| ID: CVE-2013-6981 |
Title: Cisco IOS XE 3.7S(.1) and earlier allows remote attackers to cause a denial of service (Packet Processor crash) via fragmented MPLS IP packets, aka Bug ID CSCul00709. |
Type: Hardware |
Bulletins:
CVE-2013-6981 SFBID64514 |
Severity: Medium |
| Description: Cisco IOS XE 3.7S(.1) and earlier allows remote attackers to cause a denial of service (Packet Processor crash) via fragmented MPLS IP packets, aka Bug ID CSCul00709. | ||||
| Applies to: |
Created: 2013-12-27 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-6979 |
Title: The VTY authentication implementation in Cisco IOS XE 03.02.xxSE and 03.03.xxSE incorrectly relies on the Linux-IOS internal-network configuration, which allows remote attackers to bypass authentication by leveraging access to a 192.168.x.2 source... |
Type: Hardware |
Bulletins:
CVE-2013-6979 SFBID64502 |
Severity: Medium |
| Description: The VTY authentication implementation in Cisco IOS XE 03.02.xxSE and 03.03.xxSE incorrectly relies on the Linux-IOS internal-network configuration, which allows remote attackers to bypass authentication by leveraging access to a 192.168.x.2 source IP address, aka Bug ID CSCuj90227. | ||||
| Applies to: |
Created: 2013-12-23 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-6978 |
Title: The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug... |
Type: Hardware |
Bulletins:
CVE-2013-6978 SFBID64421 |
Severity: Medium |
| Description: The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug ID CSCuj39249. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-12-21 |
Updated: 2023-05-24 |
||
| ID: CVE-2012-4131 |
Title: Directory traversal vulnerability in tar in Cisco NX-OS allows local users to access arbitrary files via crafted command-line arguments, aka Bug IDs CSCty07157, CSCty07159, CSCty07162, and CSCty07164. |
Type: Hardware |
Bulletins:
CVE-2012-4131 |
Severity: Medium |
| Description: Directory traversal vulnerability in tar in Cisco NX-OS allows local users to access arbitrary files via crafted command-line arguments, aka Bug IDs CSCty07157, CSCty07159, CSCty07162, and CSCty07164. | ||||
| Applies to: |
Created: 2013-12-21 |
Updated: 2023-05-24 |
||
| ID: CVE-2012-4135 |
Title: Directory traversal vulnerability in filesys in Cisco NX-OS 6.1(2) and earlier allows local users to access arbitrary files via crafted command-line arguments during a delete action, aka Bug IDs CSCty07270, CSCty07271, CSCty07273, and CSCty07275. |
Type: Hardware |
Bulletins:
CVE-2012-4135 |
Severity: Medium |
| Description: Directory traversal vulnerability in filesys in Cisco NX-OS 6.1(2) and earlier allows local users to access arbitrary files via crafted command-line arguments during a delete action, aka Bug IDs CSCty07270, CSCty07271, CSCty07273, and CSCty07275. | ||||
| Applies to: |
Created: 2013-12-21 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-4775 |
Title: NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware 5.3.0.17; and GS752TXS and GS728TXS with firmware... |
Type: Hardware |
Bulletins:
CVE-2013-4775 |
Severity: High |
| Description: NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware 5.3.0.17; and GS752TXS and GS728TXS with firmware 6.1.0.12 allows remote attackers to read encrypted administrator credentials and other startup configurations via a direct request to filesystem/startup-config. | ||||
| Applies to: GS716Tv2 Smart Switch GS724Tv3 Smart Switch GS728TPS Stack Smart Switch GS728TS Stack Smart Switch GS752TPS Stack Smart Switch |
Created: 2013-12-18 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-4776 |
Title: NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier, GS748Tv4 5.4.1.14, and GS510TP 5.0.4.4 allows remote attackers to cause a denial of service (reboot or crash) via a crafted HTTP request to filesystem/. |
Type: Hardware |
Bulletins:
CVE-2013-4776 |
Severity: High |
| Description: NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier, GS748Tv4 5.4.1.14, and GS510TP 5.0.4.4 allows remote attackers to cause a denial of service (reboot or crash) via a crafted HTTP request to filesystem/. | ||||
| Applies to: GS716Tv2 Smart Switch GS724Tv3 Smart Switch |
Created: 2013-12-18 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-6271 |
Title: Android 4.0 through 4.3 allows attackers to bypass intended access restrictions and remove device locks via a crafted application that invokes the updateUnlockMethodAndFinish method in the com.android.settings.ChooseLockGeneric class... |
Type: Mobile Devices |
Bulletins:
CVE-2013-6271 |
Severity: High |
| Description: Android 4.0 through 4.3 allows attackers to bypass intended access restrictions and remove device locks via a crafted application that invokes the updateUnlockMethodAndFinish method in the com.android.settings.ChooseLockGeneric class with the PASSWORD_QUALITY_UNSPECIFIED option. | ||||
| Applies to: |
Created: 2013-12-14 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-6958 |
Title: Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet. |
Type: Hardware |
Bulletins:
CVE-2013-6958 |
Severity: High |
| Description: Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet. | ||||
| Applies to: |
Created: 2013-12-13 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-6956 |
Title: Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web... |
Type: Hardware |
Bulletins:
CVE-2013-6956 |
Severity: Low |
| Description: Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web rewrite is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| Applies to: |
