AIR before 3.5.0.600 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than...
Type:
Web
Bulletins:
OVAL20892
CVE-2012-5274
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, and CVE-2012-5280.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20840
Title:
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 and Adobe AIR before 3.3.0.3610 on Windows, allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors
Type:
Web
Bulletins:
OVAL20840
CVE-2012-2039
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20904
Title:
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 and Adobe AIR before 3.5.0.600 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than...
Type:
Web
Bulletins:
OVAL20904
CVE-2012-5280
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, and CVE-2012-5277.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL20727
Title:
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
Type:
Web
Bulletins:
OVAL20727
CVE-2012-5258
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-10
Updated:
2015-08-03

ID:
OVAL19802
Title:
Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows; Adobe AIR before 3.9.0.1210 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors,...
Type:
Web
Bulletins:
OVAL19802
CVE-2013-5329
Severity:
Low
Description:
Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows and Mac OS X and before 11.2.202.327 on Linux, Adobe AIR before 3.9.0.1210, Adobe AIR SDK before 3.9.0.1210, and Adobe AIR SDK & Compiler before 3.9.0.1210 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-5330.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-05
Updated:
2015-08-03

ID:
OVAL20078
Title:
Use-after-free vulnerability in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified...
Type:
Web
Bulletins:
OVAL20078
CVE-2013-0649
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0644 and CVE-2013-1374.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-05
Updated:
2015-08-03

ID:
OVAL19805
Title:
Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a...
Type:
Web
Bulletins:
OVAL19805
CVE-2013-1367
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-05
Updated:
2015-08-03

ID:
OVAL20044
Title:
Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a...
Type:
Web
Bulletins:
OVAL20044
CVE-2013-1365
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-05
Updated:
2015-08-03

ID:
OVAL20004
Title:
Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allow attackers to obtain sensitive information via unspecified vectors
Type:
Web
Bulletins:
OVAL20004
CVE-2013-0637
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allow attackers to obtain sensitive information via unspecified vectors.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-05
Updated:
2015-08-03

ID:
OVAL20125
Title:
Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a...
Type:
Web
Bulletins:
OVAL20125
CVE-2013-1369
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-05
Updated:
2015-08-03

ID:
OVAL20073
Title:
Integer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors
Type:
Web
Bulletins:
OVAL20073
CVE-2013-0639
Severity:
Low
Description:
Integer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-05
Updated:
2015-08-03

ID:
OVAL20133
Title:
Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows; Adobe AIR before 3.9.0.1210 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors,...
Type:
Web
Bulletins:
OVAL20133
CVE-2013-5330
Severity:
Low
Description:
Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows and Mac OS X and before 11.2.202.327 on Linux, Adobe AIR before 3.9.0.1210, Adobe AIR SDK before 3.9.0.1210, and Adobe AIR SDK & Compiler before 3.9.0.1210 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-5329.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-05
Updated:
2015-08-03

ID:
OVAL19930
Title:
Buffer overflow in the broker service in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows allows attackers to execute arbitrary code via unspecified vectors
Type:
Web
Bulletins:
OVAL19930
CVE-2013-0504
Severity:
Low
Description:
Buffer overflow in the broker service in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
OVAL20111
Title:
Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a...
Type:
Web
Bulletins:
OVAL20111
CVE-2013-0645
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-05
Updated:
2015-08-03

ID:
OVAL20137
Title:
Integer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows allows attackers to execute arbitrary code via PCM data that is not properly handled during resampling
Type:
Web
Bulletins:
OVAL20137
CVE-2013-3347
Severity:
Low
Description:
Integer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code via PCM data that is not properly handled during resampling.
Applies to:
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
OVAL20081
Title:
The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content
Type:
Web
Bulletins:
OVAL20081
CVE-2013-0643
Severity:
Low
Description:
The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.
Applies to:
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
OVAL19467
Title:
Buffer overflow in Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows, allows remote attackers to execute arbitrary code via crafted SWF content
Type:
Web
Bulletins:
OVAL19467
CVE-2013-0633
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-05
Updated:
2015-08-03

ID:
OVAL19869
Title:
Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a...
Type:
Web
Bulletins:
OVAL19869
CVE-2013-1370
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1372, and CVE-2013-1373.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-05
Updated:
2015-08-03

ID:
OVAL19913
Title:
Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows Adobe AIR before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different...
Type:
Web
Bulletins:
OVAL19913
CVE-2013-5324
Severity:
Low
Description:
Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x; Adobe AIR before 3.8.0.1430; and Adobe AIR SDK & Compiler before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3361, CVE-2013-3362, and CVE-2013-3363.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-05
Updated:
2015-08-03

ID:
OVAL19966
Title:
Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a...
Type:
Web
Bulletins:
OVAL19966
CVE-2013-1368
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-05
Updated:
2015-08-03

ID:
OVAL19661
Title:
Adobe Flash Player before 10.3.183.68, 11.x before 11.6.602.180 and Adobe AIR before 3.6.0.6090 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors
Type:
Web
Bulletins:
OVAL19661
CVE-2013-1371
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-05
Updated:
2015-08-03

ID:
OVAL19410
Title:
Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a...
Type:
Web
Bulletins:
OVAL19410
CVE-2013-1373
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, and CVE-2013-1372.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-05
Updated:
2015-08-03

ID:
OVAL19856
Title:
Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Adobe AIR before 3.7.0.1530 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified...
Type:
Web
Bulletins:
OVAL19856
CVE-2013-1378
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-1380.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-05
Updated:
2015-08-03

ID:
OVAL19427
Title:
Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than...
Type:
Web
Bulletins:
OVAL19427
CVE-2013-1372
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, and CVE-2013-1373.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-05
Updated:
2015-08-03

ID:
OVAL19898
Title:
Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows allows remote attackers to execute arbitrary code via crafted SWF content
Type:
Web
Bulletins:
OVAL19898
CVE-2013-0648
Severity:
Low
Description:
Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.
Applies to:
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
OVAL19629
Title:
Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Adobe AIR before 3.7.0.1530 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different...
Type:
Web
Bulletins:
OVAL19629
CVE-2013-1380
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-1378.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-05
Updated:
2015-08-03

ID:
OVAL19907
Title:
Integer overflow in Adobe Flash Player before 10.3.183.68, 11.x before 11.6.602.180 and Adobe AIR before 3.6.0.6090 on Windows allows attackers to execute arbitrary code via unspecified vectors
Type:
Web
Bulletins:
OVAL19907
CVE-2013-0646
Severity:
Low
Description:
Integer overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-05
Updated:
2015-08-03

ID:
OVAL19694
Title:
Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows Adobe AIR before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different...
Type:
Web
Bulletins:
OVAL19694
CVE-2013-3362
Severity:
Low
Description:
Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x; Adobe AIR before 3.8.0.1430; and Adobe AIR SDK & Compiler before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3361, CVE-2013-3363, and CVE-2013-5324.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-05
Updated:
2015-08-03

ID:
OVAL19510
Title:
Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability...
Type:
Web
Bulletins:
OVAL19510
CVE-2013-1374
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0644 and CVE-2013-0649.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-05
Updated:
2015-08-03

ID:
OVAL19528
Title:
Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors
Type:
Web
Bulletins:
OVAL19528
CVE-2013-3345
Severity:
Low
Description:
Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
OVAL19826
Title:
Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content
Type:
Web
Bulletins:
OVAL19826
CVE-2013-0634
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, as exploited in the wild in February 2013.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-05
Updated:
2015-08-03

ID:
OVAL20079
Title:
Use-after-free vulnerability in Adobe Flash Player before 10.3.183.68, 11.x before 11.6.602.180 and Adobe AIR before 3.6.0.6090 on Windows allows attackers to execute arbitrary code via unspecified vectors
Type:
Web
Bulletins:
OVAL20079
CVE-2013-0650
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-05
Updated:
2015-08-03

ID:
OVAL19824
Title:
Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Adobe AIR before 3.7.0.1530 allows remote attackers to execute arbitrary code via unspecified vectors
Type:
Web
Bulletins:
OVAL19824
CVE-2013-2555
Severity:
Low
Description:
Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-05
Updated:
2015-08-03

ID:
OVAL20080
Title:
Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via...
Type:
Web
Bulletins:
OVAL20080
CVE-2013-0638
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-0647.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-05
Updated:
2015-08-03

ID:
OVAL20011
Title:
Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Adobe AIR before 3.7.0.1530 do not properly initialize pointer arrays, which allows attackers to execute arbitrary code or cause a...
Type:
Web
Bulletins:
OVAL20011
CVE-2013-1379
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 do not properly initialize pointer arrays, which allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-05
Updated:
2015-08-03

ID:
OVAL19929
Title:
Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows Adobe AIR before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different...
Type:
Web
Bulletins:
OVAL19929
CVE-2013-3363
Severity:
Low
Description:
Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x; Adobe AIR before 3.8.0.1430; and Adobe AIR SDK & Compiler before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3361, CVE-2013-3362, and CVE-2013-5324.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-05
Updated:
2015-08-03

ID:
OVAL20006
Title:
Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a...
Type:
Web
Bulletins:
OVAL20006
CVE-2013-1366
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-05
Updated:
2015-08-03

ID:
OVAL20096
Title:
Buffer overflow in Adobe Flash Player before 10.3.183.50 and 11.x before 11.5.502.146 on Windows and in Adobe AIR before 3.5.0.1060, allows attackers to execute arbitrary code via unspecified vectors
Type:
Web
Bulletins:
OVAL20096
CVE-2013-0630
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.50 and 11.x before 11.5.502.146 on Windows and Mac OS X, before 10.3.183.50 and 11.x before 11.2.202.261 on Linux, before 11.1.111.31 on Android 2.x and 3.x, and before 11.1.115.36 on Android 4.x; Adobe AIR before 3.5.0.1060; and Adobe AIR SDK before 3.5.0.1060 allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-05
Updated:
2015-08-03

ID:
OVAL20025
Title:
Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via...
Type:
Web
Bulletins:
OVAL20025
CVE-2013-0647
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-0638.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-05
Updated:
2015-08-03

ID:
OVAL19957
Title:
Heap-based buffer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows allows attackers to execute arbitrary code via unspecified vectors
Type:
Web
Bulletins:
OVAL19957
CVE-2013-3344
Severity:
Low
Description:
Heap-based buffer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
OVAL19525
Title:
Use-after-free vulnerability in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified...
Type:
Web
Bulletins:
OVAL19525
CVE-2013-0644
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0649 and CVE-2013-1374.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-05
Updated:
2015-08-03

ID:
OVAL19896
Title:
Heap-based buffer overflow in Adobe Flash Player before 10.3.183.68, 11.x before 11.6.602.180 and Adobe AIR before 3.6.0.6090 on Windows allows attackers to execute arbitrary code via unspecified vectors
Type:
Web
Bulletins:
OVAL19896
CVE-2013-1375
Severity:
Low
Description:
Heap-based buffer overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-05
Updated:
2015-08-03

ID:
OVAL19961
Title:
Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a...
Type:
Web
Bulletins:
OVAL19961
CVE-2013-0642
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-05
Updated:
2015-08-03

ID:
OVAL20015
Title:
Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows Adobe AIR before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different...
Type:
Web
Bulletins:
OVAL20015
CVE-2013-3361
Severity:
Low
Description:
Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x; Adobe AIR before 3.8.0.1430; and Adobe AIR SDK & Compiler before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3362, CVE-2013-3363, and CVE-2013-5324.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-12-05
Updated:
2015-08-03

ID:
CVE-2013-6704
Title:
Cisco IOS XE does not properly manage memory for TFTP UDP flows, which allows remote attackers to cause a denial of service (memory consumption) via TFTP (1) client or (2) server traffic, aka Bug IDs CSCuh09324 and CSCty42686.
Type:
Hardware
Bulletins:
CVE-2013-6704
Severity:
High
Description:
Cisco IOS XE does not properly manage memory for TFTP UDP flows, which allows remote attackers to cause a denial of service (memory consumption) via TFTP (1) client or (2) server traffic, aka Bug IDs CSCuh09324 and CSCty42686.
Applies to:
Created:
2013-12-03
Updated:
2017-06-03

ID:
CVE-2013-6705
Title:
The IP Device Tracking (IPDT) feature in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (IPDT AVL corruption and device reload) via a crafted sequence of ARP packets, aka Bug ID CSCuh38133.
Type:
Hardware
Bulletins:
CVE-2013-6705
Severity:
Medium
Description:
The IP Device Tracking (IPDT) feature in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (IPDT AVL corruption and device reload) via a crafted sequence of ARP packets, aka Bug ID CSCuh38133.
Applies to:
Created:
2013-12-03
Updated:
2017-06-03

ID:
CVE-2013-6696
Title:
Cisco Adaptive Security Appliance (ASA) Software does not properly handle errors during the processing of DNS responses, which allows remote attackers to cause a denial of service (device reload) via a malformed response, aka Bug ID CSCuj28861.
Type:
Hardware
Bulletins:
CVE-2013-6696
Severity:
High
Description:
Cisco Adaptive Security Appliance (ASA) Software does not properly handle errors during the processing of DNS responses, which allows remote attackers to cause a denial of service (device reload) via a malformed response, aka Bug ID CSCuj28861.
Applies to:
Created:
2013-12-02
Updated:
2017-06-03

ID:
CVE-2013-6700
Title:
The SNMP module in Cisco IOS XR allows remote attackers to cause a denial of service (process reload) via a request for an unspecified MIB, aka Bug ID CSCuh43144.
Type:
Hardware
Bulletins:
CVE-2013-6700
Severity:
Medium
Description:
The SNMP module in Cisco IOS XR allows remote attackers to cause a denial of service (process reload) via a request for an unspecified MIB, aka Bug ID CSCuh43144.
Applies to:
Created:
2013-11-28
Updated:
2017-06-03

ID:
CVE-2013-6706
Title:
The Cisco Express Forwarding processing module in Cisco IOS XE allows remote attackers to cause a denial of service (device reload) via crafted MPLS packets that are not properly handled during IP header validation, aka Bug ID CSCuj23992.
Type:
Hardware
Bulletins:
CVE-2013-6706
SFBID63979
Severity:
Medium
Description:
The Cisco Express Forwarding processing module in Cisco IOS XE allows remote attackers to cause a denial of service (device reload) via crafted MPLS packets that are not properly handled during IP header validation, aka Bug ID CSCuj23992.
Applies to:
Created:
2013-11-28
Updated:
2017-06-03

ID:
CVE-2013-6694
Title:
The IPSec implementation in Cisco IOS allows remote attackers to cause a denial of service (MTU change and tunnel-session drop) via crafted ICMP packets, aka Bug ID CSCul29918.
Type:
Hardware
Bulletins:
CVE-2013-6694
Severity:
Medium
Description:
The IPSec implementation in Cisco IOS allows remote attackers to cause a denial of service (MTU change and tunnel-session drop) via crafted ICMP packets, aka Bug ID CSCul29918.
Applies to:
Created:
2013-11-22
Updated:
2017-06-03

ID:
CVE-2013-6698
Title:
The web interface on Cisco Wireless LAN Controller (WLC) devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site,...
Type:
Hardware
Bulletins:
CVE-2013-6698
Severity:
Medium
Description:
The web interface on Cisco Wireless LAN Controller (WLC) devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuf77821.
Applies to:
Created:
2013-11-22
Updated:
2017-06-03

ID:
CVE-2013-6699
Title:
The Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service via a crafted CAPWAP packet that triggers a buffer over-read,...
Type:
Hardware
Bulletins:
CVE-2013-6699
Severity:
Medium
Description:
The Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service via a crafted CAPWAP packet that triggers a buffer over-read, aka Bug ID CSCuh81880.
Applies to:
Created:
2013-11-22
Updated:
2017-06-03

ID:
CVE-2013-6692
Title:
Cisco IOS XE 3.8S(.2) and earlier does not properly use a DHCP pool during assignment of an IP address, which allows remote authenticated users to cause a denial of service (device reload) via an AAA packet that triggers an address requirement, aka...
Type:
Hardware
Bulletins:
CVE-2013-6692
Severity:
Medium
Description:
Cisco IOS XE 3.8S(.2) and earlier does not properly use a DHCP pool during assignment of an IP address, which allows remote authenticated users to cause a denial of service (device reload) via an AAA packet that triggers an address requirement, aka Bug ID CSCuh04949.
Applies to:
Created:
2013-11-21
Updated:
2017-06-03

ID:
CVE-2013-6693
Title:
The MLDP implementation in Cisco IOS 15.3(3)S and earlier on 7600 routers, when many VRFs are configured, allows remote attackers to cause a denial of service (chunk corruption and device reload) by establishing many multicast flows, aka Bug ID...
Type:
Hardware
Bulletins:
CVE-2013-6693
Severity:
Medium
Description:
The MLDP implementation in Cisco IOS 15.3(3)S and earlier on 7600 routers, when many VRFs are configured, allows remote attackers to cause a denial of service (chunk corruption and device reload) by establishing many multicast flows, aka Bug ID CSCue22345.
Applies to:
Cisco 7600 Series Routers
Created:
2013-11-21
Updated:
2017-06-03

ID:
CVE-2013-5193
Title:
The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App purchase by leveraging previous...
Type:
Mobile Devices
Bulletins:
CVE-2013-5193
Severity:
Medium
Description:
The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App purchase by leveraging previous entry of Apple ID credentials.
Applies to:
Created:
2013-11-17
Updated:
2017-06-03

ID:
CVE-2013-5556
Title:
The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual Security Gateway 4.2(1)VSG1(1) for Nexus 1000V switches...
Type:
Hardware
Bulletins:
CVE-2013-5556
Severity:
Medium
Description:
The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual Security Gateway 4.2(1)VSG1(1) for Nexus 1000V switches allows local users to gain privileges and execute arbitrary commands via crafted "install all iso" arguments, aka Bug ID CSCui21340.
Applies to:
Cisco Nexus 1000V VSM
Created:
2013-11-17
Updated:
2017-06-03

ID:
CVE-2013-6686
Title:
The SSL VPN implementation in Cisco IOS 15.3(1)T2 and earlier allows remote authenticated users to cause a denial of service (interface queue wedge) via crafted DTLS packets in an SSL session, aka Bug IDs CSCuh97409 and CSCud90568.
Type:
Hardware
Bulletins:
CVE-2013-6686
Severity:
Medium
Description:
The SSL VPN implementation in Cisco IOS 15.3(1)T2 and earlier allows remote authenticated users to cause a denial of service (interface queue wedge) via crafted DTLS packets in an SSL session, aka Bug IDs CSCuh97409 and CSCud90568.
Applies to:
Created:
2013-11-17
Updated:
2017-06-03