Created: 2013-12-13 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-2751 |
Title: Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to... |
Type: Hardware |
Bulletins:
CVE-2013-2751 |
Severity: High |
| Description: Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to the "forgot password workflow." | ||||
| Applies to: |
Created: 2013-12-12 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-2752 |
Title: Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_handler.pl in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to hijack the authentication of users. |
Type: Hardware |
Bulletins:
CVE-2013-2752 |
Severity: Medium |
| Description: Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_handler.pl in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to hijack the authentication of users. | ||||
| Applies to: |
Created: 2013-12-12 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-7030 |
Title: ** DISPUTED ** The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential... |
Type: Hardware |
Bulletins:
CVE-2013-7030 |
Severity: Medium |
| Description: ** DISPUTED ** The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential field in an SPDefault.cnf.xml file. NOTE: the vendor reportedly disputes the significance of this report, stating that this is an expected default behavior, and that the product's documentation describes use of the TFTP Encrypted Config option in addressing this issue. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-12-12 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-6705 |
Title: The IP Device Tracking (IPDT) feature in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (IPDT AVL corruption and device reload) via a crafted sequence of ARP packets, aka Bug ID CSCuh38133. |
Type: Hardware |
Bulletins:
CVE-2013-6705 |
Severity: Medium |
| Description: The IP Device Tracking (IPDT) feature in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (IPDT AVL corruption and device reload) via a crafted sequence of ARP packets, aka Bug ID CSCuh38133. | ||||
| Applies to: |
Created: 2013-12-03 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-6704 |
Title: Cisco IOS XE does not properly manage memory for TFTP UDP flows, which allows remote attackers to cause a denial of service (memory consumption) via TFTP (1) client or (2) server traffic, aka Bug IDs CSCuh09324 and CSCty42686. |
Type: Hardware |
Bulletins:
CVE-2013-6704 |
Severity: High |
| Description: Cisco IOS XE does not properly manage memory for TFTP UDP flows, which allows remote attackers to cause a denial of service (memory consumption) via TFTP (1) client or (2) server traffic, aka Bug IDs CSCuh09324 and CSCty42686. | ||||
| Applies to: |
Created: 2013-12-03 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-6696 |
Title: Cisco Adaptive Security Appliance (ASA) Software does not properly handle errors during the processing of DNS responses, which allows remote attackers to cause a denial of service (device reload) via a malformed response, aka Bug ID CSCuj28861. |
Type: Hardware |
Bulletins:
CVE-2013-6696 |
Severity: High |
| Description: Cisco Adaptive Security Appliance (ASA) Software does not properly handle errors during the processing of DNS responses, which allows remote attackers to cause a denial of service (device reload) via a malformed response, aka Bug ID CSCuj28861. | ||||
| Applies to: |
Created: 2013-12-02 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-6700 |
Title: The SNMP module in Cisco IOS XR allows remote attackers to cause a denial of service (process reload) via a request for an unspecified MIB, aka Bug ID CSCuh43144. |
Type: Hardware |
Bulletins:
CVE-2013-6700 |
Severity: Medium |
| Description: The SNMP module in Cisco IOS XR allows remote attackers to cause a denial of service (process reload) via a request for an unspecified MIB, aka Bug ID CSCuh43144. | ||||
| Applies to: |
Created: 2013-11-28 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-6706 |
Title: The Cisco Express Forwarding processing module in Cisco IOS XE allows remote attackers to cause a denial of service (device reload) via crafted MPLS packets that are not properly handled during IP header validation, aka Bug ID CSCuj23992. |
Type: Hardware |
Bulletins:
CVE-2013-6706 SFBID63979 |
Severity: Medium |
| Description: The Cisco Express Forwarding processing module in Cisco IOS XE allows remote attackers to cause a denial of service (device reload) via crafted MPLS packets that are not properly handled during IP header validation, aka Bug ID CSCuj23992. | ||||
| Applies to: |
Created: 2013-11-28 |
Updated: 2023-05-24 |
||
| ID: MITRE:19002 |
Title: Unspecified vulnerability in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier |
Type: Software |
Bulletins:
MITRE:19002 CVE-2013-3829 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java SE, Java SE Embedded component in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-11-26 |
Updated: 2023-05-24 |
||
| ID: MITRE:19020 |
Title: Unspecified vulnerability in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier |
Type: Software |
Bulletins:
MITRE:19020 CVE-2013-5778 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-11-26 |
Updated: 2023-05-24 |
||
| ID: MITRE:19032 |
Title: Unspecified vulnerability in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier |
Type: Software |
Bulletins:
MITRE:19032 CVE-2013-5774 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-11-26 |
Updated: 2023-05-24 |
||
| ID: MITRE:18645 |
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier |
Type: Software |
Bulletins:
MITRE:18645 CVE-2013-5782 |
Severity: High |
| Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||||
| Applies to: JRockit Java Runtime Environment |
Created: 2013-11-26 |
Updated: 2023-05-24 |
||
| ID: MITRE:19046 |
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier |
Type: Software |
Bulletins:
MITRE:19046 CVE-2013-5825 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JAXP. | ||||
| Applies to: JRockit Java Runtime Environment |
Created: 2013-11-26 |
Updated: 2023-05-24 |
||
| ID: MITRE:19096 |
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier |
Type: Software |
Bulletins:
MITRE:19096 CVE-2013-5830 |
Severity: High |
| Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | ||||
| Applies to: JRockit Java Runtime Environment |
Created: 2013-11-26 |
Updated: 2023-05-24 |
||
| ID: MITRE:19101 |
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier |
Type: Software |
Bulletins:
MITRE:19101 CVE-2013-5780 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries. | ||||
| Applies to: JRockit Java Runtime Environment |
Created: 2013-11-26 |
Updated: 2023-05-24 |
||
| ID: MITRE:19207 |
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier |
Type: Software |
Bulletins:
MITRE:19207 CVE-2013-5802 |
Severity: High |
| Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP. | ||||
| Applies to: JRockit Java Runtime Environment |
Created: 2013-11-26 |
Updated: 2023-05-24 |
||
| ID: MITRE:18874 |
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier |
Type: Software |
Bulletins:
MITRE:18874 CVE-2013-5803 |
Severity: Low |
| Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JGSS. | ||||
| Applies to: JRockit Java Runtime Environment |
Created: 2013-11-26 |
Updated: 2023-05-24 |
||
| ID: MITRE:19188 |
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, and JRockit R27.7.6 and earlier |
Type: Software |
Bulletins:
MITRE:19188 CVE-2013-5804 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, and JRockit R27.7.6 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Javadoc. | ||||
| Applies to: JRockit Java Runtime Environment |
Created: 2013-11-26 |
Updated: 2023-05-24 |
||
| ID: MITRE:18504 |
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier |
Type: Software |
Bulletins:
MITRE:18504 CVE-2013-5809 |
Severity: High |
| Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-11-26 |
Updated: 2023-05-24 |
||
| ID: MITRE:18733 |
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier |
Type: Software |
Bulletins:
MITRE:18733 CVE-2013-5790 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to BEANS. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-11-26 |
Updated: 2023-05-24 |
||
| ID: MITRE:18971 |
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier |
Type: Software |
Bulletins:
MITRE:18971 CVE-2013-5849 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to AWT. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-11-26 |
Updated: 2023-05-24 |
||
| ID: MITRE:18990 |
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier |
Type: Software |
Bulletins:
MITRE:18990 CVE-2013-5840 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-11-26 |
Updated: 2023-05-24 |
||
| ID: MITRE:19024 |
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier |
Type: Software |
Bulletins:
MITRE:19024 CVE-2013-5817 |
Severity: High |
| Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-11-26 |
Updated: 2023-05-24 |
||
| ID: MITRE:18436 |
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier |
Type: Software |
Bulletins:
MITRE:18436 CVE-2013-5842 |
Severity: High |
| Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-11-26 |
Updated: 2023-05-24 |
||
| ID: MITRE:19088 |
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier |
Type: Software |
Bulletins:
MITRE:19088 CVE-2013-5783 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Swing. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-11-26 |
Updated: 2023-05-24 |
||
| ID: MITRE:19150 |
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier |
Type: Software |
Bulletins:
MITRE:19150 CVE-2013-5850 |
Severity: High |
| Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-11-26 |
Updated: 2023-05-24 |
||
| ID: MITRE:19185 |
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier |
Type: Software |
Bulletins:
MITRE:19185 CVE-2013-5814 |
Severity: High |
| Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-11-26 |
Updated: 2023-05-24 |
||
| ID: MITRE:19189 |
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier |
Type: Software |
Bulletins:
MITRE:19189 CVE-2013-5829 |
Severity: High |
| Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-11-26 |
Updated: 2023-05-24 |
||
| ID: MITRE:18894 |
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier |
Type: Software |
Bulletins:
MITRE:18894 CVE-2013-5801 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-11-26 |
Updated: 2023-05-24 |
||
| ID: MITRE:19039 |
Title: OpenSSL vulnerability before 1.0.0c in VisualSVN Server |
Type: Software |
Bulletins:
MITRE:19039 CVE-2010-4252 |
Severity: High |
| Description: OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol. | ||||
| Applies to: VisualSVN Server |
Created: 2013-11-26 |
Updated: 2023-05-24 |
||
| ID: MITRE:19016 |
Title: OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d in VisualSVN Server |
Type: Software |
Bulletins:
MITRE:19016 CVE-2013-0169 |
Severity: Low |
| Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | ||||
| Applies to: VisualSVN Server |
Created: 2013-11-26 |
Updated: 2023-05-24 |
||
| ID: MITRE:19081 |