ID:
CVE-2013-6688
Title:
Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted...
Type:
Hardware
Bulletins:
CVE-2013-6688
Severity:
Medium
Description:
Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted path, aka Bug ID CSCui58222.
Applies to:
Unified Communications Manager
Created:
2013-11-17
Updated:
2017-06-03

ID:
CVE-2013-6689
Title:
Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or create arbitrary files, via an "overload" of the command-line utility, aka Bug ID CSCui58229.
Type:
Hardware
Bulletins:
CVE-2013-6689
Severity:
Medium
Description:
Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or create arbitrary files, via an "overload" of the command-line utility, aka Bug ID CSCui58229.
Applies to:
Unified Communications Manager
Created:
2013-11-17
Updated:
2017-06-03

ID:
CVE-2013-5552
Title:
Cisco IOS 12.4(24)MDB9 and earlier on Content Services Gateway (CSG) devices does not properly implement the "parse error drop" feature, which allows remote attackers to bypass intended access restrictions via a crafted series of packets, aka Bug ID...
Type:
Hardware
Bulletins:
CVE-2013-5552
Severity:
Medium
Description:
Cisco IOS 12.4(24)MDB9 and earlier on Content Services Gateway (CSG) devices does not properly implement the "parse error drop" feature, which allows remote attackers to bypass intended access restrictions via a crafted series of packets, aka Bug ID CSCug90143.
Applies to:
Created:
2013-11-13
Updated:
2017-06-03

ID:
CVE-2013-6683
Title:
The IPv6 implementation in Cisco NX-OS does not properly handle neighbor-table adjacencies, which allows remote attackers to cause a denial of service (NS processing outage) via a series of malformed packets, aka Bug ID CSCtd15904.
Type:
Hardware
Bulletins:
CVE-2013-6683
Severity:
Medium
Description:
The IPv6 implementation in Cisco NX-OS does not properly handle neighbor-table adjacencies, which allows remote attackers to cause a denial of service (NS processing outage) via a series of malformed packets, aka Bug ID CSCtd15904.
Applies to:
Created:
2013-11-13
Updated:
2017-06-03

ID:
CVE-2013-6684
Title:
The web framework on Cisco Wireless LAN Controller (WLC) devices does not properly validate configuration parameters, which allows remote authenticated users to cause a denial of service via a crafted HTTP request, aka Bug ID CSCuh81011.
Type:
Hardware
Bulletins:
CVE-2013-6684
Severity:
Medium
Description:
The web framework on Cisco Wireless LAN Controller (WLC) devices does not properly validate configuration parameters, which allows remote authenticated users to cause a denial of service via a crafted HTTP request, aka Bug ID CSCuh81011.
Applies to:
Created:
2013-11-13
Updated:
2017-06-03

ID:
CVE-2013-5553
Title:
Multiple memory leaks in Cisco IOS 15.1 before 15.1(4)M7 allow remote attackers to cause a denial of service (memory consumption or device reload) by sending a crafted SIP message over (1) IPv4 or (2) IPv6, aka Bug IDs CSCuc42558 and CSCug25383.
Type:
Hardware
Bulletins:
CVE-2013-5553
Severity:
High
Description:
Multiple memory leaks in Cisco IOS 15.1 before 15.1(4)M7 allow remote attackers to cause a denial of service (memory consumption or device reload) by sending a crafted SIP message over (1) IPv4 or (2) IPv6, aka Bug IDs CSCuc42558 and CSCug25383.
Applies to:
Created:
2013-11-07
Updated:
2017-06-03

ID:
CVE-2013-5565
Title:
The OSPFv3 functionality in Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (process crash) via a malformed LSA Type-1 packet, aka Bug ID CSCuj82176.
Type:
Hardware
Bulletins:
CVE-2013-5565
Severity:
Medium
Description:
The OSPFv3 functionality in Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (process crash) via a malformed LSA Type-1 packet, aka Bug ID CSCuj82176.
Applies to:
Created:
2013-11-07
Updated:
2017-06-03

ID:
CVE-2013-5566
Title:
Cisco NX-OS 5.0 and earlier on MDS 9000 devices allows remote attackers to cause a denial of service (supervisor CPU consumption) via Authentication Header (AH) authentication in a Virtual Router Redundancy Protocol (VRRP) frame, aka Bug ID CSCte27874.
Type:
Hardware
Bulletins:
CVE-2013-5566
Severity:
Medium
Description:
Cisco NX-OS 5.0 and earlier on MDS 9000 devices allows remote attackers to cause a denial of service (supervisor CPU consumption) via Authentication Header (AH) authentication in a Virtual Router Redundancy Protocol (VRRP) frame, aka Bug ID CSCte27874.
Applies to:
Created:
2013-11-07
Updated:
2017-06-03

ID:
CVE-2013-6618
Title:
jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary commands via the rsargs parameter in an exec action.
Type:
Hardware
Bulletins:
CVE-2013-6618
SFBID62305
Severity:
High
Description:
jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary commands via the rsargs parameter in an exec action.
Applies to:
Created:
2013-11-05
Updated:
2017-06-03

ID:
CVE-2013-5548
Title:
The IKEv2 implementation in Cisco IOS, when AES-GCM or AES-GMAC is used, allows remote attackers to bypass certain IPsec anti-replay features via IPsec tunnel traffic, aka Bug ID CSCuj47795.
Type:
Hardware
Bulletins:
CVE-2013-5548
Severity:
Medium
Description:
The IKEv2 implementation in Cisco IOS, when AES-GCM or AES-GMAC is used, allows remote attackers to bypass certain IPsec anti-replay features via IPsec tunnel traffic, aka Bug ID CSCuj47795.
Applies to:
Created:
2013-10-31
Updated:
2017-06-03

ID:
CVE-2013-5543
Title:
Cisco IOS XE 3.4 before 3.4.2S and 3.5 before 3.5.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via malformed ICMP error packets associated with a (1) TCP or (2) UDP session that is under inspection by...
Type:
Hardware
Bulletins:
CVE-2013-5543
Severity:
High
Description:
Cisco IOS XE 3.4 before 3.4.2S and 3.5 before 3.5.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via malformed ICMP error packets associated with a (1) TCP or (2) UDP session that is under inspection by the Zone-Based Firewall (ZBFW) component, aka Bug ID CSCtt26470.
Applies to:
Created:
2013-10-31
Updated:
2017-06-03

ID:
CVE-2013-5545
Title:
The PPTP ALG implementation in Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending many PPTP packets over NAT, aka Bug ID CSCuh19936.
Type:
Hardware
Bulletins:
CVE-2013-5545
Severity:
High
Description:
The PPTP ALG implementation in Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending many PPTP packets over NAT, aka Bug ID CSCuh19936.
Applies to:
Created:
2013-10-31
Updated:
2017-06-03

ID:
CVE-2013-5546
Title:
The TCP reassembly feature in Cisco IOS XE 3.7 before 3.7.3S and 3.8 before 3.8.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via large TCP packets that are processed by the (1) NAT or (2) ALG component,...
Type:
Hardware
Bulletins:
CVE-2013-5546
Severity:
High
Description:
The TCP reassembly feature in Cisco IOS XE 3.7 before 3.7.3S and 3.8 before 3.8.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via large TCP packets that are processed by the (1) NAT or (2) ALG component, aka Bug ID CSCud72509.
Applies to:
Created:
2013-10-31
Updated:
2017-06-03

ID:
CVE-2013-5547
Title:
Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending malformed EoGRE packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCuf08269.
Type:
Hardware
Bulletins:
CVE-2013-5547
Severity:
High
Description:
Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending malformed EoGRE packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCuf08269.
Applies to:
Created:
2013-10-31
Updated:
2017-06-03

ID:
CVE-2013-5555
Title:
Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to cause a denial of service (service restart) via a crafted SIP message, aka Bug ID CSCub54349.
Type:
Hardware
Bulletins:
CVE-2013-5555
Severity:
Medium
Description:
Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to cause a denial of service (service restart) via a crafted SIP message, aka Bug ID CSCub54349.
Applies to:
Unified Communications Manager
Created:
2013-10-31
Updated:
2017-06-03

ID:
CVE-2013-6012
Title:
Juniper Junos 12.1X44 before 12.1.X44-D20 and 12.1X45 before 12.1X45-D15, when the no-validate option is enabled, does not properly handle configuration validation errors during the config commit phase of the boot-up sequence, which allows remote...
Type:
Hardware
Bulletins:
CVE-2013-6012
SFBID63389
Severity:
High
Description:
Juniper Junos 12.1X44 before 12.1.X44-D20 and 12.1X45 before 12.1X45-D15, when the no-validate option is enabled, does not properly handle configuration validation errors during the config commit phase of the boot-up sequence, which allows remote attackers to bypass authentication via unspecified vectors.
Applies to:
Created:
2013-10-28
Updated:
2017-06-03

ID:
CVE-2013-6014
Title:
Juniper Junos 10.4 before 10.4S15, 11.4 before 11.4R9, 11.4X27 before 11.4X27.44, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.2 before 12.2R6, 12.3 before 12.3R3, 13.1 before 13.1R3, and 13.2 before 13.2R1, when...
Type:
Hardware
Bulletins:
CVE-2013-6014
Severity:
Medium
Description:
Juniper Junos 10.4 before 10.4S15, 11.4 before 11.4R9, 11.4X27 before 11.4X27.44, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.2 before 12.2R6, 12.3 before 12.3R3, 13.1 before 13.1R3, and 13.2 before 13.2R1, when Proxy ARP is enabled on an unnumbered interface, allows remote attackers to perform ARP poisoning attacks and possibly obtain sensitive information via a crafted ARP message.
Applies to:
Created:
2013-10-28
Updated:
2017-06-03

ID:
OVAL19032
Title:
Unspecified vulnerability in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Type:
Software
Bulletins:
OVAL19032
CVE-2013-5774
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries.
Applies to:
Java Runtime Environment
Created:
2013-10-24
Updated:
2015-03-23

ID:
OVAL19188
Title:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, and JRockit R27.7.6 and earlier
Type:
Software
Bulletins:
OVAL19188
CVE-2013-5804
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, and JRockit R27.7.6 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Javadoc.
Applies to:
Java Runtime Environment
JRockit
Created:
2013-10-24
Updated:
2015-03-23

ID:
OVAL18645
Title:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
Type:
Software
Bulletins:
OVAL18645
CVE-2013-5782
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Applies to:
Java Runtime Environment
JRockit
Created:
2013-10-24
Updated:
2015-03-23

ID:
OVAL19207
Title:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
Type:
Software
Bulletins:
OVAL19207
CVE-2013-5802
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP.
Applies to:
Java Runtime Environment
JRockit
Created:
2013-10-24
Updated:
2015-03-23

ID:
OVAL19088
Title:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Type:
Software
Bulletins:
OVAL19088
CVE-2013-5783
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Swing.
Applies to:
Java Runtime Environment
Created:
2013-10-24
Updated:
2015-03-23

ID:
OVAL18874
Title:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
Type:
Software
Bulletins:
OVAL18874
CVE-2013-5803
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JGSS.
Applies to:
Java Runtime Environment
JRockit
Created:
2013-10-24
Updated:
2015-03-23

ID:
OVAL18733
Title:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Type:
Software
Bulletins:
OVAL18733
CVE-2013-5790
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to BEANS.
Applies to:
Java Runtime Environment
Created:
2013-10-24
Updated:
2015-03-23

ID:
OVAL18990
Title:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Type:
Software
Bulletins:
OVAL18990
CVE-2013-5840
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
Applies to:
Java Runtime Environment
Created:
2013-10-24
Updated:
2015-03-23

ID:
OVAL19150
Title:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Type:
Software
Bulletins:
OVAL19150
CVE-2013-5850
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Applies to:
Java Runtime Environment
Created:
2013-10-24
Updated:
2015-03-23

ID:
OVAL19185
Title:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Type:
Software
Bulletins:
OVAL19185
CVE-2013-5814
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA.
Applies to:
Java Runtime Environment
Created:
2013-10-24
Updated:
2015-03-23

ID:
OVAL19002
Title:
Unspecified vulnerability in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Type:
Software
Bulletins:
OVAL19002
CVE-2013-3829
Severity:
Low
Description:
Unspecified vulnerability in the Java SE, Java SE Embedded component in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.
Applies to:
Java Runtime Environment
Created:
2013-10-24
Updated:
2015-03-23

ID:
OVAL18894
Title:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Type:
Software
Bulletins:
OVAL18894
CVE-2013-5801
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D.
Applies to:
Java Runtime Environment
Created:
2013-10-24
Updated:
2015-03-23

ID:
OVAL19020
Title:
Unspecified vulnerability in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Type:
Software
Bulletins:
OVAL19020
CVE-2013-5778
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D.
Applies to:
Java Runtime Environment
Created:
2013-10-24
Updated:
2015-03-23

ID:
OVAL18436
Title:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Type:
Software
Bulletins:
OVAL18436
CVE-2013-5842
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Applies to:
Java Runtime Environment
Created:
2013-10-24
Updated:
2015-03-23

ID:
OVAL19101
Title:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
Type:
Software
Bulletins:
OVAL19101
CVE-2013-5780
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
Applies to:
Java Runtime Environment
JRockit
Created:
2013-10-24
Updated:
2015-03-23

ID:
OVAL19024
Title:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Type:
Software
Bulletins:
OVAL19024
CVE-2013-5817
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI.
Applies to:
Java Runtime Environment
Created:
2013-10-24
Updated:
2015-03-23

ID:
OVAL18504
Title:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Type:
Software
Bulletins:
OVAL18504
CVE-2013-5809
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Applies to:
Java Runtime Environment
Created:
2013-10-24
Updated:
2015-03-23

ID:
OVAL19189
Title:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Type:
Software
Bulletins:
OVAL19189
CVE-2013-5829
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Applies to:
Java Runtime Environment
Created:
2013-10-24
Updated:
2015-03-23

ID:
OVAL19046
Title:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
Type:
Software
Bulletins:
OVAL19046
CVE-2013-5825
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JAXP.
Applies to:
Java Runtime Environment
JRockit
Created:
2013-10-24
Updated:
2015-03-23

ID:
OVAL18971
Title:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Type:
Software
Bulletins:
OVAL18971
CVE-2013-5849
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to AWT.
Applies to:
Java Runtime Environment
Created:
2013-10-24
Updated:
2015-03-23

ID:
OVAL19096
Title:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
Type:
Software
Bulletins:
OVAL19096
CVE-2013-5830
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Applies to:
Java Runtime Environment
JRockit
Created:
2013-10-24
Updated:
2015-03-23

ID:
CVE-2013-5549
Title:
Cisco IOS XR 3.8.1 through 4.2.0 does not properly process fragmented packets within the RP-A, RP-B, PRP, and DRP-B route-processor components, which allows remote attackers to cause a denial of service (transmission outage) via (1) IPv4 or (2) IPv6...
Type:
Hardware
Bulletins:
CVE-2013-5549
Severity:
High
Description:
Cisco IOS XR 3.8.1 through 4.2.0 does not properly process fragmented packets within the RP-A, RP-B, PRP, and DRP-B route-processor components, which allows remote attackers to cause a denial of service (transmission outage) via (1) IPv4 or (2) IPv6 traffic, aka Bug ID CSCuh30380.
Applies to:
Created:
2013-10-24
Updated:
2017-06-03

ID:
CVE-2013-5522
Title:
Cisco IOS on Catalyst 3750X switches has default Service Module credentials, which makes it easier for local users to gain privileges via a Service Module login, aka Bug ID CSCue92286.
Type:
Hardware
Bulletins:
CVE-2013-5522
Severity:
Medium
Description:
Cisco IOS on Catalyst 3750X switches has default Service Module credentials, which makes it easier for local users to gain privileges via a Service Module login, aka Bug ID CSCue92286.
Applies to:
Cisco Catalyst 3750X
Created:
2013-10-24
Updated:
2017-06-03

ID:
CVE-2013-5162
Title:
Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcode-entry view after use of the Phone app.
Type:
Mobile Devices
Bulletins:
CVE-2013-5162
Severity:
Low
Description:
Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcode-entry view after use of the Phone app.
Applies to:
Created:
2013-10-23
Updated:
2017-06-03

ID:
CVE-2013-5164
Title:
Multiple race conditions in the Phone app in Apple iOS before 7.0.3 allow physically proximate attackers to bypass the locked state, and dial the telephone numbers in arbitrary Contacts entries, by visiting the Contacts pane.
Type:
Mobile Devices
Bulletins:
CVE-2013-5164
Severity:
Low
Description:
Multiple race conditions in the Phone app in Apple iOS before 7.0.3 allow physically proximate attackers to bypass the locked state, and dial the telephone numbers in arbitrary Contacts entries, by visiting the Contacts pane.
Applies to:
Created:
2013-10-23
Updated:
2017-06-03

ID:
CVE-2013-5144
Title:
Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emergency-call button during a certain...
Type:
Mobile Devices
Bulletins:
CVE-2013-5144
Severity:
Low
Description:
Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emergency-call button during a certain notification and camera-pane state to trigger a NULL pointer dereference.
Applies to:
Created:
2013-10-23
Updated:
2017-06-03

ID:
CVE-2013-6027
Title:
Stack-based buffer overflow in the RuntimeDiagnosticPing function in /bin/webs on D-Link DIR-100 routers might allow remote authenticated administrators to execute arbitrary commands via a long set/runtime/diagnostic/pingIp parameter to...
Type:
Hardware
Bulletins:
CVE-2013-6027
Severity:
High
Description:
Stack-based buffer overflow in the RuntimeDiagnosticPing function in /bin/webs on D-Link DIR-100 routers might allow remote authenticated administrators to execute arbitrary commands via a long set/runtime/diagnostic/pingIp parameter to Tools/tools_misc.xgi.
Applies to:
DIR-100
Created:
2013-10-19
Updated:
2017-06-03

ID:
CVE-2013-4689
Title:
J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1R before 12.1R6, 12.1X44 before 12.1X44-D15, 12.1x45 before 12.1X45-D10, 12.2 before 12.2R3, 12.3 before 12.3R2, and 13.1 before 13.1R3 allow remote attackers to bypass the cross-site...
Type:
Hardware
Bulletins:
CVE-2013-4689
SFBID62940
Severity:
Medium
Description:
J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1R before 12.1R6, 12.1X44 before 12.1X44-D15, 12.1x45 before 12.1X45-D10, 12.2 before 12.2R3, 12.3 before 12.3R2, and 13.1 before 13.1R3 allow remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism and hijack the authentication of administrators for requests that (1) create new administrator accounts or (2) have other unspecified impacts.
Applies to:
Created:
2013-10-17
Updated:
2017-06-03

ID:
CVE-2013-6013
Title:
Buffer overflow in the flow daemon (flowd) in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7-S2, 12.1.X44 before 12.1X44-D15, 12.1X45 before 12.1X45-D10 on SRX devices, when using telnet pass-through authentication on the firewall, might...
Type:
Hardware
Bulletins:
CVE-2013-6013
SFBID62962
Severity:
Medium
Description:
Buffer overflow in the flow daemon (flowd) in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7-S2, 12.1.X44 before 12.1X44-D15, 12.1X45 before 12.1X45-D10 on SRX devices, when using telnet pass-through authentication on the firewall, might allow remote attackers to execute arbitrary code via a crafted telnet message.
Applies to:
Created:
2013-10-17
Updated:
2017-06-03

ID:
CVE-2013-6015
Title:
Juniper Junos before 10.4S14, 11.4 before 11.4R5-S2, 12.1R before 12.1R3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D15 on SRX Series services gateways, when a plugin using TCP proxy is configured, allows remote attackers to cause a...
Type:
Hardware
Bulletins:
CVE-2013-6015
Severity:
Medium
Description:
Juniper Junos before 10.4S14, 11.4 before 11.4R5-S2, 12.1R before 12.1R3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D15 on SRX Series services gateways, when a plugin using TCP proxy is configured, allows remote attackers to cause a denial of service (flow daemon crash) via an unspecified sequence of TCP packets.
Applies to:
Created:
2013-10-17
Updated:
2017-06-03

ID:
CVE-2013-6170
Title:
Juniper Junos 10.0 before 10.0S28, 10.4 before 10.4R7, 11.1 before 11.1R5, 11.2 before 11.2R2, and 11.4 before 11.4R1, when in a Next-Generation Multicast VPN (NGEN MVPN) environment, allows remote attackers to cause a denial of service (RPD routing...
Type:
Hardware
Bulletins:
CVE-2013-6170
SFBID62973
Severity:
Medium
Description:
Juniper Junos 10.0 before 10.0S28, 10.4 before 10.4R7, 11.1 before 11.1R5, 11.2 before 11.2R2, and 11.4 before 11.4R1, when in a Next-Generation Multicast VPN (NGEN MVPN) environment, allows remote attackers to cause a denial of service (RPD routing daemon crash) via a large number of crafted PIM (S,G) join requests.
Applies to:
Created:
2013-10-17
Updated:
2017-06-03

ID:
OVAL19136
Title:
Cross-site scripting vulnerability in Microsoft SharePoint () - MS13-067
Type:
Software
Bulletins:
OVAL19136
CVE-2013-3180
Severity:
Low
Description:
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 and SP2 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted POST request, aka "POST XSS Vulnerability."
Applies to:
Microsoft SharePoint Foundation 2010
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2010
Microsoft SharePoint Server 2013
Created:
2013-10-16
Updated:
2015-06-15

ID:
OVAL19036
Title:
Denial of service vulnerability in Microsoft SharePoint () - MS13-067
Type:
Software
Bulletins:
OVAL19036
CVE-2013-0081
Severity:
Low
Description:
Microsoft SharePoint Portal Server 2003 SP3 and SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 do not properly process unassigned workflows, which allows remote attackers to cause a denial of service (W3WP process hang) via a crafted URL, aka "SharePoint Denial of Service Vulnerability."
Applies to:
Microsoft SharePoint Foundation 2010
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2007
Microsoft SharePoint Server 2010
Microsoft SharePoint Server 2013
Microsoft SharePoint Services 2.0
Microsoft SharePoint Services 3.0
Created:
2013-10-16
Updated:
2015-06-15

ID:
OVAL18750
Title:
Cross-site scripting vulnerability in Microsoft SharePoint () - MS13-067
Type:
Software
Bulletins:
OVAL18750
CVE-2013-3179
Severity:
Low
Description:
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "SharePoint XSS Vulnerability."
Applies to:
Microsoft SharePoint Foundation 2010
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2007
Microsoft SharePoint Server 2010
Microsoft SharePoint Server 2013
Microsoft SharePoint Services 3.0
Created:
2013-10-16
Updated:
2015-06-15

ID:
CVE-2012-4076
Title:
Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in a command that calls the system library function, aka Bug IDs CSCtf23559 and CSCtf27780.
Type:
Hardware
Bulletins:
CVE-2012-4076
SFBID62848
Severity:
Medium
Description:
Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in a command that calls the system library function, aka Bug IDs CSCtf23559 and CSCtf27780.
Applies to:
Created:
2013-10-13
Updated:
2017-06-03

ID:
CVE-2012-4077
Title:
Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via the sed e option, aka Bug IDs CSCtf25457 and CSCtf27651.
Type:
Hardware
Bulletins:
CVE-2012-4077
SFBID62849
Severity:
Medium
Description:
Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via the sed e option, aka Bug IDs CSCtf25457 and CSCtf27651.
Applies to:
Created:
2013-10-13
Updated:
2017-06-03

ID:
CVE-2012-4097
Title:
The BGP implementation in Cisco NX-OS does not properly filter segment types in AS paths, which allows remote attackers to cause a denial of service (BGP service reset) via a malformed UPDATE message, aka Bug ID CSCtn13043.
Type:
Hardware
Bulletins:
CVE-2012-4097
Severity:
Medium
Description:
The BGP implementation in Cisco NX-OS does not properly filter segment types in AS paths, which allows remote attackers to cause a denial of service (BGP service reset) via a malformed UPDATE message, aka Bug ID CSCtn13043.
Applies to:
Created:
2013-10-13
Updated:
2017-06-03

ID:
CVE-2012-4099
Title:
The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13065.
Type:
Hardware
Bulletins:
CVE-2012-4099
Severity:
Medium
Description:
The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13065.
Applies to:
Created:
2013-10-13
Updated:
2017-06-03

ID:
CVE-2012-4121
Title:
Cisco NX-OS allows local users to gain privileges, and read or modify arbitrary files, via the sed (1) r and (2) w commands, aka Bug IDs CSCts56559, CSCts56565, CSCts56570, and CSCts56574.
Type:
Hardware
Bulletins:
CVE-2012-4121
Severity:
Medium
Description:
Cisco NX-OS allows local users to gain privileges, and read or modify arbitrary files, via the sed (1) r and (2) w commands, aka Bug IDs CSCts56559, CSCts56565, CSCts56570, and CSCts56574.
Applies to:
Created:
2013-10-13
Updated:
2017-06-03

ID:
CVE-2013-5499
Title:
The remember feature in the DHCP server in Cisco IOS allows remote attackers to cause a denial of service (device reload) by acquiring a lease and then sending a DHCPRELEASE message, aka Bug ID CSCuh46822.
Type:
Hardware
Bulletins:
CVE-2013-5499
Severity:
Medium
Description:
The remember feature in the DHCP server in Cisco IOS allows remote attackers to cause a denial of service (device reload) by acquiring a lease and then sending a DHCPRELEASE message, aka Bug ID CSCuh46822.
Applies to:
Created:
2013-10-10
Updated:
2017-06-03

ID:
CVE-2013-5527
Title:
The OSPF functionality in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted options in an LSA type 11 packet, aka Bug ID CSCui21030.
Type:
Hardware
Bulletins:
CVE-2013-5527
SFBID62904
Severity:
Medium
Description:
The OSPF functionality in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted options in an LSA type 11 packet, aka Bug ID CSCui21030.
Applies to:
Created:
2013-10-10
Updated:
2017-06-03

ID:
CVE-2013-5528
Title:
Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug...
Type:
Hardware
Bulletins:
CVE-2013-5528
SFBID62960
Severity:
Medium
Description:
Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815.
Applies to:
Unified Communications Manager
Created:
2013-10-10
Updated:
2017-06-03

ID:
CVE-2012-4075
Title:
Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in unspecified command parameters, aka Bug IDs CSCtf19827 and CSCtf27788.
Type:
Hardware
Bulletins:
CVE-2012-4075
SFBID62837
Severity:
High
Description:
Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in unspecified command parameters, aka Bug IDs CSCtf19827 and CSCtf27788.
Applies to:
Created:
2013-10-05
Updated:
2017-06-03

ID:
CVE-2012-4090
Title:
The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089.
Type:
Hardware
Bulletins:
CVE-2012-4090
SFBID62841
Severity:
Medium
Description:
The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089.
Applies to:
Cisco Nexus 7000-9slot
Cisco Nexus 7000
Cisco Nexus 7010
Cisco Nexus 7018
Created:
2013-10-05
Updated:
2017-06-03

ID:
CVE-2012-4091
Title:
The RIP service engine in Cisco NX-OS allows remote attackers to cause a denial of service (engine restart) via a malformed (1) RIPv4 or (2) RIPv6 message, aka Bug ID CSCtj73415.
Type:
Hardware
Bulletins:
CVE-2012-4091
SFBID62838
Severity:
Medium
Description:
The RIP service engine in Cisco NX-OS allows remote attackers to cause a denial of service (engine restart) via a malformed (1) RIPv4 or (2) RIPv6 message, aka Bug ID CSCtj73415.
Applies to:
Created:
2013-10-05
Updated:
2017-06-03

ID:
CVE-2012-4098
Title:
The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13055.
Type:
Hardware
Bulletins:
CVE-2012-4098
Severity:
Medium
Description:
The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13055.
Applies to:
Created:
2013-10-05
Updated:
2017-06-03

ID:
CVE-2012-4122
Title:
The CLI parser in Cisco NX-OS allows local users to bypass intended access restrictions, and overwrite or create arbitrary files, via shell output redirection, aka Bug IDs CSCts56672 and CSCts56669.
Type:
Hardware
Bulletins:
CVE-2012-4122
SFBID62843
Severity:
Medium
Description:
The CLI parser in Cisco NX-OS allows local users to bypass intended access restrictions, and overwrite or create arbitrary files, via shell output redirection, aka Bug IDs CSCts56672 and CSCts56669.
Applies to:
Created:
2013-10-05
Updated:
2017-06-03

ID:
CVE-2012-4141
Title:
Directory traversal vulnerability in the CLI parser in Cisco NX-OS allows local users to create arbitrary script files via a relative pathname in the "file name" parameter, aka Bug IDs CSCua71557 and CSCua71551.
Type:
Hardware
Bulletins:
CVE-2012-4141
SFBID62839
Severity:
Medium
Description:
Directory traversal vulnerability in the CLI parser in Cisco NX-OS allows local users to create arbitrary script files via a relative pathname in the "file name" parameter, aka Bug IDs CSCua71557 and CSCua71551.
Applies to:
Created:
2013-10-05
Updated:
2017-06-03

ID:
CVE-2013-5519
Title:
Cross-site scripting (XSS) vulnerability in the management interface on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuf77810.
Type:
Hardware
Bulletins:
CVE-2013-5519
SFBID62787
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in the management interface on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuf77810.
Applies to:
Created:
2013-10-03
Updated:
2017-06-03

ID:
OVAL18087
Title:
Apache Subversion vulnerability 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 in VisualSVN Server
Type:
Software
Bulletins:
OVAL18087
CVE-2013-1846
Severity:
Low
Description:
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
OVAL18790
Title:
Apache HTTP vulnerability from 2.2.x before 2.2.25 in VisualSVN Server
Type:
Software
Bulletins:
OVAL18790
CVE-2013-1862
Severity:
Low
Description:
mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
OVAL19016
Title:
OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d in VisualSVN Server
Type:
Software
Bulletins:
OVAL19016
CVE-2013-0169
Severity:
Low
Description:
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
OVAL18999
Title:
Apache Subversion vulnerability 1.5.x and 1.6.x before 1.6.17 in VisualSVN Server
Type:
Software
Bulletins:
OVAL18999
CVE-2011-1921
Severity:
Low
Description:
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
OVAL19081
Title:
OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d in VisualSVN Server
Type:
Software
Bulletins:
OVAL19081
CVE-2013-0166
Severity:
Low
Description:
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
OVAL18889
Title:
Apache Subversion vulnerability 1.5.x and 1.6.x before 1.6.17 in VisualSVN Server
Type:
Software
Bulletins:
OVAL18889
CVE-2011-1783
Severity:
Low
Description:
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
OVAL19057
Title:
Apache Subversion vulnerability 1.6.0 before 1.6.23 and 1.7.x before 1.7.10 in VisualSVN Server
Type:
Software
Bulletins:
OVAL19057
CVE-2013-2112
Severity:
Low
Description:
The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
OVAL18154
Title:
Apache HTTP vulnerability before 2.2.21 in VisualSVN Server
Type:
Software
Bulletins:
OVAL18154
CVE-2011-3348
Severity:
Low
Description:
The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
OVAL18985
Title:
OpenSSL vulnerability 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c in VisualSVN Server
Type:
Software
Bulletins:
OVAL18985
CVE-2011-0014
Severity:
Low
Description:
ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability."
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
OVAL18868
Title:
OpenSSL vulnerability 1.0.1 before 1.0.1d in VisualSVN Server
Type:
Software
Bulletins:
OVAL18868
CVE-2012-2686
Severity:
Low
Description:
crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
OVAL18772
Title:
Apache Subversion vulnerability 1.6.0 before 1.6.23 in VisualSVN Server
Type:
Software
Bulletins:
OVAL18772
CVE-2013-2088
Severity:
Low
Description:
Contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
OVAL18827
Title:
Apache HTTP vulnerability 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 in VisualSVN Server
Type:
Software
Bulletins:
OVAL18827
CVE-2011-3192
Severity:
Low
Description:
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
OVAL18554
Title:
Apache Subversion vulnerability from 1.4.0 through 1.7.12 and from 1.8.0 through 1.8.1 in VisualSVN Server
Type:
Software
Bulletins:
OVAL18554
CVE-2013-4277
Severity:
Low
Description:
Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
OVAL18973
Title:
Apache Subversion vulnerability 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 in VisualSVN Server
Type:
Software
Bulletins:
OVAL18973
CVE-2013-1845
Severity:
Low
Description:
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
OVAL18538
Title:
Apache Subversion vulnerability 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 in VisualSVN Server
Type:
Software
Bulletins:
OVAL18538
CVE-2013-1847
Severity:
Low
Description:
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
OVAL18967
Title:
Apache Subversion vulnerability before 1.6.16 in VisualSVN Server
Type:
Software
Bulletins:
OVAL18967
CVE-2011-0715
Severity:
Low
Description:
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
OVAL18621
Title:
Apache Subversion vulnerability from 1.7.0 through 1.7.10 and from 1.8.x before 1.8.1 in VisualSVN Server
Type:
Software
Bulletins:
OVAL18621
CVE-2013-4131
Severity:
Low
Description:
The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
OVAL18788
Title:
Apache Subversion vulnerability 1.7.0 through 1.7.8 in VisualSVN Server
Type:
Software
Bulletins:
OVAL18788
CVE-2013-1884
Severity:
Low
Description:
The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
OVAL18986
Title:
Apache Subversion vulnerability 1.6.0 before 1.6.23 and 1.7.x before 1.7.10 in VisualSVN Server
Type:
Software
Bulletins:
OVAL18986
CVE-2013-1968
Severity:
Low
Description:
Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
OVAL18980
Title:
Apache Subversion vulnerability 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 in VisualSVN Server
Type:
Software
Bulletins:
OVAL18980
CVE-2013-1849
Severity:
Low
Description:
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
OVAL18910
Title:
OpenSSL vulnerability before 0.9.8q, and 1.0.x before 1.0.0c in VisualSVN Server
Type:
Software
Bulletins:
OVAL18910
CVE-2010-4180
Severity:
Low
Description:
OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
OVAL18922
Title:
Apache Subversion vulnerability before 1.6.17 in VisualSVN Server
Type:
Software
Bulletins:
OVAL18922
CVE-2011-1752
Severity:
Low
Description:
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
OVAL18835
Title:
Apache HTTP vulnerability before 2.2.25 in VisualSVN Server
Type:
Software
Bulletins:
OVAL18835
CVE-2013-1896
Severity:
Low
Description:
mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
OVAL19039
Title:
OpenSSL vulnerability before 1.0.0c in VisualSVN Server
Type:
Software
Bulletins:
OVAL19039
CVE-2010-4252
Severity:
Low
Description:
OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
OVAL19007
Title:
Apache Subversion vulnerability 1.5.x before 1.5.8 and 1.6.x before 1.6.13 in VisualSVN Server
Type:
Software
Bulletins:
OVAL19007
CVE-2010-3315
Severity:
Low
Description:
authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
CVE-2013-5503
Title:
The UDP process in Cisco IOS XR 4.3.1 does not free packet memory upon detecting full packet queues, which allows remote attackers to cause a denial of service (memory consumption) via UDP packets to listening ports, aka Bug ID CSCue69413.
Type:
Hardware
Bulletins:
CVE-2013-5503
Severity:
High
Description:
The UDP process in Cisco IOS XR 4.3.1 does not free packet memory upon detecting full packet queues, which allows remote attackers to cause a denial of service (memory consumption) via UDP packets to listening ports, aka Bug ID CSCue69413.
Applies to:
Created:
2013-10-02
Updated:
2017-06-03

ID:
CVE-2013-5516
Title:
The Media Snapshot implementation on Cisco TelePresence Multipoint Switch (CTMS) devices allows remote authenticated users to cause a denial of service (device reload) by sending many Media Snapshot requests at the time of a meeting termination, aka...
Type:
Hardware
Bulletins:
CVE-2013-5516
Severity:
Medium
Description:
The Media Snapshot implementation on Cisco TelePresence Multipoint Switch (CTMS) devices allows remote authenticated users to cause a denial of service (device reload) by sending many Media Snapshot requests at the time of a meeting termination, aka Bug ID CSCuh44796.
Applies to:
Cisco Telepresence Multipoint Switch
Created:
2013-09-30
Updated:
2017-06-03

ID:
OVAL18997
Title:
The iTunes ActiveX control in Apple iTunes before 11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site
Type:
Software
Bulletins:
OVAL18997
CVE-2013-1035
Severity:
Low
Description:
The iTunes ActiveX control in Apple iTunes before 11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
Applies to:
Apple iTunes
Created:
2013-09-27
Updated:
2015-06-22

ID:
CVE-2013-5160
Title:
Passcode Lock in Apple iOS before 7.0.2 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by making a series of taps of the emergency-call button...
Type:
Mobile Devices
Bulletins:
CVE-2013-5160
Severity:
Low
Description:
Passcode Lock in Apple iOS before 7.0.2 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by making a series of taps of the emergency-call button to trigger a NULL pointer dereference.
Applies to:
Created:
2013-09-27
Updated:
2017-06-03

ID:
CVE-2013-5161
Title:
Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened...
Type:
Mobile Devices
Bulletins:
CVE-2013-5161
Severity:
Medium
Description:
Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened apps, by leveraging unspecified transition errors.
Applies to:
Created:
2013-09-27
Updated:
2017-06-03