Title: OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d in VisualSVN Server |
Type: Software |
Bulletins:
MITRE:19081 CVE-2013-0166 |
Severity: Medium |
| Description: OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key. | ||||
| Applies to: VisualSVN Server |
Created: 2013-11-26 |
Updated: 2023-05-24 |
||
| ID: MITRE:18910 |
Title: OpenSSL vulnerability before 0.9.8q, and 1.0.x before 1.0.0c in VisualSVN Server |
Type: Software |
Bulletins:
MITRE:18910 CVE-2010-4180 |
Severity: Medium |
| Description: OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. | ||||
| Applies to: VisualSVN Server |
Created: 2013-11-26 |
Updated: 2023-05-24 |
||
| ID: MITRE:18868 |
Title: OpenSSL vulnerability 1.0.1 before 1.0.1d in VisualSVN Server |
Type: Software |
Bulletins:
MITRE:18868 CVE-2012-2686 |
Severity: Medium |
| Description: crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data. | ||||
| Applies to: VisualSVN Server |
Created: 2013-11-26 |
Updated: 2023-05-24 |
||
| ID: MITRE:18985 |
Title: OpenSSL vulnerability 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c in VisualSVN Server |
Type: Software |
Bulletins:
MITRE:18985 CVE-2011-0014 |
Severity: Medium |
| Description: ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability." | ||||
| Applies to: VisualSVN Server |
Created: 2013-11-26 |
Updated: 2023-05-24 |
||
| ID: MITRE:19036 |
Title: Denial of service vulnerability in Microsoft SharePoint () - MS13-067 |
Type: Software |
Bulletins:
MITRE:19036 CVE-2013-0081 |
Severity: Medium |
| Description: Microsoft SharePoint Portal Server 2003 SP3 and SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 do not properly process unassigned workflows, which allows remote attackers to cause a denial of service (W3WP process hang) via a crafted URL, aka "SharePoint Denial of Service Vulnerability." | ||||
| Applies to: Microsoft SharePoint Foundation 2010 Microsoft SharePoint Foundation 2013 Microsoft SharePoint Server 2007 Microsoft SharePoint Server 2010 Microsoft SharePoint Server 2013 Microsoft SharePoint Services 2.0 Microsoft SharePoint Services 3.0 |
Created: 2013-11-26 |
Updated: 2023-05-24 |
||
| ID: MITRE:18750 |
Title: Cross-site scripting vulnerability in Microsoft SharePoint () - MS13-067 |
Type: Software |
Bulletins:
MITRE:18750 CVE-2013-3179 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "SharePoint XSS Vulnerability." | ||||
| Applies to: Microsoft SharePoint Foundation 2010 Microsoft SharePoint Foundation 2013 Microsoft SharePoint Server 2007 Microsoft SharePoint Server 2010 Microsoft SharePoint Server 2013 Microsoft SharePoint Services 3.0 |
Created: 2013-11-26 |
Updated: 2023-05-24 |
||
| ID: MITRE:19136 |
Title: Cross-site scripting vulnerability in Microsoft SharePoint () - MS13-067 |
Type: Software |
Bulletins:
MITRE:19136 CVE-2013-3180 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 and SP2 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted POST request, aka "POST XSS Vulnerability." | ||||
| Applies to: Microsoft SharePoint Foundation 2010 Microsoft SharePoint Foundation 2013 Microsoft SharePoint Server 2010 Microsoft SharePoint Server 2013 |
Created: 2013-11-26 |
Updated: 2023-05-24 |
||
| ID: MITRE:18922 |
Title: Apache Subversion vulnerability before 1.6.17 in VisualSVN Server |
Type: Software |
Bulletins:
MITRE:18922 CVE-2011-1752 |
Severity: Medium |
| Description: The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011. | ||||
| Applies to: VisualSVN Server |
Created: 2013-11-26 |
Updated: 2023-05-24 |
||
| ID: MITRE:18967 |
Title: Apache Subversion vulnerability before 1.6.16 in VisualSVN Server |
Type: Software |
Bulletins:
MITRE:18967 CVE-2011-0715 |
Severity: Medium |
| Description: The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token. | ||||
| Applies to: VisualSVN Server |
Created: 2013-11-26 |
Updated: 2023-05-24 |
||
| ID: MITRE:18788 |
Title: Apache Subversion vulnerability 1.7.0 through 1.7.8 in VisualSVN Server |
Type: Software |
Bulletins:
MITRE:18788 CVE-2013-1884 |
Severity: Medium |
| Description: The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable. | ||||
| Applies to: VisualSVN Server |
Created: 2013-11-26 |
Updated: 2023-05-24 |
||
| ID: MITRE:18973 |
Title: Apache Subversion vulnerability 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 in VisualSVN Server |
Type: Software |
Bulletins:
MITRE:18973 CVE-2013-1845 |
Severity: Low |
| Description: The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory. | ||||
| Applies to: VisualSVN Server |
Created: 2013-11-26 |
Updated: 2023-05-24 |
||
| ID: MITRE:18980 |
Title: Apache Subversion vulnerability 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 in VisualSVN Server |
Type: Software |
Bulletins:
MITRE:18980 CVE-2013-1849 |
Severity: Medium |
| Description: The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL. | ||||
| Applies to: VisualSVN Server |
Created: 2013-11-26 |
Updated: 2023-05-24 |
||
| ID: MITRE:18772 |
Title: Apache Subversion vulnerability 1.6.0 before 1.6.23 in VisualSVN Server |
Type: Software |
Bulletins:
MITRE:18772 CVE-2013-2088 |
Severity: High |
| Description: Contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename. | ||||
| Applies to: VisualSVN Server |
Created: 2013-11-26 |
Updated: 2023-05-24 |
||
| ID: MITRE:18986 |
Title: Apache Subversion vulnerability 1.6.0 before 1.6.23 and 1.7.x before 1.7.10 in VisualSVN Server |
Type: Software |
Bulletins:
MITRE:18986 CVE-2013-1968 |
Severity: Medium |
| Description: Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name. | ||||