ID:
CVE-2013-5472
Title:
The NTP implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.1, and IOS XE 2.1 through 3.3, does not properly handle encapsulation of multicast NTP packets within MSDP SA messages, which allows remote attackers to cause a denial of...
Type:
Hardware
Bulletins:
CVE-2013-5472
Severity:
High
Description:
The NTP implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.1, and IOS XE 2.1 through 3.3, does not properly handle encapsulation of multicast NTP packets within MSDP SA messages, which allows remote attackers to cause a denial of service (device reload) by leveraging an MSDP peer relationship, aka Bug ID CSCuc81226.
Applies to:
Created:
2013-09-27
Updated:
2017-06-03

ID:
CVE-2013-5473
Title:
Memory leak in Cisco IOS 12.2, 15.1, and 15.2; IOS XE 3.4.2S through 3.4.5S; and IOS XE 3.6.xS before 3.6.1S allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed IKEv1 packets, aka Bug ID CSCtx66011.
Type:
Hardware
Bulletins:
CVE-2013-5473
Severity:
High
Description:
Memory leak in Cisco IOS 12.2, 15.1, and 15.2; IOS XE 3.4.2S through 3.4.5S; and IOS XE 3.6.xS before 3.6.1S allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed IKEv1 packets, aka Bug ID CSCtx66011.
Applies to:
Created:
2013-09-27
Updated:
2017-06-03

ID:
CVE-2013-5474
Title:
Race condition in the IPv6 virtual fragmentation reassembly (VFR) implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.3 allows remote attackers to cause a denial of service (device reload or hang) via fragmented IPv6 packets, aka Bug...
Type:
Hardware
Bulletins:
CVE-2013-5474
Severity:
High
Description:
Race condition in the IPv6 virtual fragmentation reassembly (VFR) implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.3 allows remote attackers to cause a denial of service (device reload or hang) via fragmented IPv6 packets, aka Bug ID CSCud64812.
Applies to:
Created:
2013-09-27
Updated:
2017-06-03

ID:
CVE-2013-5475
Title:
Cisco IOS 12.2 through 12.4 and 15.0 through 15.3, and IOS XE 2.1 through 3.9, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets that are processed locally by a (1) server or (2) relay agent, aka Bug ID...
Type:
Hardware
Bulletins:
CVE-2013-5475
Severity:
High
Description:
Cisco IOS 12.2 through 12.4 and 15.0 through 15.3, and IOS XE 2.1 through 3.9, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets that are processed locally by a (1) server or (2) relay agent, aka Bug ID CSCug31561.
Applies to:
Created:
2013-09-27
Updated:
2017-06-03

ID:
CVE-2013-5476
Title:
The Zone-Based Firewall (ZFW) feature in Cisco IOS 15.1 through 15.2, when content filtering or HTTP ALG inspection is enabled, allows remote attackers to cause a denial of service (device reload or hang) via crafted IPv4 HTTP traffic, aka Bug ID...
Type:
Hardware
Bulletins:
CVE-2013-5476
Severity:
High
Description:
The Zone-Based Firewall (ZFW) feature in Cisco IOS 15.1 through 15.2, when content filtering or HTTP ALG inspection is enabled, allows remote attackers to cause a denial of service (device reload or hang) via crafted IPv4 HTTP traffic, aka Bug ID CSCtx56174.
Applies to:
Created:
2013-09-27
Updated:
2017-06-03

ID:
CVE-2013-5477
Title:
The T1/E1 driver-queue functionality in Cisco IOS 12.2 and 15.0 through 15.3, when an HDLC32 driver is used, allows remote attackers to cause a denial of service (interface queue wedge) via bursty network traffic, aka Bug ID CSCub67465.
Type:
Hardware
Bulletins:
CVE-2013-5477
Severity:
High
Description:
The T1/E1 driver-queue functionality in Cisco IOS 12.2 and 15.0 through 15.3, when an HDLC32 driver is used, allows remote attackers to cause a denial of service (interface queue wedge) via bursty network traffic, aka Bug ID CSCub67465.
Applies to:
Created:
2013-09-27
Updated:
2017-06-03

ID:
CVE-2013-5478
Title:
Cisco IOS 15.0 through 15.3 and IOS XE 3.2 through 3.8, when a VRF interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via crafted UDP RSVP packets, aka Bug ID CSCuf17023.
Type:
Hardware
Bulletins:
CVE-2013-5478
Severity:
High
Description:
Cisco IOS 15.0 through 15.3 and IOS XE 3.2 through 3.8, when a VRF interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via crafted UDP RSVP packets, aka Bug ID CSCuf17023.
Applies to:
Created:
2013-09-27
Updated:
2017-06-03

ID:
CVE-2013-5479
Title:
The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCtn53730.
Type:
Hardware
Bulletins:
CVE-2013-5479
Severity:
High
Description:
The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCtn53730.
Applies to:
Created:
2013-09-27
Updated:
2017-06-03

ID:
CVE-2013-5480
Title:
The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCuf28733.
Type:
Hardware
Bulletins:
CVE-2013-5480
Severity:
High
Description:
The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCuf28733.
Applies to:
Created:
2013-09-27
Updated:
2017-06-03

ID:
CVE-2013-5481
Title:
The PPTP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted TCP port-1723 packets, aka Bug ID CSCtq14817.
Type:
Hardware
Bulletins:
CVE-2013-5481
Severity:
High
Description:
The PPTP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted TCP port-1723 packets, aka Bug ID CSCtq14817.
Applies to:
Created:
2013-09-27
Updated:
2017-06-03

ID:
CVE-2013-5498
Title:
The PPTP-ALG component in CRS Carrier Grade Services Engine (CGSE) and ASR 9000 Integrated Service Module (ISM) in Cisco IOS XR allows remote attackers to cause a denial of service (module reset) via crafted packet streams, aka Bug ID CSCue91963.
Type:
Hardware
Bulletins:
CVE-2013-5498
SFBID62651
Severity:
Medium
Description:
The PPTP-ALG component in CRS Carrier Grade Services Engine (CGSE) and ASR 9000 Integrated Service Module (ISM) in Cisco IOS XR allows remote attackers to cause a denial of service (module reset) via crafted packet streams, aka Bug ID CSCue91963.
Applies to:
Created:
2013-09-27
Updated:
2017-06-03

ID:
CVE-2013-5147
Title:
Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of...
Type:
Mobile Devices
Bulletins:
CVE-2013-5147
Severity:
Low
Description:
Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of a SIM card.
Applies to:
Created:
2013-09-19
Updated:
2017-06-03

ID:
CVE-2013-5149
Title:
The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that employs a crafted push-notification...
Type:
Mobile Devices
Bulletins:
CVE-2013-5149
Severity:
Medium
Description:
The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that employs a crafted push-notification registration process.
Applies to:
Created:
2013-09-19
Updated:
2017-06-03

ID:
CVE-2013-5150
Title:
The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation.
Type:
Mobile Devices
Bulletins:
CVE-2013-5150
Severity:
Low
Description:
The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation.
Applies to:
Created:
2013-09-19
Updated:
2017-06-03

ID:
CVE-2013-5159
Title:
WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element.
Type:
Mobile Devices
Bulletins:
CVE-2013-5159
Severity:
Medium
Description:
WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element.
Applies to:
Created:
2013-09-19
Updated:
2017-06-03

ID:
CVE-2011-2391
Title:
The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets.
Type:
Mobile Devices
Bulletins:
CVE-2011-2391
Severity:
Medium
Description:
The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets.
Applies to:
Created:
2013-09-19
Updated:
2017-06-03

ID:
CVE-2013-0957
Title:
Data Protection in Apple iOS before 7 allows attackers to bypass intended limits on incorrect passcode entry, and consequently avoid a configured Erase Data setting, by leveraging the presence of an app in the third-party sandbox.
Type:
Mobile Devices
Bulletins:
CVE-2013-0957
Severity:
Medium
Description:
Data Protection in Apple iOS before 7 allows attackers to bypass intended limits on incorrect passcode entry, and consequently avoid a configured Erase Data setting, by leveraging the presence of an app in the third-party sandbox.
Applies to:
Created:
2013-09-19
Updated:
2017-06-03

ID:
CVE-2013-1121
Title:
The regex engine in the BGP implementation in Cisco NX-OS, when a complex regular expression is configured for inbound routes, allows remote attackers to cause a denial of service (device reload) via a crafted AS path set, aka Bug ID CSCuf49554.
Type:
Hardware
Bulletins:
CVE-2013-1121
Severity:
Medium
Description:
The regex engine in the BGP implementation in Cisco NX-OS, when a complex regular expression is configured for inbound routes, allows remote attackers to cause a denial of service (device reload) via a crafted AS path set, aka Bug ID CSCuf49554.
Applies to:
Created:
2013-09-19
Updated:
2017-06-03

ID:
CVE-2013-1036
Title:
Safari in Apple iOS before 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
Type:
Mobile Devices
Bulletins:
CVE-2013-1036
Severity:
Medium
Description:
Safari in Apple iOS before 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
Applies to:
Created:
2013-09-19
Updated:
2017-06-03

ID:
CVE-2013-1037
Title:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2013-1037
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Applies to:
Created:
2013-09-19
Updated:
2017-06-03

ID:
CVE-2013-1038
Title:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2013-1038
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Applies to:
Created:
2013-09-19
Updated:
2017-06-03

ID:
CVE-2013-1039
Title:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2013-1039
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Applies to:
Created:
2013-09-19
Updated:
2017-06-03

ID:
CVE-2013-1040
Title:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2013-1040
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Applies to:
Created:
2013-09-19
Updated:
2017-06-03

ID:
CVE-2013-1041
Title:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2013-1041
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Applies to:
Created:
2013-09-19
Updated:
2017-06-03

ID:
CVE-2013-1042
Title:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2013-1042
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Applies to:
Created:
2013-09-19
Updated:
2017-06-03

ID:
CVE-2013-1043
Title:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2013-1043
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Applies to:
Created:
2013-09-19
Updated:
2017-06-03

ID:
CVE-2013-1044
Title:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2013-1044
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Applies to:
Created:
2013-09-19
Updated:
2017-06-03

ID:
CVE-2013-1045
Title:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2013-1045
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Applies to:
Created:
2013-09-19
Updated:
2017-06-03

ID:
CVE-2013-1046
Title:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2013-1046
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Applies to:
Created:
2013-09-19
Updated:
2017-06-03

ID:
CVE-2013-1047
Title:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2013-1047
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Applies to:
Created:
2013-09-19
Updated:
2017-06-03

ID:
CVE-2013-5125
Title:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2013-5125
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Applies to:
Created:
2013-09-19
Updated:
2017-06-03

ID:
CVE-2013-5126
Title:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2013-5126
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Applies to:
Created:
2013-09-19
Updated:
2017-06-03

ID:
CVE-2013-5127
Title:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2013-5127
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Applies to:
Created:
2013-09-19
Updated:
2017-06-03

ID:
CVE-2013-5128
Title:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2013-5128
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Applies to:
Created:
2013-09-19
Updated:
2017-06-03

ID:
CVE-2013-5129
Title:
Multiple cross-site scripting (XSS) vulnerabilities in WebKit in Apple iOS before 7 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation.
Type:
Mobile Devices
Bulletins:
CVE-2013-5129
Severity:
Medium
Description:
Multiple cross-site scripting (XSS) vulnerabilities in WebKit in Apple iOS before 7 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation.
Applies to:
Created:
2013-09-19
Updated:
2017-06-03

ID:
CVE-2013-5131
Title:
Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Type:
Mobile Devices
Bulletins:
CVE-2013-5131
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Applies to:
Created:
2013-09-19
Updated:
2017-06-03

ID:
CVE-2013-5137
Title:
IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API.
Type:
Mobile Devices
Bulletins:
CVE-2013-5137
Severity:
Low
Description:
IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API.
Applies to:
Created:
2013-09-19
Updated:
2017-06-03

ID:
CVE-2013-5138
Title:
IOCatalogue in IOKitUser in Apple iOS before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted application.
Type:
Mobile Devices
Bulletins:
CVE-2013-5138
Severity:
Medium
Description:
IOCatalogue in IOKitUser in Apple iOS before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted application.
Applies to:
Created:
2013-09-19
Updated:
2017-06-03

ID:
CVE-2013-5139
Title:
The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds array access) via a crafted application.
Type:
Mobile Devices
Bulletins:
CVE-2013-5139
Severity:
High
Description:
The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds array access) via a crafted application.
Applies to:
Created:
2013-09-19
Updated:
2017-06-03

ID:
CVE-2013-5140
Title:
The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment.
Type:
Mobile Devices
Bulletins:
CVE-2013-5140
Severity:
High
Description:
The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment.
Applies to:
Created:
2013-09-19
Updated:
2017-06-03

ID:
CVE-2013-5141
Title:
The kernel in Apple iOS before 7 uses an incorrect data size for a certain integer variable, which allows attackers to cause a denial of service (infinite loop and device hang) via a crafted application, related to an "integer...
Type:
Mobile Devices
Bulletins:
CVE-2013-5141
Severity:
High
Description:
The kernel in Apple iOS before 7 uses an incorrect data size for a certain integer variable, which allows attackers to cause a denial of service (infinite loop and device hang) via a crafted application, related to an "integer truncation vulnerability."
Applies to:
Created:
2013-09-19
Updated:
2017-06-03

ID:
CVE-2013-5142
Title:
The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2) segctl API.
Type:
Mobile Devices
Bulletins:
CVE-2013-5142
Severity:
Medium
Description:
The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2) segctl API.
Applies to:
Created:
2013-09-19
Updated:
2017-06-03

ID:
CVE-2013-5145
Title:
kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message.
Type:
Mobile Devices
Bulletins:
CVE-2013-5145
Severity:
Medium
Description:
kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message.
Applies to:
Created:
2013-09-19
Updated:
2017-06-03

ID:
CVE-2013-5151
Title:
Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file.
Type:
Mobile Devices
Bulletins:
CVE-2013-5151
Severity:
Medium
Description:
Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file.
Applies to:
Created:
2013-09-19
Updated:
2017-06-03

ID:
CVE-2013-5152
Title:
Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site.
Type:
Mobile Devices
Bulletins:
CVE-2013-5152
Severity:
Medium
Description:
Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site.
Applies to:
Created:
2013-09-19
Updated:
2017-06-03

ID:
CVE-2013-5153
Title:
Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors.
Type:
Mobile Devices
Bulletins:
CVE-2013-5153
Severity:
Low
Description:
Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors.
Applies to:
Created:
2013-09-19
Updated:
2017-06-03

ID:
CVE-2013-5154
Title:
The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a...
Type:
Mobile Devices
Bulletins:
CVE-2013-5154
Severity:
Medium
Description:
The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a crafted application.
Applies to:
Created:
2013-09-19
Updated:
2017-06-03

ID:
CVE-2013-5155
Title:
The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random.
Type:
Mobile Devices
Bulletins:
CVE-2013-5155
Severity:
High
Description:
The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random.
Applies to:
Created:
2013-09-19
Updated:
2017-06-03

ID:
CVE-2013-5156
Title:
The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct...
Type:
Mobile Devices
Bulletins:
CVE-2013-5156
Severity:
Medium
Description:
The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct requests to the daemon.
Applies to:
Created:
2013-09-19
Updated:
2017-06-03

ID:
CVE-2013-5157
Title:
The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests to the daemon.
Type:
Mobile Devices
Bulletins:
CVE-2013-5157
Severity:
Medium
Description:
The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests to the daemon.
Applies to:
Created:
2013-09-19
Updated:
2017-06-03

ID:
CVE-2013-5158
Title:
The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Twitter interaction via unspecified...
Type:
Mobile Devices
Bulletins:
CVE-2013-5158
Severity:
Low
Description:
The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Twitter interaction via unspecified vectors.
Applies to:
Created:
2013-09-19
Updated:
2017-06-03

ID:
CVE-2013-1025
Title:
Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document.
Type:
Mobile Devices
Bulletins:
CVE-2013-1025
Severity:
Medium
Description:
Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document.
Applies to:
Created:
2013-09-16
Updated:
2017-06-03

ID:
CVE-2013-1026
Title:
Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document.
Type:
Mobile Devices
Bulletins:
CVE-2013-1026
Severity:
Medium
Description:
Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document.
Applies to:
Created:
2013-09-16
Updated:
2017-06-03

ID:
CVE-2013-1028
Title:
The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive...
Type:
Mobile Devices
Bulletins:
CVE-2013-1028
Severity:
Medium
Description:
The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive information via a crafted certificate.
Applies to:
Created:
2013-09-16
Updated:
2017-06-03

ID:
CVE-2013-5496
Title:
Open Network Environment Platform (ONEP) in Cisco NX-OS allows remote authenticated users to cause a denial of service (network-element reload) via a crafted packet, aka Bug ID CSCui51551.
Type:
Hardware
Bulletins:
CVE-2013-5496
Severity:
Medium
Description:
Open Network Environment Platform (ONEP) in Cisco NX-OS allows remote authenticated users to cause a denial of service (network-element reload) via a crafted packet, aka Bug ID CSCui51551.
Applies to:
Created:
2013-09-16
Updated:
2017-06-03

ID:
CVE-2013-5649
Title:
Multiple cross-site scripting (XSS) vulnerabilities in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.1 before 7.1r15, 7.2 before 7.2r11, 7.3 before 7.3r6, and 7.4 before 7.4r3 allow (1) remote attackers to inject arbitrary...
Type:
Hardware
Bulletins:
CVE-2013-5649
Severity:
Medium
Description:
Multiple cross-site scripting (XSS) vulnerabilities in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.1 before 7.1r15, 7.2 before 7.2r11, 7.3 before 7.3r6, and 7.4 before 7.4r3 allow (1) remote attackers to inject arbitrary web script or HTML via vectors involving login pages, and allow (2) remote authenticated users to inject arbitrary web script or HTML via vectors involving a support page.
Applies to:
Created:
2013-09-13
Updated:
2017-06-03

ID:
CVE-2013-3458
Title:
Cisco Adaptive Security Appliances (ASA) devices, when SMP is used, do not properly process X.509 certificates, which allows remote attackers to cause a denial of service (device crash) via a large volume of (1) SSL or (2) TLS traffic, aka Bug ID...
Type:
Hardware
Bulletins:
CVE-2013-3458
Severity:
High
Description:
Cisco Adaptive Security Appliances (ASA) devices, when SMP is used, do not properly process X.509 certificates, which allows remote attackers to cause a denial of service (device crash) via a large volume of (1) SSL or (2) TLS traffic, aka Bug ID CSCuh19462.
Applies to:
Created:
2013-09-07
Updated:
2017-06-03

ID:
CVE-2013-3474
Title:
The Web Administrator Interface on Cisco Wireless LAN Controller (WLC) devices allows remote authenticated users to cause a denial of service (device crash) by leveraging membership in the Full Manager managers group, Read Only managers group, or...
Type:
Hardware
Bulletins:
CVE-2013-3474
SFBID62084
Severity:
Medium
Description:
The Web Administrator Interface on Cisco Wireless LAN Controller (WLC) devices allows remote authenticated users to cause a denial of service (device crash) by leveraging membership in the Full Manager managers group, Read Only managers group, or Lobby Ambassador managers group, and sending a request that (1) lacks a parameter value or (2) contains a malformed parameter value, aka Bug IDs CSCuh14313, CSCuh14159, CSCuh14368, and CSCuh14436.
Applies to:
Created:
2013-08-30
Updated:
2017-06-03

ID:
CVE-2013-5469
Title:
The TCP implementation in Cisco IOS does not properly implement the transitions from the ESTABLISHED state to the CLOSED state, which allows remote attackers to cause a denial of service (flood of ACK packets) via a crafted series of ACK and FIN...
Type:
Hardware
Bulletins:
CVE-2013-5469
SFBID62083
Severity:
High
Description:
The TCP implementation in Cisco IOS does not properly implement the transitions from the ESTABLISHED state to the CLOSED state, which allows remote attackers to cause a denial of service (flood of ACK packets) via a crafted series of ACK and FIN packets, aka Bug ID CSCtz14399.
Applies to:
Created:
2013-08-30
Updated:
2017-06-03

ID:
CVE-2013-3463
Title:
The protocol-inspection feature on Cisco Adaptive Security Appliances (ASA) devices does not properly implement the idle timeout, which allows remote attackers to cause a denial of service (connection-table exhaustion) via crafted requests that use...
Type:
Hardware
Bulletins:
CVE-2013-3463
SFBID62068
Severity:
Medium
Description:
The protocol-inspection feature on Cisco Adaptive Security Appliances (ASA) devices does not properly implement the idle timeout, which allows remote attackers to cause a denial of service (connection-table exhaustion) via crafted requests that use an inspected protocol, aka Bug ID CSCuh13899.
Applies to:
Created:
2013-08-29
Updated:
2017-06-03

ID:
CVE-2013-3470
Title:
The RIP process in Cisco IOS XR allows remote attackers to cause a denial of service (process crash) via a crafted version-2 RIP packet, aka Bug ID CSCue46731.
Type:
Hardware
Bulletins:
CVE-2013-3470
SFBID62066
Severity:
Medium
Description:
The RIP process in Cisco IOS XR allows remote attackers to cause a denial of service (process crash) via a crafted version-2 RIP packet, aka Bug ID CSCue46731.
Applies to:
Created:
2013-08-29
Updated:
2017-06-03

ID:
CVE-2013-3472
Title:
Cross-site request forgery (CSRF) vulnerability in the Enterprise License Manager (ELM) in Cisco Unified Communications Manager (CM) allows remote attackers to hijack the authentication of arbitrary users for requests that make ELM modifications,...
Type:
Hardware
Bulletins:
CVE-2013-3472
Severity:
Medium
Description:
Cross-site request forgery (CSRF) vulnerability in the Enterprise License Manager (ELM) in Cisco Unified Communications Manager (CM) allows remote attackers to hijack the authentication of arbitrary users for requests that make ELM modifications, aka Bug ID CSCui58210.
Applies to:
Unified Communications Manager
Created:
2013-08-29
Updated:
2017-06-03

ID:
CVE-2013-3460
Title:
Memory leak in Cisco Unified Communications Manager (Unified CM) 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(1) allows remote attackers to cause a denial of service (service disruption) via a high rate of UDP packets, aka...
Type:
Hardware
Bulletins:
CVE-2013-3460
Severity:
High
Description:
Memory leak in Cisco Unified Communications Manager (Unified CM) 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(1) allows remote attackers to cause a denial of service (service disruption) via a high rate of UDP packets, aka Bug ID CSCub85597.
Applies to:
Unified Communications Manager
Created:
2013-08-24
Updated:
2017-06-03

ID:
CVE-2013-3461
Title:
Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption,...
Type:
Hardware
Bulletins:
CVE-2013-3461
Severity:
High
Description:
Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption, and service disruption) via a flood of UDP packets to port 5060, aka Bug ID CSCub35869.
Applies to:
Unified Communications Manager
Created:
2013-08-24
Updated:
2017-06-03

ID:
CVE-2013-3462
Title:
Buffer overflow in Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6, 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(2) allows remote authenticated users to execute arbitrary code via unspecified...
Type:
Hardware
Bulletins:
CVE-2013-3462
Severity:
High
Description:
Buffer overflow in Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6, 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(2) allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Bug ID CSCud54358.
Applies to:
Unified Communications Manager
Created:
2013-08-24
Updated:
2017-06-03

ID:
CVE-2013-3459
Title:
Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6a does not properly handle errors, which allows remote attackers to cause a denial of service (service disruption) via malformed registration messages, aka Bug ID CSCuf93466.
Type:
Hardware
Bulletins:
CVE-2013-3459
Severity:
High
Description:
Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6a does not properly handle errors, which allows remote attackers to cause a denial of service (service disruption) via malformed registration messages, aka Bug ID CSCuf93466.
Applies to:
Unified Communications Manager
Created:
2013-08-24
Updated:
2017-06-03

ID:
CVE-2013-3453
Title:
Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (memory and CPU consumption) by making many TCP...
Type:
Hardware
Bulletins:
CVE-2013-3453
Severity:
High
Description:
Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (memory and CPU consumption) by making many TCP connections to port (1) 5060 or (2) 5061, aka Bug ID CSCud84959.
Applies to:
Unified Communications Manager
Created:
2013-08-22
Updated:
2017-06-03

ID:
OVAL18318
Title:
Vulnerability in Active Directory Federation Services could allow information disclosure - MS13-066
Type:
Software
Bulletins:
OVAL18318
CVE-2013-3185
Severity:
Low
Description:
Microsoft Active Directory Federation Services (AD FS) 1.x through 2.1 on Windows Server 2003 R2 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allows remote attackers to obtain sensitive information about the service account, and possibly conduct account-lockout attacks, by connecting to an endpoint, aka "AD FS Information Disclosure Vulnerability."
Applies to:
Microsoft Active Directory Federation Services
Created:
2013-08-19
Updated:
2015-08-10

ID:
CVE-2013-3464
Title:
Cisco IOS XR allows local users to cause a denial of service (Silicon Packet Processor memory corruption, improper mutex handling, and device reload) by starting an outbound flood of large ICMP Echo Request packets and stopping this with a CTRL-C...
Type:
Hardware
Bulletins:
CVE-2013-3464
Severity:
Medium
Description:
Cisco IOS XR allows local users to cause a denial of service (Silicon Packet Processor memory corruption, improper mutex handling, and device reload) by starting an outbound flood of large ICMP Echo Request packets and stopping this with a CTRL-C sequence, aka Bug ID CSCui60347.
Applies to:
Created:
2013-08-13
Updated:
2017-06-03

ID:
CVE-2013-4806
Title:
The OSPF implementation on HP JD9##A routers; HP J4###A, J484#B, J8###A, JD3##A, JE###A, and JF55#A switches; HP 3COM routers and switches; and HP H3C routers and switches does not consider the possibility of duplicate Link State ID values in Link...
Type:
Hardware
Bulletins:
CVE-2013-4806
Severity:
High
Description:
The OSPF implementation on HP JD9##A routers; HP J4###A, J484#B, J8###A, JD3##A, JE###A, and JF55#A switches; HP 3COM routers and switches; and HP H3C routers and switches does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote authenticated users to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.
Applies to:
hh3c-s5600-26C-PWR
hh3c-s5600-50C
3Com Router 5642
3Com Router 5682
hh3c-s5600-26C
hh3c-s5600-26F
3Com Router 3013
3Com Switch 5500G-48P-SI
3Com Router 3012
3Com Switch 5500G-EI 48-Port
3Com Switch 5500G-EI 24-Port
hh3c-s5600-50C-PWR
...
Created:
2013-08-12
Updated:
2017-06-03

ID:
CVE-2013-3454
Title:
Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices, has a default password for the pwrecovery account, which makes it easier for remote attackers to modify the...
Type:
Hardware
Bulletins:
CVE-2013-3454
Severity:
High
Description:
Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices, has a default password for the pwrecovery account, which makes it easier for remote attackers to modify the configuration or perform arbitrary actions via HTTPS requests, aka Bug ID CSCui43128.
Applies to:
Cisco TelePresence System 3010
Cisco TelePresence System 3210
Cisco TX 9000
Cisco TX 9200
Cisco TelePresence System 3000
Cisco TelePresence System 3200
Cisco TelePresence System 1300
Created:
2013-08-08
Updated:
2017-06-03

ID:
CVE-2013-3442
Title:
The web portal in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854.
Type:
Hardware
Bulletins:
CVE-2013-3442
Severity:
Medium
Description:
The web portal in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854.
Applies to:
Unified Communications Manager
Created:
2013-08-05
Updated:
2017-06-03

ID:
CVE-2013-3450
Title:
Cross-site request forgery (CSRF) vulnerability in the User WebDialer page in Cisco Unified Communications Manager (Unified CM) allows remote attackers to hijack the authentication of arbitrary users for requests that dial calls, aka Bug ID CSCui13028.
Type:
Hardware
Bulletins:
CVE-2013-3450
Severity:
Medium
Description:
Cross-site request forgery (CSRF) vulnerability in the User WebDialer page in Cisco Unified Communications Manager (Unified CM) allows remote attackers to hijack the authentication of arbitrary users for requests that dial calls, aka Bug ID CSCui13028.
Applies to:
Unified Communications Manager
Created:
2013-08-05
Updated:
2017-06-03

ID:
CVE-2013-3451
Title:
Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Unified Communications Manager (Unified CM) allow remote attackers to hijack the authentication of arbitrary users for requests that perform arbitrary Unified CM operations, aka Bug...
Type:
Hardware
Bulletins:
CVE-2013-3451
Severity:
Medium
Description:
Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Unified Communications Manager (Unified CM) allow remote attackers to hijack the authentication of arbitrary users for requests that perform arbitrary Unified CM operations, aka Bug ID CSCui13033.
Applies to:
Unified Communications Manager
Created:
2013-08-05
Updated:
2017-06-03

ID:
CVE-2012-5460
Title:
Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText...
Type:
Hardware
Bulletins:
CVE-2012-5460
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter.
Applies to:
Created:
2013-08-01
Updated:
2017-06-03

ID:
OVAL16978
Title:
Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a...
Type:
Software
Bulletins:
OVAL16978
CVE-2007-1008
Severity:
Low
Description:
Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requires an attacker to perform DNS spoofing or man-in-the-middle attacks for exploitation.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17298
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL17298
CVE-2013-0996
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17144
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL17144
CVE-2012-3675
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL16826
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL16826
CVE-2012-0631
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL16843
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
OVAL16843
CVE-2011-0146
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17170
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL17170
CVE-2011-3235
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17488
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL17488
CVE-2012-0592
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17048
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL17048
CVE-2012-0617
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17167
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
OVAL17167
CVE-2011-0135
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL16938
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
OVAL16938
CVE-2011-0168
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17575
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL17575
CVE-2012-3672
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17427
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL17427
CVE-2012-0593
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17327
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
OVAL17327
CVE-2011-0118
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17246
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL17246
CVE-2012-3648
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17207
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL17207
CVE-2011-3237
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17297
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL17297
CVE-2011-2871
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL16788
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
OVAL16788
CVE-2011-0126
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17486
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL17486
CVE-2012-0604
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17572
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL17572
CVE-2013-1001
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17394
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
OVAL17394
CVE-2011-0128
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17377
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL17377
CVE-2012-3708
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17299
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
OVAL17299
CVE-2011-0155
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17326
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL17326
CVE-2011-2873
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17413
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
OVAL17413
CVE-2011-0143
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17466
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL17466
CVE-2013-0997
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL16919
Title:
CoreFoundation, as used in Apple iTunes before 10.5, does not properly perform string tokenization, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash)...
Type:
Software
Bulletins:
OVAL16919
CVE-2011-0259
Severity:
Low
Description:
CoreFoundation, as used in Apple iTunes before 10.5, does not properly perform string tokenization, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17359
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL17359
CVE-2013-1008
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17302
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL17302
CVE-2012-0619
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17473
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL17473
CVE-2012-0613
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17357
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL17357
CVE-2012-3622
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17458
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL17458
CVE-2012-0628
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17483
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL17483
CVE-2011-3239
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17288
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL17288
CVE-2012-3699
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17272
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL17272
CVE-2012-3649
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17516
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL17516
CVE-2012-3647
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17372
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
OVAL17372
CVE-2011-0122
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17530
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL17530
CVE-2012-3643
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17104
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
OVAL17104
CVE-2011-0142
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17018
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
OVAL17018
CVE-2011-0123
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17220
Title:
Use-after-free vulnerability in the setOuterText method in the htmlelement library in WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service...
Type:
Software
Bulletins:
OVAL17220
CVE-2011-0116
Severity:
Low
Description:
Use-after-free vulnerability in the setOuterText method in the htmlelement library in WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to DOM manipulations during iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17435
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL17435
CVE-2011-2868
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17621
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL17621
CVE-2013-0992
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17407
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL17407
CVE-2013-1011
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17340
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL17340
CVE-2011-2356
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL16768
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL16768
CVE-2012-3632
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17247
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
OVAL17247
CVE-2011-0127
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17355
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL17355
CVE-2011-3244
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL16568
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
OVAL16568
CVE-2011-0130
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17136
Title:
Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning
Type:
Software
Bulletins:
OVAL17136
CVE-2008-3434
Severity:
Low
Description:
Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17016
Title:
Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist
Type:
Software
Bulletins:
OVAL17016
CVE-2012-0677
Severity:
Low
Description:
Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL16780
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL16780
CVE-2012-3660
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17081
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL17081
CVE-2012-3598
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL16726
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL16726
CVE-2012-0608
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17009
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL17009
CVE-2013-0993
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17559
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL17559
CVE-2012-3710
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17539
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL17539
CVE-2012-3712
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17212
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL17212
CVE-2011-3238
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL16756
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL16756
CVE-2012-0614
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL16983
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL16983
CVE-2012-3614
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17438
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL17438
CVE-2011-2872
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17161
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
OVAL17161
CVE-2011-0129
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17070
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
OVAL17070
CVE-2011-0113
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL16488
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
OVAL16488
CVE-2011-0147
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17384
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL17384
CVE-2012-3688
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17138
Title:
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL17138
CVE-2012-0638
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17367
Title:
Heap-based buffer overflow in ImageIO in CoreGraphics in Apple iTunes before 10.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted International Color Consortium...
Type:
Software
Bulletins:
OVAL17367
CVE-2011-0170
Severity:
Low
Description:
Heap-based buffer overflow in ImageIO in CoreGraphics in Apple iTunes before 10.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted International Color Consortium (ICC) profile in a JPEG image.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17237
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL17237
CVE-2012-3673
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17123
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL17123
CVE-2013-1010
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17548
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL17548
CVE-2012-3687
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL16865
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL16865
CVE-2011-2354
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL16941
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL16941
CVE-2012-0594
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17168
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL17168
CVE-2012-0606
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17163
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL17163
CVE-2012-3651
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17400
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL17400
CVE-2013-0994
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL16994
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL16994
CVE-2011-2867
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17605
Title:
Apple iTunes before 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate
Type:
Software
Bulletins:
OVAL17605
CVE-2013-1014
Severity:
Low
Description:
Apple iTunes before 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL16907
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL16907
CVE-2013-0991
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17331
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL17331
CVE-2012-0616
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17419
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL17419
CVE-2012-0629
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL16784
Title:
Buffer overflow in CoreAudio, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Advanced Audio Coding (AAC) stream
Type:
Software
Bulletins:
OVAL16784
CVE-2011-3252
Severity:
Low
Description:
Buffer overflow in CoreAudio, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Advanced Audio Coding (AAC) stream.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL16871
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
OVAL16871
CVE-2011-0165
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17319
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL17319
CVE-2012-0624
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17336
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL17336
CVE-2012-3601
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17446
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
OVAL17446
CVE-2011-0139
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17250
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
OVAL17250
CVE-2011-0117
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17397
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
OVAL17397
CVE-2011-0151
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17334
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL17334
CVE-2011-2870
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17224
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL17224
CVE-2012-3613
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17546
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL17546
CVE-2012-3705
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL16891
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL16891
CVE-2012-3657
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL16879
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL16879
CVE-2012-0597
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17092
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
OVAL17092
CVE-2011-0125
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17271
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL17271
CVE-2012-0620
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17203
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL17203
CVE-2011-3233
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17368
Title:
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL17368
CVE-2011-2866
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17060
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL17060
CVE-2012-0605
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17068
Title:
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL17068
CVE-2012-0636
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17601
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL17601
CVE-2013-1005
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17072
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly access glyph data during layout actions for floating blocks associated with pseudo-elements, which allows man-in-the-middle attackers to execute arbitrary code or...
Type:
Software
Bulletins:
OVAL17072
CVE-2011-0133
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly access glyph data during layout actions for floating blocks associated with pseudo-elements, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17464
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL17464
CVE-2012-0601
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17156
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL17156
CVE-2012-0612
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17471
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL17471
CVE-2012-0600
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17507
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL17507
CVE-2012-3623
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL16980
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL16980
CVE-2012-0633
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17082
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL17082
CVE-2012-0630
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17475
Title:
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL17475
CVE-2012-0648
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17317
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL17317
CVE-2011-2831
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17143
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL17143
CVE-2013-1006
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17094
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
OVAL17094
CVE-2011-0131
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17241
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly parse HTML elements associated with document namespaces, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory...
Type:
Software
Bulletins:
OVAL17241
CVE-2011-0149
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly parse HTML elements associated with document namespaces, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to a "dangling pointer" and iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17364
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL17364
CVE-2012-0625
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17308
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows and Apple iOS, does not properly implement the .sort function for JavaScript arrays, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service...
Type:
Software
Bulletins:
OVAL17308
CVE-2011-0154
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows and Apple iOS, does not properly implement the .sort function for JavaScript arrays, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17366
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL17366
CVE-2012-0611
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17445
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL17445
CVE-2012-3701
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17433
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL17433
CVE-2012-3702
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17158
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL17158
CVE-2012-0591
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17127
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
OVAL17127
CVE-2011-0145
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17393
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL17393
CVE-2012-3684
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL16959
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
OVAL16959
CVE-2011-0112
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17254
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
OVAL17254
CVE-2011-0119
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17211
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL17211
CVE-2011-2820
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17269
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL17269
CVE-2012-3607
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17365
Title:
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL17365
CVE-2012-0634
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17342
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL17342
CVE-2012-3677
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17604
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL17604
CVE-2013-1004
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL16638
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL16638
CVE-2012-3711
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17478
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL17478
CVE-2012-3703
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17469
Title:
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL17469
CVE-2012-0637
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17059
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
OVAL17059
CVE-2011-0134
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17264
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL17264
CVE-2012-3652
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17263
Title:
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL17263
CVE-2012-0639
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17383
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL17383
CVE-2011-2814
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17582
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL17582
CVE-2012-3704
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL16626
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL16626
CVE-2012-3671
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL16974
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL16974
CVE-2012-0596
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17370
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL17370
CVE-2011-2815
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17561
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL17561
CVE-2013-0995
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17020
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL17020
CVE-2011-2339
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17441
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL17441
CVE-2013-1007
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17174
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL17174
CVE-2012-0607
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17518
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL17518
CVE-2012-3706
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17218
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
OVAL17218
CVE-2011-0153
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17312
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
OVAL17312
CVE-2011-0144
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17444
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL17444
CVE-2011-2813
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17172
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
OVAL17172
CVE-2011-0111
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17374
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
OVAL17374
CVE-2011-0121
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL16532
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL16532
CVE-2012-3602
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17282
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL17282
CVE-2012-0622
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17184
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL17184
CVE-2012-3617
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17199
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL17199
CVE-2012-3616
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17276
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL17276
CVE-2011-2833
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL16714
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL16714
CVE-2011-3236
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL16795
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL16795
CVE-2011-2869
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17303
Title:
Heap-based buffer overflow in Apple iTunes before 7.4 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted album cover art in the covr atom of an MP4/AAC file
Type:
Software
Bulletins:
OVAL17303
CVE-2007-3752
Severity:
Low
Description:
Heap-based buffer overflow in Apple iTunes before 7.4 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted album cover art in the covr atom of an MP4/AAC file.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17152
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL17152
CVE-2012-0610
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17482
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
OVAL17482
CVE-2011-0164
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL16678
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL16678
CVE-2012-0632
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17467
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL17467
CVE-2012-3658
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17437
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL17437
CVE-2012-3612
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17057
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL17057
CVE-2012-0595
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17523
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL17523
CVE-2012-3621
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17429
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL17429
CVE-2012-0627
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17562
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL17562
CVE-2012-3659
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL16724
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL16724
CVE-2011-2809
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17128
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL17128
CVE-2012-0618
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17432
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL17432
CVE-2012-0621
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17401
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL17401
CVE-2011-3241
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17463
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL17463
CVE-2012-3692
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17339
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
OVAL17339
CVE-2011-0150
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL16986
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL16986
CVE-2012-3700
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL16730
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
OVAL16730
CVE-2011-0141
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17084
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL17084
CVE-2011-2341
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17352
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL17352
CVE-2012-3676
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17228
Title:
Buffer overflow in CoreMedia, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding
Type:
Software
Bulletins:
OVAL17228
CVE-2011-3219
Severity:
Low
Description:
Buffer overflow in CoreMedia, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17375
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL17375
CVE-2012-0598
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17387
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL17387
CVE-2012-0603
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17187
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL17187
CVE-2013-1002
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17099
Title:
Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an itms: URL with a long URL component after a colon
Type:
Software
Bulletins:
OVAL17099
CVE-2009-0950
Severity:
Low
Description:
Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an itms: URL with a long URL component after a colon.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17434
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL17434
CVE-2012-0609
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL16903
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
OVAL16903
CVE-2011-0114
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17222
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
OVAL17222
CVE-2011-0136
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17191
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
OVAL17191
CVE-2011-0156
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL16874
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL16874
CVE-2012-3606
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17252
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL17252
CVE-2013-1003
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17204
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL17204
CVE-2012-0599
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17396
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL17396
CVE-2013-1000
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17280
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
OVAL17280
CVE-2011-0124
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17524
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL17524
CVE-2012-3685
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL16588
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL16588
CVE-2012-3624
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17481
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL17481
CVE-2012-3709
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17287
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL17287
CVE-2012-0602
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17373
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
OVAL17373
CVE-2011-0120
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17169
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL17169
CVE-2012-0635
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL16916
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
OVAL16916
CVE-2011-0148
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL16762
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL16762
CVE-2013-0999
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17064
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL17064
CVE-2012-3707
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17378
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
OVAL17378
CVE-2011-0140
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17208
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL17208
CVE-2011-2817
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17304
Title:
Buffer overflow in Apple iTunes before 4.8 allows remote attackers to execute arbitrary code via a crafted MPEG4 file
Type:
Software
Bulletins:
OVAL17304
CVE-2005-1248
Severity:
Low
Description:
Buffer overflow in Apple iTunes before 4.8 allows remote attackers to execute arbitrary code via a crafted MPEG4 file.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL16457
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
OVAL16457
CVE-2011-0137
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17431
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL17431
CVE-2012-0623
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL16862
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL16862
CVE-2012-0626
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17544
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
OVAL17544
CVE-2012-3654
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17133
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL17133
CVE-2011-2352
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17362
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL17362
CVE-2011-2338
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17076
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL17076
CVE-2011-2816
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17051
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL17051
CVE-2011-2811
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17185
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
OVAL17185
CVE-2012-0615
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17300
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
OVAL17300
CVE-2013-0998
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
OVAL17452
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
OVAL17452
CVE-2011-0138
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
CVE-2013-3414
Title:
Cross-site scripting (XSS) vulnerability in the WebVPN portal login page on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCug83080.
Type:
Hardware
Bulletins:
CVE-2013-3414
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in the WebVPN portal login page on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCug83080.
Applies to:
Created:
2013-07-25
Updated:
2017-06-03