| Applies to: VisualSVN Server |
Created: 2013-11-26 |
Updated: 2023-05-24 |
||
| ID: MITRE:19057 |
Title: Apache Subversion vulnerability 1.6.0 before 1.6.23 and 1.7.x before 1.7.10 in VisualSVN Server |
Type: Software |
Bulletins:
MITRE:19057 CVE-2013-2112 |
Severity: High |
| Description: The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection. | ||||
| Applies to: VisualSVN Server |
Created: 2013-11-26 |
Updated: 2023-05-24 |
||
| ID: MITRE:19007 |
Title: Apache Subversion vulnerability 1.5.x before 1.5.8 and 1.6.x before 1.6.13 in VisualSVN Server |
Type: Software |
Bulletins:
MITRE:19007 CVE-2010-3315 |
Severity: Medium |
| Description: authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands. | ||||
| Applies to: VisualSVN Server |
Created: 2013-11-26 |
Updated: 2023-05-24 |
||
| ID: MITRE:18999 |
Title: Apache Subversion vulnerability 1.5.x and 1.6.x before 1.6.17 in VisualSVN Server |
Type: Software |
Bulletins:
MITRE:18999 CVE-2011-1921 |
Severity: Medium |
| Description: The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation. | ||||
| Applies to: VisualSVN Server |
Created: 2013-11-26 |
Updated: 2023-05-24 |
||
| ID: MITRE:18889 |
Title: Apache Subversion vulnerability 1.5.x and 1.6.x before 1.6.17 in VisualSVN Server |
Type: Software |
Bulletins:
MITRE:18889 CVE-2011-1783 |
Severity: Medium |
| Description: The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data. | ||||
| Applies to: VisualSVN Server |
Created: 2013-11-26 |
Updated: 2023-05-24 |
||
| ID: MITRE:18790 |
Title: Apache HTTP vulnerability from 2.2.x before 2.2.25 in VisualSVN Server |
Type: Software |
Bulletins:
MITRE:18790 CVE-2013-1862 |
Severity: Medium |
| Description: mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. | ||||
| Applies to: VisualSVN Server |
Created: 2013-11-26 |
Updated: 2023-05-24 |
||
| ID: MITRE:18835 |
Title: Apache HTTP vulnerability before 2.2.25 in VisualSVN Server |
Type: Software |
Bulletins:
MITRE:18835 CVE-2013-1896 |
Severity: Medium |
| Description: mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI. | ||||
| Applies to: VisualSVN Server |
Created: 2013-11-26 |
Updated: 2023-05-24 |
||
| ID: MITRE:18827 |
Title: Apache HTTP vulnerability 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 in VisualSVN Server |
Type: Software |
Bulletins:
MITRE:18827 CVE-2011-3192 |
Severity: High |
| Description: The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086. | ||||
| Applies to: VisualSVN Server |
Created: 2013-11-26 |
Updated: 2023-05-24 |
||
| ID: MITRE:18621 |
Title: Apache Subversion vulnerability from 1.7.0 through 1.7.10 and from 1.8.x before 1.8.1 in VisualSVN Server |
Type: Software |
Bulletins:
MITRE:18621 CVE-2013-4131 |
Severity: Medium |
| Description: The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root. | ||||
| Applies to: VisualSVN Server |
Created: 2013-11-25 |
Updated: 2023-05-24 |
||
| ID: MITRE:18554 |
Title: Apache Subversion vulnerability from 1.4.0 through 1.7.12 and from 1.8.0 through 1.8.1 in VisualSVN Server |
Type: Software |
Bulletins:
MITRE:18554 CVE-2013-4277 |
Severity: Low |
| Description: Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option. | ||||
| Applies to: VisualSVN Server |
Created: 2013-11-25 |
Updated: 2023-05-24 |
||
| ID: MITRE:18087 |
Title: Apache Subversion vulnerability 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 in VisualSVN Server |
Type: Software |
Bulletins:
MITRE:18087 CVE-2013-1846 |
Severity: Medium |
| Description: The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL. | ||||
| Applies to: VisualSVN Server |
Created: 2013-11-25 |
Updated: 2023-05-24 |
||
| ID: MITRE:18538 |
Title: Apache Subversion vulnerability 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 in VisualSVN Server |
Type: Software |
Bulletins:
MITRE:18538 CVE-2013-1847 |
Severity: Medium |
| Description: The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist. | ||||
| Applies to: VisualSVN Server |
Created: 2013-11-25 |
Updated: 2023-05-24 |
||
| ID: MITRE:18154 |
Title: Apache HTTP vulnerability before 2.2.21 in VisualSVN Server |
Type: Software |
Bulletins:
MITRE:18154 CVE-2011-3348 |
Severity: Medium |
| Description: The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request. | ||||
| Applies to: VisualSVN Server |
Created: 2013-11-25 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-6698 |
Title: The web interface on Cisco Wireless LAN Controller (WLC) devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site,... |
Type: Hardware |
Bulletins:
CVE-2013-6698 |
Severity: Medium |
| Description: The web interface on Cisco Wireless LAN Controller (WLC) devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuf77821. | ||||
| Applies to: |
Created: 2013-11-22 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-6694 |
Title: The IPSec implementation in Cisco IOS allows remote attackers to cause a denial of service (MTU change and tunnel-session drop) via crafted ICMP packets, aka Bug ID CSCul29918. |
Type: Hardware |
Bulletins:
CVE-2013-6694 |
Severity: Medium |
| Description: The IPSec implementation in Cisco IOS allows remote attackers to cause a denial of service (MTU change and tunnel-session drop) via crafted ICMP packets, aka Bug ID CSCul29918. | ||||
| Applies to: |
Created: 2013-11-22 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-6699 |
Title: The Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service via a crafted CAPWAP packet that triggers a buffer over-read,... |
Type: Hardware |
Bulletins:
CVE-2013-6699 |
Severity: Medium |
| Description: The Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service via a crafted CAPWAP packet that triggers a buffer over-read, aka Bug ID CSCuh81880. | ||||
| Applies to: |
Created: 2013-11-22 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-6693 |
Title: The MLDP implementation in Cisco IOS 15.3(3)S and earlier on 7600 routers, when many VRFs are configured, allows remote attackers to cause a denial of service (chunk corruption and device reload) by establishing many multicast flows, aka Bug ID... |
Type: Hardware |
Bulletins:
CVE-2013-6693 |
Severity: Medium |
| Description: The MLDP implementation in Cisco IOS 15.3(3)S and earlier on 7600 routers, when many VRFs are configured, allows remote attackers to cause a denial of service (chunk corruption and device reload) by establishing many multicast flows, aka Bug ID CSCue22345. | ||||
| Applies to: Cisco 7600 Series Routers |
Created: 2013-11-21 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-6692 |
Title: Cisco IOS XE 3.8S(.2) and earlier does not properly use a DHCP pool during assignment of an IP address, which allows remote authenticated users to cause a denial of service (device reload) via an AAA packet that triggers an address requirement, aka... |
Type: Hardware |
Bulletins:
CVE-2013-6692 |
Severity: Medium |
| Description: Cisco IOS XE 3.8S(.2) and earlier does not properly use a DHCP pool during assignment of an IP address, which allows remote authenticated users to cause a denial of service (device reload) via an AAA packet that triggers an address requirement, aka Bug ID CSCuh04949. | ||||
| Applies to: |
Created: 2013-11-21 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-6686 |
Title: The SSL VPN implementation in Cisco IOS 15.3(1)T2 and earlier allows remote authenticated users to cause a denial of service (interface queue wedge) via crafted DTLS packets in an SSL session, aka Bug IDs CSCuh97409 and CSCud90568. |
Type: Hardware |
Bulletins:
CVE-2013-6686 |
Severity: Medium |
| Description: The SSL VPN implementation in Cisco IOS 15.3(1)T2 and earlier allows remote authenticated users to cause a denial of service (interface queue wedge) via crafted DTLS packets in an SSL session, aka Bug IDs CSCuh97409 and CSCud90568. | ||||
| Applies to: |
Created: 2013-11-17 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5556 |
Title: The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual Security Gateway 4.2(1)VSG1(1) for Nexus 1000V switches... |
Type: Hardware |
Bulletins:
CVE-2013-5556 |
Severity: Medium |
| Description: The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual Security Gateway 4.2(1)VSG1(1) for Nexus 1000V switches allows local users to gain privileges and execute arbitrary commands via crafted "install all iso" arguments, aka Bug ID CSCui21340. | ||||
| Applies to: Cisco Nexus 1000V VSM |
Created: 2013-11-17 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5193 |
Title: The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App purchase by leveraging previous... |
Type: Mobile Devices |
Bulletins:
CVE-2013-5193 |
Severity: Medium |
| Description: The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App purchase by leveraging previous entry of Apple ID credentials. | ||||
| Applies to: |
Created: 2013-11-17 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-6688 |
Title: Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted... |
Type: Hardware |
Bulletins:
CVE-2013-6688 |
Severity: Medium |
| Description: Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted path, aka Bug ID CSCui58222. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-11-17 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-6689 |
Title: Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or create arbitrary files, via an "overload" of the command-line utility, aka Bug ID CSCui58229. |
Type: Hardware |
Bulletins:
CVE-2013-6689 |
Severity: Medium |
| Description: Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or create arbitrary files, via an "overload" of the command-line utility, aka Bug ID CSCui58229. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-11-17 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-6684 |
Title: The web framework on Cisco Wireless LAN Controller (WLC) devices does not properly validate configuration parameters, which allows remote authenticated users to cause a denial of service via a crafted HTTP request, aka Bug ID CSCuh81011. |
Type: Hardware |
Bulletins:
CVE-2013-6684 |
Severity: Medium |
| Description: The web framework on Cisco Wireless LAN Controller (WLC) devices does not properly validate configuration parameters, which allows remote authenticated users to cause a denial of service via a crafted HTTP request, aka Bug ID CSCuh81011. | ||||
| Applies to: |
Created: 2013-11-13 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-6683 |
Title: The IPv6 implementation in Cisco NX-OS does not properly handle neighbor-table adjacencies, which allows remote attackers to cause a denial of service (NS processing outage) via a series of malformed packets, aka Bug ID CSCtd15904. |
Type: Hardware |
Bulletins:
CVE-2013-6683 |
Severity: Medium |
| Description: The IPv6 implementation in Cisco NX-OS does not properly handle neighbor-table adjacencies, which allows remote attackers to cause a denial of service (NS processing outage) via a series of malformed packets, aka Bug ID CSCtd15904. | ||||
| Applies to: |
Created: 2013-11-13 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5552 |