ID:
CVE-2013-3436
Title:
The default configuration of the Group Encrypted Transport VPN (GET VPN) feature on Cisco IOS uses an improper mechanism for enabling Group Domain of Interpretation (GDOI) traffic flow, which allows remote attackers to bypass the encryption policy...
Type:
Hardware
Bulletins:
CVE-2013-3436
Severity:
Medium
Description:
The default configuration of the Group Encrypted Transport VPN (GET VPN) feature on Cisco IOS uses an improper mechanism for enabling Group Domain of Interpretation (GDOI) traffic flow, which allows remote attackers to bypass the encryption policy via certain uses of UDP port 848, aka Bug ID CSCui07698.
Applies to:
Created:
2013-07-19
Updated:
2017-06-03

ID:
CVE-2013-3402
Title:
An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440.
Type:
Hardware
Bulletins:
CVE-2013-3402
Severity:
Medium
Description:
An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440.
Applies to:
Unified Communications Manager
Created:
2013-07-18
Updated:
2017-06-03

ID:
CVE-2013-3403
Title:
Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allow local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged...
Type:
Hardware
Bulletins:
CVE-2013-3403
Severity:
Medium
Description:
Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allow local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCuh73454.
Applies to:
Unified Communications Manager
Created:
2013-07-18
Updated:
2017-06-03

ID:
CVE-2013-3404
Title:
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging...
Type:
Hardware
Bulletins:
CVE-2013-3404
Severity:
High
Description:
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051.
Applies to:
Unified Communications Manager
Created:
2013-07-18
Updated:
2017-06-03

ID:
CVE-2013-3412
Title:
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuh81766.
Type:
Hardware
Bulletins:
CVE-2013-3412
Severity:
Medium
Description:
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuh81766.
Applies to:
Unified Communications Manager
Created:
2013-07-18
Updated:
2017-06-03

ID:
CVE-2013-3433
Title:
Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka...
Type:
Hardware
Bulletins:
CVE-2013-3433
Severity:
Medium
Description:
Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02276.
Applies to:
Unified Communications Manager
Created:
2013-07-18
Updated:
2017-06-03

ID:
CVE-2013-3434
Title:
Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka...
Type:
Hardware
Bulletins:
CVE-2013-3434
Severity:
Medium
Description:
Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02242.
Applies to:
Unified Communications Manager
Created:
2013-07-18
Updated:
2017-06-03

ID:
OVAL17341
Title:
TrueType Font Parsing Vulnerability
Type:
Software
Bulletins:
OVAL17341
CVE-2013-3129
Severity:
Low
Description:
Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight 5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and GDI+, DirectWrite, and Journal, in Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT; GDI+ in Office 2003 SP3, 2007 SP3, and 2010 SP1; GDI+ in Visual Studio .NET 2003 SP1; and GDI+ in Lync 2010, 2010 Attendee, 2013, and Basic 2013 allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."
Applies to:
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.0
Microsoft .NET Framework 4.5
Microsoft Silverlight 5
Microsoft Office 2003
Microsoft Office 2007
Microsoft Office 2010
Created:
2013-07-15
Updated:
2015-02-23

ID:
OVAL16998
Title:
WMV Video Decoder remote code execution vulnerability - MS13-057
Type:
Miscellaneous
Bulletins:
OVAL16998
CVE-2013-3127
Severity:
Low
Description:
The Microsoft WMV video codec in wmv9vcm.dll, wmvdmod.dll in Windows Media Format Runtime 9 and 9.5, and wmvdecod.dll in Windows Media Format Runtime 11 and Windows Media Player 11 and 12 allows remote attackers to execute arbitrary code via a crafted media file, aka "WMV Video Decoder Remote Code Execution Vulnerability."
Applies to:
Windows Media Format Runtime 9.0
Windows Media Format Runtime 9.5
Windows Media Format Runtime 11
Windows Media Player 12
Created:
2013-07-12
Updated:
2015-08-10

ID:
OVAL17253
Title:
Microsoft Windows Defender Improper Pathname Vulnerability - MS13-058
Type:
Software
Bulletins:
OVAL17253
CVE-2013-3154
Severity:
Low
Description:
The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory, aka "Microsoft Windows 7 Defender Improper Pathname Vulnerability."
Applies to:
Created:
2013-07-11
Updated:
2015-08-17

ID:
CVE-2013-4684
Title:
flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R8, 12.1 before 12.1R7, and 12.1X44 before 12.1X44-D15 on SRX devices, when PIM and NAT are enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted PIM...
Type:
Hardware
Bulletins:
CVE-2013-4684
SFBID61127
Severity:
High
Description:
flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R8, 12.1 before 12.1R7, and 12.1X44 before 12.1X44-D15 on SRX devices, when PIM and NAT are enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted PIM packets, aka PR 842253.
Applies to:
Juniper SRX1400
Juniper SRX110
Juniper SRX220
Juniper SRX550
Juniper SRX240
Juniper SRX3400
Juniper SRX5600
Juniper SRX3600
Juniper SRX5800
Juniper SRX100
Juniper SRX210
Juniper SRX650
Created:
2013-07-11
Updated:
2017-06-03

ID:
CVE-2013-4685
Title:
Buffer overflow in flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7, 12.1 before 12.1R6, and 12.1X44 before 12.1X44-D15 on SRX devices, when Captive Portal is enabled with the UAC enforcer role, allows remote attackers to execute...
Type:
Hardware
Bulletins:
CVE-2013-4685
SFBID61125
Severity:
High
Description:
Buffer overflow in flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7, 12.1 before 12.1R6, and 12.1X44 before 12.1X44-D15 on SRX devices, when Captive Portal is enabled with the UAC enforcer role, allows remote attackers to execute arbitrary code via crafted HTTP requests, aka PR 849100.
Applies to:
Juniper SRX1400
Juniper SRX110
Juniper SRX220
Juniper SRX550
Juniper SRX240
Juniper SRX3400
Juniper SRX5600
Juniper SRX3600
Juniper SRX5800
Juniper SRX100
Juniper SRX210
Juniper SRX650
Created:
2013-07-11
Updated:
2017-06-03

ID:
CVE-2013-4686
Title:
The kernel in Juniper Junos 10.4 before 10.4R14, 11.4 before 11.4R8, 11.4X27 before 11.4X27.43, 12.1 before 12.1R6, 12.1X44 before 12.1X44-D20, 12.2 before 12.2R4, and 12.3 before 12.3R2, in certain VLAN configurations with unrestricted arp-resp and...
Type:
Hardware
Bulletins:
CVE-2013-4686
SFBID61126
Severity:
High
Description:
The kernel in Juniper Junos 10.4 before 10.4R14, 11.4 before 11.4R8, 11.4X27 before 11.4X27.43, 12.1 before 12.1R6, 12.1X44 before 12.1X44-D20, 12.2 before 12.2R4, and 12.3 before 12.3R2, in certain VLAN configurations with unrestricted arp-resp and proxy-arp settings, allows remote attackers to cause a denial of service (device crash) via a crafted ARP request, aka PR 842091.
Applies to:
Created:
2013-07-11
Updated:
2017-06-03

ID:
CVE-2013-4687
Title:
flowd in Juniper Junos 10.4 before 10.4S14, 11.2 and 11.4 before 11.4R6-S2, and 12.1 before 12.1R6 on SRX devices, when certain Application Layer Gateways (ALGs) are enabled, allows remote attackers to cause a denial of service (daemon crash) via...
Type:
Hardware
Bulletins:
CVE-2013-4687
SFBID61122
Severity:
High
Description:
flowd in Juniper Junos 10.4 before 10.4S14, 11.2 and 11.4 before 11.4R6-S2, and 12.1 before 12.1R6 on SRX devices, when certain Application Layer Gateways (ALGs) are enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted TCP packets, aka PRs 727980, 806269, and 835593.
Applies to:
Juniper SRX1400
Juniper SRX110
Juniper SRX220
Juniper SRX550
Juniper SRX240
Juniper SRX3400
Juniper SRX5600
Juniper SRX3600
Juniper SRX5800
Juniper SRX100
Juniper SRX210
Juniper SRX650
Created:
2013-07-11
Updated:
2017-06-03

ID:
CVE-2013-4688
Title:
flowd in Juniper Junos 10.4 before 10.4R11 on SRX devices, when the MSRPC Application Layer Gateway (ALG) is enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted MSRPC requests, aka PR 772834.
Type:
Hardware
Bulletins:
CVE-2013-4688
SFBID61124
Severity:
High
Description:
flowd in Juniper Junos 10.4 before 10.4R11 on SRX devices, when the MSRPC Application Layer Gateway (ALG) is enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted MSRPC requests, aka PR 772834.
Applies to:
Juniper SRX1400
Juniper SRX110
Juniper SRX220
Juniper SRX550
Juniper SRX240
Juniper SRX3400
Juniper SRX5600
Juniper SRX3600
Juniper SRX5800
Juniper SRX100
Juniper SRX210
Juniper SRX650
Created:
2013-07-11
Updated:
2017-06-03

ID:
CVE-2013-4690
Title:
Juniper Junos 10.4 before 10.4S13, 11.4 before 11.4R7-S1, 12.1 before 12.1R5-S3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on the SRX1400, SRX3400, and SRX3600 does not properly initialize memory locations used during padding of...
Type:
Hardware
Bulletins:
CVE-2013-4690
SFBID61123
Severity:
Medium
Description:
Juniper Junos 10.4 before 10.4S13, 11.4 before 11.4R7-S1, 12.1 before 12.1R5-S3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on the SRX1400, SRX3400, and SRX3600 does not properly initialize memory locations used during padding of Ethernet packets, which allows remote attackers to obtain sensitive information by reading packet data, aka PR 829536, a related issue to CVE-2003-0001.
Applies to:
Juniper SRX3600
Juniper SRX1400
Juniper SRX3400
Created:
2013-07-11
Updated:
2017-06-03

ID:
CVE-2013-3400
Title:
The license-installation module in Cisco NX-OS on Nexus 1000V devices allows local users to execute arbitrary commands via crafted "install license" arguments, aka Bug ID CSCuh30824.
Type:
Hardware
Bulletins:
CVE-2013-3400
Severity:
Medium
Description:
The license-installation module in Cisco NX-OS on Nexus 1000V devices allows local users to execute arbitrary commands via crafted "install license" arguments, aka Bug ID CSCuh30824.
Applies to:
Cisco Nexus 1000V VSM
Created:
2013-07-10
Updated:
2017-06-03

ID:
CVE-2013-4787
Title:
Android 1.6 Donut through 4.2 Jelly Bean does not properly check cryptographic signatures for applications, which allows attackers to execute arbitrary code via an application package file (APK) that is modified in a way that does...
Type:
Mobile Devices
Bulletins:
CVE-2013-4787
SFBID60952
Severity:
High
Description:
Android 1.6 Donut through 4.2 Jelly Bean does not properly check cryptographic signatures for applications, which allows attackers to execute arbitrary code via an application package file (APK) that is modified in a way that does not violate the cryptographic signature, probably involving multiple entries in a Zip file with the same name in which one entry is validated but the other entry is installed, aka Android security bug 8219321 and the "Master Key" vulnerability.
Applies to:
Created:
2013-07-09
Updated:
2017-06-03

ID:
CVE-2013-2340
Title:
Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and switches allows remote attackers to execute...
Type:
Hardware
Bulletins:
CVE-2013-2340
Severity:
High
Description:
Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and switches allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors.
Applies to:
hh3c-s5600-26C
hh3c-s5600-26F
hh3c-s5600-50C
3Com Router 5642
3Com Router 5640
3Com Router 6080
hh3c-s5600-26C-PWR
3Com Router 3013
3Com Router 5232
3Com Router 5231
3Com Router 3036
3Com Router 3040
3Com Router 3041
3Com Router 5009
...
Created:
2013-07-06
Updated:
2017-06-03

ID:
CVE-2013-2341
Title:
Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and switches allows remote authenticated users to...
Type:
Hardware
Bulletins:
CVE-2013-2341
Severity:
High
Description:
Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and switches allows remote authenticated users to execute arbitrary code or obtain sensitive information via unknown vectors.
Applies to:
hh3c-s5600-26C
hh3c-s5600-26F
hh3c-s5600-50C
3Com Router 5642
3Com Router 5640
3Com Router 6080
hh3c-s5600-26C-PWR
3Com Router 3013
3Com Router 5232
3Com Router 5231
3Com Router 3036
3Com Router 3040
3Com Router 3041
3Com Router 5009
...
Created:
2013-07-06
Updated:
2017-06-03

ID:
CVE-2013-3382
Title:
The Next-Generation Firewall (aka NGFW, formerly CX Context-Aware Security) module 9.x before 9.1.1.9 and 9.1.2.x before 9.1.2.12 for Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (device...
Type:
Hardware
Bulletins:
CVE-2013-3382
Severity:
High
Description:
The Next-Generation Firewall (aka NGFW, formerly CX Context-Aware Security) module 9.x before 9.1.1.9 and 9.1.2.x before 9.1.2.12 for Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (device reload or traffic-processing outage) via fragmented (1) IPv4 or (2) IPv6 traffic, aka Bug ID CSCue88387.
Applies to:
Created:
2013-06-26
Updated:
2017-06-03

ID:
CVE-2013-3397
Title:
Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability component in Cisco Unified Communications Manager (CUCM) allows remote attackers to hijack the authentication of arbitrary users for requests that perform Unified...
Type:
Hardware
Bulletins:
CVE-2013-3397
Severity:
Medium
Description:
Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability component in Cisco Unified Communications Manager (CUCM) allows remote attackers to hijack the authentication of arbitrary users for requests that perform Unified Serviceability actions, aka Bug ID CSCuh10298.
Applies to:
Unified Communications Manager
Created:
2013-06-26
Updated:
2017-06-03

ID:
CVE-2013-3377
Title:
Cisco TelePresence TC Software before 5.1.7 and TE Software before 4.1.3 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCue01743.
Type:
Hardware
Bulletins:
CVE-2013-3377
Severity:
High
Description:
Cisco TelePresence TC Software before 5.1.7 and TE Software before 4.1.3 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCue01743.
Applies to:
Cisco Codec EX90
Cisco Codec C60
Cisco Codec C40
Cisco Codec C90
Cisco Codec EX60
Created:
2013-06-21
Updated:
2017-06-03

ID:
OVAL17149
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
OVAL17149
CVE-2013-2463
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image attribute verification" in 2D.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
OVAL17069
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to...
Type:
Software
Bulletins:
OVAL17069
CVE-2013-2458
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via "an error related to method handles."
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
OVAL17192
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
Type:
Software
Bulletins:
OVAL17192
CVE-2013-2449
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to GnomeFileTypeDetector and a missing check for read permissions for a path.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
OVAL16545
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect integrity via vectors related to...
Type:
Software
Bulletins:
OVAL16545
CVE-2013-2453
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to a missing check for "package access" by the MBeanServer Introspector.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
OVAL17294
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
OVAL17294
CVE-2013-2456
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper access checks for subclasses in the ObjectOutputStream class.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
OVAL16806
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
OVAL16806
CVE-2013-2470
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "ImagingLib byte lookup processing."
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
OVAL17116
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown...
Type:
Software
Bulletins:
OVAL17116
CVE-2013-2460
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "insufficient access checks" in the tracing component.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
OVAL16617
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality via unknown vectors...
Type:
Software
Bulletins:
OVAL16617
CVE-2013-2437
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
OVAL17189
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
OVAL17189
CVE-2013-2473
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ByteBandedRaster size checks" in 2D.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
OVAL17265
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows local users to affect confidentiality, integrity, and...
Type:
Software
Bulletins:
OVAL17265
CVE-2013-2451
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper enforcement of exclusive port binds when running on Windows, which allows attackers to bind to ports that are already in use.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
OVAL17230
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
OVAL17230
CVE-2013-2443
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2452 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect "checking order" within the AccessControlContext class.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
OVAL17052
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
OVAL17052
CVE-2013-2448
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to insufficient "access restrictions" and "robustness of sound classes."
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
OVAL17195
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality and availability...
Type:
Software
Bulletins:
OVAL17195
CVE-2013-2407
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "XML security and the class loader."
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
OVAL17221
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows local users to affect...
Type:
Software
Bulletins:
OVAL17221
CVE-2013-1500
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality and integrity via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to weak permissions for shared memory.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
OVAL17257
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown...
Type:
Software
Bulletins:
OVAL17257
CVE-2013-2462
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
OVAL17202
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 45 and earlier and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and...
Type:
Software
Bulletins:
OVAL17202
CVE-2013-3743
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 45 and earlier and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
OVAL17176
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
OVAL17176
CVE-2013-2450
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper handling of circular references in ObjectStreamClass.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
OVAL17206
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and...
Type:
Software
Bulletins:
OVAL17206
CVE-2013-2468
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2442 and CVE-2013-2466.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
OVAL17214
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
OVAL17214
CVE-2013-2455
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and CVE-2013-2452. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect access checks by the (1) getEnclosingClass, (2) getEnclosingMethod, and (3) getEnclosingConstructor methods.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
OVAL16389
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
OVAL16389
CVE-2013-2464
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2463, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, and CVE-2013-2473.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
OVAL17090
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
OVAL17090
CVE-2013-2445
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vectors related to Hotspot. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "handling of memory allocation errors."
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
OVAL16982
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and...
Type:
Software
Bulletins:
OVAL16982
CVE-2013-2466
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2442 and CVE-2013-2468.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
OVAL16580
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
OVAL16580
CVE-2013-2452
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "network address handling in virtual machine identifiers" and the lack of "unique and unpredictable IDs" in the java.rmi.dgc.VMID class.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
OVAL16770
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
OVAL16770
CVE-2013-2447
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to obtain a socket's local address via vectors involving inconsistencies between Socket.getLocalAddress and InetAddress.getLocalHost.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
OVAL16840
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
OVAL16840
CVE-2013-2471
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect IntegerComponentRaster size checks."
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
OVAL17106
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
OVAL17106
CVE-2013-2465
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
OVAL17181
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
OVAL17181
CVE-2013-2459
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "integer overflow checks."
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
OVAL16712
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
OVAL16712
CVE-2013-2472
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ShortBandedRaster size checks" in 2D.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
OVAL17256
Title:
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect integrity...
Type:
Software
Bulletins:
OVAL17256
CVE-2013-2457
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect implementation of "certain class checks" that allows remote attackers to bypass intended class restrictions.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
OVAL17014
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 5.0 Update 45 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors...
Type:
Software
Bulletins:
OVAL17014
CVE-2013-2467
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 5.0 Update 45 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Java installer.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
OVAL17098
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality via unknown vectors...
Type:
Software
Bulletins:
OVAL17098
CVE-2013-2412
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serviceability. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient indication of an SSL connection failure by JConsole, related to RMI connection dialog box.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
OVAL16899
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.
Type:
Software
Bulletins:
OVAL16899
CVE-2013-2400
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-3744.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
OVAL16311
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
OVAL16311
CVE-2013-2446
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via vectors related to CORBA. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly enforce access restrictions for CORBA output streams.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
OVAL17180
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.
Type:
Software
Bulletins:
OVAL17180
CVE-2013-3744
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2400.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
OVAL16803
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and...
Type:
Software
Bulletins:
OVAL16803
CVE-2013-2442
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2466 and CVE-2013-2468.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
OVAL17236
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
OVAL17236
CVE-2013-2454
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via vectors related to JDBC. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly restrict access to certain class packages in the SerialJavaObject class, which allows remote attackers to bypass the Java sandbox.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
OVAL16887
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and...
Type:
Software
Bulletins:
OVAL16887
CVE-2013-2461
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June and July 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass verification of XML signatures via vectors related to a "Missing check for [a] valid DOMCanonicalizationMethod canonicalization algorithm."
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
OVAL17042
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
OVAL17042
CVE-2013-2469
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image layout verification" in 2D.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
OVAL17030
Title:
Adobe Flash Player before 10.3.183.90 and 11.x before 11.7.700.224 on Windows; Adobe AIR before 3.7.0.2090 on Windows; and Adobe AIR SDK and Compiler before 3.7.0.2090 on Windows allow attackers to execute arbitrary code or cause a...
Type:
Web
Bulletins:
OVAL17030
CVE-2013-3343
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.90 and 11.x before 11.7.700.224 on Windows, before 10.3.183.90 and 11.x before 11.7.700.225 on Mac OS X, before 10.3.183.90 and 11.x before 11.2.202.291 on Linux, before 11.1.111.59 on Android 2.x and 3.x, and before 11.1.115.63 on Android 4.x; Adobe AIR before 3.7.0.2090 on Windows and Android and before 3.7.0.2100 on Mac OS X; and Adobe AIR SDK & Compiler before 3.7.0.2090 on Windows and before 3.7.0.2100 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-06-18
Updated:
2015-08-03

ID:
CVE-2013-4616
Title:
The WifiPasswordController generateDefaultPassword method in Preferences in Apple iOS 6 and earlier relies on the UITextChecker suggestWordInLanguage method for selection of Wi-Fi hotspot WPA2 PSK passphrases, which makes it easier...
Type:
Mobile Devices
Bulletins:
CVE-2013-4616
Severity:
Medium
Description:
The WifiPasswordController generateDefaultPassword method in Preferences in Apple iOS 6 and earlier relies on the UITextChecker suggestWordInLanguage method for selection of Wi-Fi hotspot WPA2 PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack that leverages the insufficient number of possible passphrases.
Applies to:
Created:
2013-06-18
Updated:
2017-06-03

ID:
OVAL16897
Title:
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe...
Type:
Web
Bulletins:
OVAL16897
CVE-2013-3327
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-06-13
Updated:
2015-08-03

ID:
OVAL16407
Title:
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe...
Type:
Web
Bulletins:
OVAL16407
CVE-2013-3334
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, and CVE-2013-3335.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-06-13
Updated:
2015-08-03

ID:
OVAL17118
Title:
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe...
Type:
Web
Bulletins:
OVAL17118
CVE-2013-3325
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-06-13
Updated:
2015-08-03

ID:
OVAL17050
Title:
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe...
Type:
Web
Bulletins:
OVAL17050
CVE-2013-3326
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-06-13
Updated:
2015-08-03

ID:
OVAL16913
Title:
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe...
Type:
Web
Bulletins:
OVAL16913
CVE-2013-3329
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-06-13
Updated:
2015-08-03

ID:
OVAL17083
Title:
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe...
Type:
Web
Bulletins:
OVAL17083
CVE-2013-3330
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-06-13
Updated:
2015-08-03

ID:
OVAL16995
Title:
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe...
Type:
Web
Bulletins:
OVAL16995
CVE-2013-3328
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-06-13
Updated:
2015-08-03

ID:
OVAL16846
Title:
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe...
Type:
Web
Bulletins:
OVAL16846
CVE-2013-3331
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-06-13
Updated:
2015-08-03

ID:
OVAL17141
Title:
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe...
Type:
Web
Bulletins:
OVAL17141
CVE-2013-3332
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-06-13
Updated:
2015-08-03

ID:
OVAL16932
Title:
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe...
Type:
Web
Bulletins:
OVAL16932
CVE-2013-2728
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-06-13
Updated:
2015-08-03

ID:
OVAL16921
Title:
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe...
Type:
Web
Bulletins:
OVAL16921
CVE-2013-3335
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, and CVE-2013-3334.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-06-13
Updated:
2015-08-03

ID:
OVAL16804
Title:
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe...
Type:
Web
Bulletins:
OVAL16804
CVE-2013-3333
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3334, and CVE-2013-3335.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-06-13
Updated:
2015-08-03

ID:
OVAL16969
Title:
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe...
Type:
Web
Bulletins:
OVAL16969
CVE-2013-3324
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2013-06-13
Updated:
2015-08-03

ID:
OVAL16375
Title:
The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to...
Type:
Software
Bulletins:
OVAL16375
CVE-2013-4083
Severity:
Low
Description:
The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Applies to:
Wireshark
Created:
2013-06-10
Updated:
2015-08-17

ID:
CVE-2013-3948
Title:
Apple iOS 6.1.3 does not follow redirects during determination of the hostname to display in an iOS Enterprise Deployment installation dialog, which makes it easier for remote attackers to trigger installation of arbitrary...
Type:
Mobile Devices
Bulletins:
CVE-2013-3948
Severity:
Medium
Description:
Apple iOS 6.1.3 does not follow redirects during determination of the hostname to display in an iOS Enterprise Deployment installation dialog, which makes it easier for remote attackers to trigger installation of arbitrary applications via a download-manifest itms-services:// URL that leverages an open redirect vulnerability within a trusted domain.
Applies to:
Created:
2013-06-05
Updated:
2017-06-03

ID:
CVE-2013-3950
Title:
Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLD_SHARED_CACHE_DIR...
Type:
Mobile Devices
Bulletins:
CVE-2013-3950
Severity:
Medium
Description:
Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLD_SHARED_CACHE_DIR environment variable.
Applies to:
Created:
2013-06-05
Updated:
2017-06-03

ID:
CVE-2013-3953
Title:
The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory...
Type:
Mobile Devices
Bulletins:
CVE-2013-3953
Severity:
Medium
Description:
The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted call.
Applies to:
Created:
2013-06-05
Updated:
2017-06-03

ID:
CVE-2013-3954
Title:
The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is...
Type:
Mobile Devices
Bulletins:
CVE-2013-3954
Severity:
Medium
Description:
The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is inconsistent with a header count field, or (2) obtain sensitive information from kernel heap memory via a certain size value in conjunction with a crafted buffer.
Applies to:
Created:
2013-06-05
Updated:
2017-06-03

ID:
CVE-2013-1208
Title:
The encryption functionality in Cisco NX-OS on the Nexus 1000V does not properly handle Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication, which allows remote attackers to intercept or modify network traffic by...
Type:
Hardware
Bulletins:
CVE-2013-1208
Severity:
Medium
Description:
The encryption functionality in Cisco NX-OS on the Nexus 1000V does not properly handle Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication, which allows remote attackers to intercept or modify network traffic by leveraging certain Layer 2 or Layer 3 access, aka Bug ID CSCud14691.
Applies to:
Created:
2013-05-29
Updated:
2017-06-03

ID:
CVE-2013-1209
Title:
The encryption functionality in the Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication component in Cisco NX-OS on the Nexus 1000V does not properly authenticate VSM/VEM packets, which allows remote attackers to disable...
Type:
Hardware
Bulletins:
CVE-2013-1209
Severity:
Medium
Description:
The encryption functionality in the Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication component in Cisco NX-OS on the Nexus 1000V does not properly authenticate VSM/VEM packets, which allows remote attackers to disable packet-level encryption and integrity protection via crafted packets, aka Bug ID CSCud14710.
Applies to:
Created:
2013-05-29
Updated:
2017-06-03

ID:
CVE-2013-1210
Title:
Array index error in the Virtual Ethernet Module (VEM) kernel driver for VMware ESXi in Cisco NX-OS on the Nexus 1000V, when STUN debugging is enabled, allows remote attackers to cause a denial of service (ESXi crash and purple screen of death) by...
Type:
Hardware
Bulletins:
CVE-2013-1210
Severity:
Medium
Description:
Array index error in the Virtual Ethernet Module (VEM) kernel driver for VMware ESXi in Cisco NX-OS on the Nexus 1000V, when STUN debugging is enabled, allows remote attackers to cause a denial of service (ESXi crash and purple screen of death) by sending crafted STUN packets to a VEM, aka Bug ID CSCud14825.
Applies to:
Created:
2013-05-29
Updated:
2017-06-03

ID:
CVE-2013-1211
Title:
Cisco NX-OS on the Nexus 1000V does not properly handle authentication for Virtual Ethernet Module (VEM) to Virtual Supervisor Module (VSM) communication, which allows remote attackers to obtain VEM access via (1) spoofed STUN packets or (2) a...
Type:
Hardware
Bulletins:
CVE-2013-1211
Severity:
Medium
Description:
Cisco NX-OS on the Nexus 1000V does not properly handle authentication for Virtual Ethernet Module (VEM) to Virtual Supervisor Module (VSM) communication, which allows remote attackers to obtain VEM access via (1) spoofed STUN packets or (2) a crafted VMware ESXi instance, aka Bug ID CSCud14832.
Applies to:
Created:
2013-05-29
Updated:
2017-06-03

ID:
CVE-2013-1212
Title:
The SSL functionality in Cisco NX-OS on the Nexus 1000V does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof servers, and intercept or modify Virtual Supervisor Module (VSM) to VMware vCenter communication,...
Type:
Hardware
Bulletins:
CVE-2013-1212
Severity:
Medium
Description:
The SSL functionality in Cisco NX-OS on the Nexus 1000V does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof servers, and intercept or modify Virtual Supervisor Module (VSM) to VMware vCenter communication, via a crafted certificate, aka Bug ID CSCud14837.
Applies to:
Cisco Nexus 1000V VSM
Created:
2013-05-29
Updated:
2017-06-03

ID:
CVE-2013-1213
Title:
Cisco NX-OS on the Nexus 1000V does not assign the proper priority to heartbeat messages from a Virtual Ethernet Module (VEM) to a Virtual Supervisor Module (VSM), which allows remote attackers to cause a denial of service (false VEM unavailability...
Type:
Hardware
Bulletins:
CVE-2013-1213
Severity:
Medium
Description:
Cisco NX-OS on the Nexus 1000V does not assign the proper priority to heartbeat messages from a Virtual Ethernet Module (VEM) to a Virtual Supervisor Module (VSM), which allows remote attackers to cause a denial of service (false VEM unavailability report) via a flood of UDP packets, aka Bug ID CSCud14840.
Applies to:
Cisco Nexus 1000V VSM
Created:
2013-05-29
Updated:
2017-06-03

ID:
CVE-2013-1019
Title:
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.
Type:
Mobile Devices
Bulletins:
CVE-2013-1019
Severity:
High
Description:
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.
Applies to:
Created:
2013-05-24
Updated:
2017-06-03

ID:
CVE-2013-1204
Title:
Memory leak in the SNMP process in Cisco IOS XR allows remote attackers to cause a denial of service (memory consumption or process reload) by sending many port-162 UDP packets, aka Bug ID CSCug80345.
Type:
Hardware
Bulletins:
CVE-2013-1204
Severity:
Medium
Description:
Memory leak in the SNMP process in Cisco IOS XR allows remote attackers to cause a denial of service (memory consumption or process reload) by sending many port-162 UDP packets, aka Bug ID CSCug80345.
Applies to:
Created:
2013-05-23
Updated:
2017-06-03

ID:
CVE-2013-2842
Title:
Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets.
Type:
Mobile Devices
Bulletins:
CVE-2013-2842
Severity:
High
Description:
Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets.
Applies to:
Created:
2013-05-22
Updated:
2017-06-03

ID:
CVE-2013-0999
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Mobile Devices
Bulletins:
CVE-2013-0999
Severity:
High
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Created:
2013-05-20
Updated:
2017-06-03

ID:
CVE-2013-1000
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Mobile Devices
Bulletins:
CVE-2013-1000
Severity:
High
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Created:
2013-05-20
Updated:
2017-06-03

ID:
CVE-2013-1001
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Mobile Devices
Bulletins:
CVE-2013-1001
Severity:
High
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Created:
2013-05-20
Updated:
2017-06-03

ID:
CVE-2013-1002
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Mobile Devices
Bulletins:
CVE-2013-1002
Severity:
High
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Created:
2013-05-20
Updated:
2017-06-03

ID:
CVE-2013-1003
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Mobile Devices
Bulletins:
CVE-2013-1003
Severity:
High
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Created:
2013-05-20
Updated:
2017-06-03

ID:
CVE-2013-1004
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Mobile Devices
Bulletins:
CVE-2013-1004
Severity:
High
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Created:
2013-05-20
Updated:
2017-06-03