Title: Cisco IOS 12.4(24)MDB9 and earlier on Content Services Gateway (CSG) devices does not properly implement the "parse error drop" feature, which allows remote attackers to bypass intended access restrictions via a crafted series of packets, aka Bug ID... |
Type: Hardware |
Bulletins:
CVE-2013-5552 |
Severity: Medium |
| Description: Cisco IOS 12.4(24)MDB9 and earlier on Content Services Gateway (CSG) devices does not properly implement the "parse error drop" feature, which allows remote attackers to bypass intended access restrictions via a crafted series of packets, aka Bug ID CSCug90143. | ||||
| Applies to: |
Created: 2013-11-13 |
Updated: 2023-05-24 |
||
| ID: MITRE:18997 |
Title: The iTunes ActiveX control in Apple iTunes before 11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site |
Type: Software |
Bulletins:
MITRE:18997 CVE-2013-1035 |
Severity: High |
| Description: The iTunes ActiveX control in Apple iTunes before 11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | ||||
| Applies to: Apple iTunes |
Created: 2013-11-11 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5565 |
Title: The OSPFv3 functionality in Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (process crash) via a malformed LSA Type-1 packet, aka Bug ID CSCuj82176. |
Type: Hardware |
Bulletins:
CVE-2013-5565 |
Severity: Medium |
| Description: The OSPFv3 functionality in Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (process crash) via a malformed LSA Type-1 packet, aka Bug ID CSCuj82176. | ||||
| Applies to: |
Created: 2013-11-07 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5553 |
Title: Multiple memory leaks in Cisco IOS 15.1 before 15.1(4)M7 allow remote attackers to cause a denial of service (memory consumption or device reload) by sending a crafted SIP message over (1) IPv4 or (2) IPv6, aka Bug IDs CSCuc42558 and CSCug25383. |
Type: Hardware |
Bulletins:
CVE-2013-5553 |
Severity: High |
| Description: Multiple memory leaks in Cisco IOS 15.1 before 15.1(4)M7 allow remote attackers to cause a denial of service (memory consumption or device reload) by sending a crafted SIP message over (1) IPv4 or (2) IPv6, aka Bug IDs CSCuc42558 and CSCug25383. | ||||
| Applies to: |
Created: 2013-11-07 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5566 |
Title: Cisco NX-OS 5.0 and earlier on MDS 9000 devices allows remote attackers to cause a denial of service (supervisor CPU consumption) via Authentication Header (AH) authentication in a Virtual Router Redundancy Protocol (VRRP) frame, aka Bug ID CSCte27874. |
Type: Hardware |
Bulletins:
CVE-2013-5566 |
Severity: Medium |
| Description: Cisco NX-OS 5.0 and earlier on MDS 9000 devices allows remote attackers to cause a denial of service (supervisor CPU consumption) via Authentication Header (AH) authentication in a Virtual Router Redundancy Protocol (VRRP) frame, aka Bug ID CSCte27874. | ||||
| Applies to: |
Created: 2013-11-07 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-6618 |
Title: jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary commands via the rsargs parameter in an exec action. |
Type: Hardware |
Bulletins:
CVE-2013-6618 SFBID62305 |
Severity: High |
| Description: jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary commands via the rsargs parameter in an exec action. | ||||
| Applies to: |
Created: 2013-11-05 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5546 |
Title: The TCP reassembly feature in Cisco IOS XE 3.7 before 3.7.3S and 3.8 before 3.8.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via large TCP packets that are processed by the (1) NAT or (2) ALG component,... |
Type: Hardware |
Bulletins:
CVE-2013-5546 |
Severity: High |
| Description: The TCP reassembly feature in Cisco IOS XE 3.7 before 3.7.3S and 3.8 before 3.8.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via large TCP packets that are processed by the (1) NAT or (2) ALG component, aka Bug ID CSCud72509. | ||||
| Applies to: |
Created: 2013-10-31 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5545 |
Title: The PPTP ALG implementation in Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending many PPTP packets over NAT, aka Bug ID CSCuh19936. |
Type: Hardware |
Bulletins:
CVE-2013-5545 |
Severity: High |
| Description: The PPTP ALG implementation in Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending many PPTP packets over NAT, aka Bug ID CSCuh19936. | ||||
| Applies to: |
Created: 2013-10-31 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5548 |
Title: The IKEv2 implementation in Cisco IOS, when AES-GCM or AES-GMAC is used, allows remote attackers to bypass certain IPsec anti-replay features via IPsec tunnel traffic, aka Bug ID CSCuj47795. |
Type: Hardware |
Bulletins:
CVE-2013-5548 |
Severity: Medium |
| Description: The IKEv2 implementation in Cisco IOS, when AES-GCM or AES-GMAC is used, allows remote attackers to bypass certain IPsec anti-replay features via IPsec tunnel traffic, aka Bug ID CSCuj47795. | ||||
| Applies to: |
Created: 2013-10-31 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5555 |
Title: Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to cause a denial of service (service restart) via a crafted SIP message, aka Bug ID CSCub54349. |
Type: Hardware |
Bulletins:
CVE-2013-5555 |
Severity: Medium |
| Description: Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to cause a denial of service (service restart) via a crafted SIP message, aka Bug ID CSCub54349. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-10-31 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5547 |