ID:
CVE-2013-1005
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Mobile Devices
Bulletins:
CVE-2013-1005
Severity:
High
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Created:
2013-05-20
Updated:
2017-06-03

ID:
CVE-2013-1006
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Mobile Devices
Bulletins:
CVE-2013-1006
Severity:
High
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Created:
2013-05-20
Updated:
2017-06-03

ID:
CVE-2013-1007
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Mobile Devices
Bulletins:
CVE-2013-1007
Severity:
High
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Created:
2013-05-20
Updated:
2017-06-03

ID:
CVE-2013-1008
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Mobile Devices
Bulletins:
CVE-2013-1008
Severity:
High
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Created:
2013-05-20
Updated:
2017-06-03

ID:
CVE-2013-1010
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Mobile Devices
Bulletins:
CVE-2013-1010
Severity:
High
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Created:
2013-05-20
Updated:
2017-06-03

ID:
CVE-2013-1188
Title:
Cisco Unified Communications Manager (CUCM) does not properly limit the rate of authentication attempts, which allows remote attackers to cause a denial of service (application slowdown) via a series of requests, aka Bug ID CSCud39515.
Type:
Hardware
Bulletins:
CVE-2013-1188
Severity:
Medium
Description:
Cisco Unified Communications Manager (CUCM) does not properly limit the rate of authentication attempts, which allows remote attackers to cause a denial of service (application slowdown) via a series of requests, aka Bug ID CSCud39515.
Applies to:
Unified Communications Manager
Created:
2013-05-15
Updated:
2017-06-03

ID:
CVE-2013-1136
Title:
The crypto engine process in Cisco IOS on Aggregation Services Router (ASR) Route Processor 2 does not properly manage memory, which allows local users to cause a denial of service (route processor crash) by creating multiple tunnels and then...
Type:
Hardware
Bulletins:
CVE-2013-1136
Severity:
Medium
Description:
The crypto engine process in Cisco IOS on Aggregation Services Router (ASR) Route Processor 2 does not properly manage memory, which allows local users to cause a denial of service (route processor crash) by creating multiple tunnels and then examining encryption statistics, aka Bug ID CSCuc52193.
Applies to:
Created:
2013-05-13
Updated:
2017-06-03

ID:
CVE-2013-1234
Title:
The SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (process restart) via crafted SNMP packets, aka Bug ID CSCue69472.
Type:
Hardware
Bulletins:
CVE-2013-1234
Severity:
Medium
Description:
The SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (process restart) via crafted SNMP packets, aka Bug ID CSCue69472.
Applies to:
Created:
2013-05-03
Updated:
2017-06-03

ID:
CVE-2013-1235
Title:
Cisco Wireless LAN Controller (WLC) devices do not properly address the resource consumption of terminated TELNET sessions, which allows remote attackers to cause a denial of service (TELNET outage) by making many TELNET connections and improperly...
Type:
Hardware
Bulletins:
CVE-2013-1235
Severity:
Medium
Description:
Cisco Wireless LAN Controller (WLC) devices do not properly address the resource consumption of terminated TELNET sessions, which allows remote attackers to cause a denial of service (TELNET outage) by making many TELNET connections and improperly ending these connections, aka Bug ID CSCug35507.
Applies to:
Cisco WLC 2000
Cisco WLC 4100
Cisco WLC 2100
Cisco WLC 4400
Created:
2013-05-03
Updated:
2017-06-03

ID:
CVE-2013-1240
Title:
The command-line interface in Cisco Unified Communications Manager (CUCM) does not properly validate input, which allows local users to read arbitrary files via unspecified vectors, aka Bug ID CSCue25770.
Type:
Hardware
Bulletins:
CVE-2013-1240
Severity:
Medium
Description:
The command-line interface in Cisco Unified Communications Manager (CUCM) does not properly validate input, which allows local users to read arbitrary files via unspecified vectors, aka Bug ID CSCue25770.
Applies to:
Unified Communications Manager
Created:
2013-05-03
Updated:
2017-06-03

ID:
OVAL17175
Title:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Replication). Supported versions that are affected are 5.1.66 and earlier and 5.1.28 and earlier. Easily exploitable vulnerability allows successful...
Type:
Services
Bulletins:
OVAL17175
CVE-2013-0375
Severity:
Low
Description:
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.
Applies to:
MySQL Server 5.1
MySQL Server 5.5
Created:
2013-04-29
Updated:
2015-06-01

ID:
OVAL16395
Title:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Privileges). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful...
Type:
Services
Bulletins:
OVAL16395
CVE-2012-5611
Severity:
Low
Description:
Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.
Applies to:
MySQL Server 5.1
MySQL Server 5.5
Created:
2013-04-29
Updated:
2015-06-01

ID:
OVAL16825
Title:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful...
Type:
Services
Bulletins:
OVAL16825
CVE-2013-0389
Severity:
Low
Description:
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Applies to:
MySQL Server 5.1
MySQL Server 5.5
Created:
2013-04-29
Updated:
2015-06-01

ID:
OVAL16835
Title:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks...
Type:
Software
Bulletins:
OVAL16835
CVE-2013-0386
Severity:
Low
Description:
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.
Applies to:
MySQL Server 5.5
Created:
2013-04-29
Updated:
2015-06-01

ID:
OVAL16877
Title:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Privileges). Supported versions that are affected are 5.5.28 and earlier. Difficult to exploit vulnerability allows successful authenticated network...
Type:
Software
Bulletins:
OVAL16877
CVE-2012-5096
Severity:
Low
Description:
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors.
Applies to:
MySQL Server 5.5
Created:
2013-04-29
Updated:
2015-06-01

ID:
OVAL17077
Title:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Partition). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks...
Type:
Software
Bulletins:
OVAL17077
CVE-2013-0367
Severity:
Low
Description:
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition.
Applies to:
MySQL Server 5.5
Created:
2013-04-29
Updated:
2015-06-01

ID:
OVAL16758
Title:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Locking). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Difficult to exploit vulnerability allows successful...
Type:
Services
Bulletins:
OVAL16758
CVE-2013-0383
Severity:
Low
Description:
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking.
Applies to:
MySQL Server 5.1
MySQL Server 5.5
Created:
2013-04-29
Updated:
2015-06-01

ID:
OVAL16267
Title:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Replication). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability requiring logon to...
Type:
Services
Bulletins:
OVAL16267
CVE-2013-0385
Severity:
Low
Description:
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.
Applies to:
MySQL Server 5.1
MySQL Server 5.5
Created:
2013-04-29
Updated:
2015-06-01

ID:
OVAL17268
Title:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful...
Type:
Services
Bulletins:
OVAL17268
CVE-2012-1705
Severity:
Low
Description:
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Applies to:
MySQL Server 5.1
MySQL Server 5.5
Created:
2013-04-29
Updated:
2015-06-01

ID:
OVAL16792
Title:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated...
Type:
Services
Bulletins:
OVAL16792
CVE-2012-0572
Severity:
Low
Description:
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
Applies to:
MySQL Server 5.1
MySQL Server 5.5
Created:
2013-04-29
Updated:
2015-06-01

ID:
OVAL16947
Title:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks...
Type:
Software
Bulletins:
OVAL16947
CVE-2012-0578
Severity:
Low
Description:
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Applies to:
MySQL Server 5.5
Created:
2013-04-29
Updated:
2015-06-01

ID:
OVAL17186
Title:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful unauthenticated...
Type:
Services
Bulletins:
OVAL17186
CVE-2012-1702
Severity:
Low
Description:
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.
Applies to:
MySQL Server 5.1
MySQL Server 5.5
Created:
2013-04-29
Updated:
2015-06-01

ID:
OVAL16451
Title:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via...
Type:
Software
Bulletins:
OVAL16451
CVE-2013-0371
Severity:
Low
Description:
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability, related to MyISAM.
Applies to:
MySQL Server 5.5
Created:
2013-04-29
Updated:
2015-06-01

ID:
OVAL16632
Title:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Information Schema). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful...
Type:
Services
Bulletins:
OVAL16632
CVE-2013-0384
Severity:
Low
Description:
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Information Schema.
Applies to:
MySQL Server 5.1
MySQL Server 5.5
Created:
2013-04-29
Updated:
2015-06-01

ID:
OVAL16960
Title:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Parser). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via...
Type:
Software
Bulletins:
OVAL16960
CVE-2012-5612
Severity:
Low
Description:
Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands.
Applies to:
MySQL Server 5.5
Created:
2013-04-29
Updated:
2015-06-01

ID:
OVAL17255
Title:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via...
Type:
Software
Bulletins:
OVAL17255
CVE-2013-0368
Severity:
Low
Description:
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
Applies to:
MySQL Server 5.5
Created:
2013-04-29
Updated:
2015-06-01

ID:
OVAL17266
Title:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated...
Type:
Services
Bulletins:
OVAL17266
CVE-2012-0574
Severity:
Low
Description:
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors.
Applies to:
MySQL Server 5.1
MySQL Server 5.5
Created:
2013-04-29
Updated:
2015-06-01

ID:
CVE-2013-1216
Title:
Memory leak in the SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (memory consumption and process restart) via crafted SNMP packets, aka Bug ID CSCue31546.
Type:
Hardware
Bulletins:
CVE-2013-1216
Severity:
Medium
Description:
Memory leak in the SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (memory consumption and process restart) via crafted SNMP packets, aka Bug ID CSCue31546.
Applies to:
Created:
2013-04-29
Updated:
2017-06-03

ID:
CVE-2013-1226
Title:
The Ethernet frame-forwarding implementation in Cisco NX-OS on Nexus 7000 devices allows remote attackers to cause a denial of service (forwarding loop and service outage) via a crafted frame, aka Bug ID CSCug47098.
Type:
Hardware
Bulletins:
CVE-2013-1226
Severity:
Medium
Description:
The Ethernet frame-forwarding implementation in Cisco NX-OS on Nexus 7000 devices allows remote attackers to cause a denial of service (forwarding loop and service outage) via a crafted frame, aka Bug ID CSCug47098.
Applies to:
Cisco Nexus 7010
Cisco Nexus 7000-9slot
Cisco Nexus 7018
Cisco Nexus 7000
Created:
2013-04-29
Updated:
2017-06-03

ID:
CVE-2013-1178
Title:
Multiple buffer overflows in the Cisco Discovery Protocol (CDP) implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(4) and 6.x before 6.1(1), Nexus 5000 and 5500 devices 4.x and 5.x before 5.1(3)N1(1), Nexus 4000 devices...
Type:
Hardware
Bulletins:
CVE-2013-1178
Severity:
High
Description:
Multiple buffer overflows in the Cisco Discovery Protocol (CDP) implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(4) and 6.x before 6.1(1), Nexus 5000 and 5500 devices 4.x and 5.x before 5.1(3)N1(1), Nexus 4000 devices before 4.1(2)E1(1h), Nexus 3000 devices 5.x before 5.0(3)U3(1), Nexus 1000V devices 4.x before 4.2(1)SV1(5.1), MDS 9000 devices 4.x and 5.x before 5.2(4), Unified Computing System (UCS) 6100 and 6200 devices before 2.0(2m), and Connected Grid Router (CGR) 1000 devices before CG4(1) allow remote attackers to execute arbitrary code via malformed CDP packets, aka Bug IDs CSCtu10630, CSCtu10551, CSCtu10550, CSCtw56581, CSCtu10548, CSCtu10544, and CSCuf61275.
Applies to:
Cisco Nexus 5000 Series
Cisco Nexus 5010
Cisco Nexus 7010
Cisco Nexus 7000-9slot
Cisco Nexus 5596UP
Cisco Nexus 7000
Cisco Nexus 5548up
Cisco Nexus 7018
Cisco Nexus 1000V VSM
Cisco Nexus 5020
Cisco Nexus 5548p
Created:
2013-04-25
Updated:
2017-06-03

ID:
CVE-2013-1179
Title:
Multiple buffer overflows in the (1) SNMP and (2) License Manager implementations in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(5) and 6.x before 6.1(1) and MDS 9000 devices 4.x and 5.x before 5.2(5) allow remote authenticated users to...
Type:
Hardware
Bulletins:
CVE-2013-1179
Severity:
High
Description:
Multiple buffer overflows in the (1) SNMP and (2) License Manager implementations in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(5) and 6.x before 6.1(1) and MDS 9000 devices 4.x and 5.x before 5.2(5) allow remote authenticated users to execute arbitrary code via a crafted SNMP request, aka Bug ID CSCtx54830.
Applies to:
Cisco Nexus 7010
Cisco Nexus 7000-9slot
Cisco Nexus 7018
Cisco Nexus 7000
Created:
2013-04-25
Updated:
2017-06-03

ID:
CVE-2013-1180
Title:
Buffer overflow in the SNMP implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(5) and 6.x before 6.1(1) and MDS 9000 devices 4.x and 5.x before 5.2(5) allows remote authenticated users to execute arbitrary code via a crafted...
Type:
Hardware
Bulletins:
CVE-2013-1180
Severity:
High
Description:
Buffer overflow in the SNMP implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(5) and 6.x before 6.1(1) and MDS 9000 devices 4.x and 5.x before 5.2(5) allows remote authenticated users to execute arbitrary code via a crafted SNMP request, aka Bug ID CSCtx54822.
Applies to:
Cisco Nexus 7010
Cisco Nexus 7000-9slot
Cisco Nexus 7018
Cisco Nexus 7000
Created:
2013-04-25
Updated:
2017-06-03

ID:
CVE-2013-1181
Title:
Cisco NX-OS on Nexus 5500 devices 4.x and 5.x before 5.0(3)N2(2), Nexus 3000 devices 5.x before 5.0(3)U3(2), and Unified Computing System (UCS) 6200 devices before 2.0(1w) allows remote attackers to cause a denial of service (device reload) by...
Type:
Hardware
Bulletins:
CVE-2013-1181
Severity:
High
Description:
Cisco NX-OS on Nexus 5500 devices 4.x and 5.x before 5.0(3)N2(2), Nexus 3000 devices 5.x before 5.0(3)U3(2), and Unified Computing System (UCS) 6200 devices before 2.0(1w) allows remote attackers to cause a denial of service (device reload) by sending a jumbo packet to the management interface, aka Bug IDs CSCtx17544, CSCts10593, and CSCtx95389.
Applies to:
Cisco Nexus 5596UP
Cisco Nexus 5548up
Cisco Nexus 5548Up
Cisco Nexus 5548p
Cisco Nexus 5596UP
Cisco Nexus 5548p
Created:
2013-04-25
Updated:
2017-06-03

ID:
CVE-2013-1192
Title:
The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5.2.8, and Cisco Device Manager for Cisco Nexus 5000 devices, allow remote attackers to execute arbitrary commands on Windows client machines via a crafted element-manager.jnlp...
Type:
Hardware
Bulletins:
CVE-2013-1192
Severity:
High
Description:
The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5.2.8, and Cisco Device Manager for Cisco Nexus 5000 devices, allow remote attackers to execute arbitrary commands on Windows client machines via a crafted element-manager.jnlp file, aka Bug IDs CSCty17417 and CSCty10802.
Applies to:
Cisco Nexus 5000 Series
Cisco Nexus 5596UP
Cisco Nexus 5020
Cisco Nexus 5548up
Cisco Nexus 5010
Cisco Nexus 5548Up
Cisco Nexus 5548p
Cisco Nexus 5020p
Cisco Nexus 5596UP
Cisco Nexus C5010P-BF
Cisco Nexus 5548p
Created:
2013-04-25
Updated:
2017-06-03

ID:
CVE-2013-1215
Title:
The vpnclient program in the Easy VPN component on Cisco Adaptive Security Appliances (ASA) 5505 devices allows local users to gain privileges via unspecified vectors, aka Bug ID CSCuf85295.
Type:
Hardware
Bulletins:
CVE-2013-1215
Severity:
Medium
Description:
The vpnclient program in the Easy VPN component on Cisco Adaptive Security Appliances (ASA) 5505 devices allows local users to gain privileges via unspecified vectors, aka Bug ID CSCuf85295.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Created:
2013-04-25
Updated:
2017-06-03

ID:
CVE-2013-1217
Title:
The generic input/output control implementation in Cisco IOS does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) by sending many SNMP requests at the same time, aka Bug ID CSCub41105.
Type:
Hardware
Bulletins:
CVE-2013-1217
Severity:
Medium
Description:
The generic input/output control implementation in Cisco IOS does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) by sending many SNMP requests at the same time, aka Bug ID CSCub41105.
Applies to:
Created:
2013-04-24
Updated:
2017-06-03

ID:
OVAL16652
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to...
Type:
Software
Bulletins:
OVAL16652
CVE-2013-1476
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-0441 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via "certain value handler constructors."
Applies to:
Java Runtime Environment
Created:
2013-04-22
Updated:
2015-03-23

ID:
OVAL16496
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to...
Type:
Software
Bulletins:
OVAL16496
CVE-2013-0428
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "incorrect checks for proxy classes" in the Reflection API.
Applies to:
Java Runtime Environment
Created:
2013-04-22
Updated:
2015-03-23

ID:
OVAL16045
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect...
Type:
Software
Bulletins:
OVAL16045
CVE-2013-1480
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption.
Applies to:
Java Runtime Environment
Created:
2013-04-22
Updated:
2015-03-23

ID:
OVAL15923
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Security) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote...
Type:
Software
Bulletins:
OVAL15923
CVE-2012-1718
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect availability via unknown vectors related to Security.
Applies to:
Java Runtime Environment
Created:
2013-04-22
Updated:
2015-03-23

ID:
OVAL16058
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to...
Type:
Software
Bulletins:
OVAL16058
CVE-2013-0425
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions.
Applies to:
Java Runtime Environment
Created:
2013-04-22
Updated:
2015-03-23

ID:
OVAL16558
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JSSE) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect...
Type:
Software
Bulletins:
OVAL16558
CVE-2013-0440
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the the SSL/TLS implementation via a large number of ClientHello packets that are not properly handled by (1) ClientHandshaker.java and (2) ServerHandshaker.java.
Applies to:
Java Runtime Environment
Created:
2013-04-22
Updated:
2015-03-23

ID:
OVAL16013
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect integrity via...
Type:
Software
Bulletins:
OVAL16013
CVE-2013-0427
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Libraries. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to interrupt certain threads that should not be interrupted.
Applies to:
Java Runtime Environment
Created:
2013-04-22
Updated:
2015-03-23

ID:
OVAL16530
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JMX) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality via...
Type:
Software
Bulletins:
OVAL16530
CVE-2013-0409
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality via vectors related to JMX.
Applies to:
Java Runtime Environment
Created:
2013-04-22
Updated:
2015-03-23

ID:
OVAL16680
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect confidentiality,...
Type:
Software
Bulletins:
OVAL16680
CVE-2013-