Title: Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending malformed EoGRE packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCuf08269. |
Type: Hardware |
Bulletins:
CVE-2013-5547 |
Severity: High |
| Description: Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending malformed EoGRE packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCuf08269. | ||||
| Applies to: |
Created: 2013-10-31 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5543 |
Title: Cisco IOS XE 3.4 before 3.4.2S and 3.5 before 3.5.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via malformed ICMP error packets associated with a (1) TCP or (2) UDP session that is under inspection by... |
Type: Hardware |
Bulletins:
CVE-2013-5543 |
Severity: High |
| Description: Cisco IOS XE 3.4 before 3.4.2S and 3.5 before 3.5.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via malformed ICMP error packets associated with a (1) TCP or (2) UDP session that is under inspection by the Zone-Based Firewall (ZBFW) component, aka Bug ID CSCtt26470. | ||||
| Applies to: |
Created: 2013-10-31 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-6012 |
Title: Juniper Junos 12.1X44 before 12.1.X44-D20 and 12.1X45 before 12.1X45-D15, when the no-validate option is enabled, does not properly handle configuration validation errors during the config commit phase of the boot-up sequence, which allows remote... |
Type: Hardware |
Bulletins:
CVE-2013-6012 SFBID63389 |
Severity: High |
| Description: Juniper Junos 12.1X44 before 12.1.X44-D20 and 12.1X45 before 12.1X45-D15, when the no-validate option is enabled, does not properly handle configuration validation errors during the config commit phase of the boot-up sequence, which allows remote attackers to bypass authentication via unspecified vectors. | ||||
| Applies to: |
Created: 2013-10-28 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-6014 |
Title: Juniper Junos 10.4 before 10.4S15, 11.4 before 11.4R9, 11.4X27 before 11.4X27.44, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.2 before 12.2R6, 12.3 before 12.3R3, 13.1 before 13.1R3, and 13.2 before 13.2R1, when... |
Type: Hardware |
Bulletins:
CVE-2013-6014 |
Severity: Medium |
| Description: Juniper Junos 10.4 before 10.4S15, 11.4 before 11.4R9, 11.4X27 before 11.4X27.44, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.2 before 12.2R6, 12.3 before 12.3R3, 13.1 before 13.1R3, and 13.2 before 13.2R1, when Proxy ARP is enabled on an unnumbered interface, allows remote attackers to perform ARP poisoning attacks and possibly obtain sensitive information via a crafted ARP message. | ||||
| Applies to: |
Created: 2013-10-28 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5549 |
Title: Cisco IOS XR 3.8.1 through 4.2.0 does not properly process fragmented packets within the RP-A, RP-B, PRP, and DRP-B route-processor components, which allows remote attackers to cause a denial of service (transmission outage) via (1) IPv4 or (2) IPv6... |
Type: Hardware |
Bulletins:
CVE-2013-5549 |
Severity: High |
| Description: Cisco IOS XR 3.8.1 through 4.2.0 does not properly process fragmented packets within the RP-A, RP-B, PRP, and DRP-B route-processor components, which allows remote attackers to cause a denial of service (transmission outage) via (1) IPv4 or (2) IPv6 traffic, aka Bug ID CSCuh30380. | ||||
| Applies to: |
Created: 2013-10-24 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5522 |
Title: Cisco IOS on Catalyst 3750X switches has default Service Module credentials, which makes it easier for local users to gain privileges via a Service Module login, aka Bug ID CSCue92286. |
Type: Hardware |
Bulletins:
CVE-2013-5522 |
Severity: Medium |
| Description: Cisco IOS on Catalyst 3750X switches has default Service Module credentials, which makes it easier for local users to gain privileges via a Service Module login, aka Bug ID CSCue92286. | ||||
| Applies to: Cisco Catalyst 3750X |
Created: 2013-10-24 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5162 |
Title: Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcode-entry view after use of the Phone app. |
Type: Mobile Devices |
Bulletins:
CVE-2013-5162 |
Severity: Low |
| Description: Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcode-entry view after use of the Phone app. | ||||
| Applies to: |
Created: 2013-10-23 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5144 |
Title: Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emergency-call button during a certain... |
Type: Mobile Devices |
Bulletins:
CVE-2013-5144 |
Severity: Low |
| Description: Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emergency-call button during a certain notification and camera-pane state to trigger a NULL pointer dereference. | ||||
| Applies to: |
Created: 2013-10-23 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5164 |
Title: Multiple race conditions in the Phone app in Apple iOS before 7.0.3 allow physically proximate attackers to bypass the locked state, and dial the telephone numbers in arbitrary Contacts entries, by visiting the Contacts pane. |
Type: Mobile Devices |
Bulletins:
CVE-2013-5164 |
Severity: Low |
| Description: Multiple race conditions in the Phone app in Apple iOS before 7.0.3 allow physically proximate attackers to bypass the locked state, and dial the telephone numbers in arbitrary Contacts entries, by visiting the Contacts pane. | ||||
| Applies to: |
Created: 2013-10-23 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-6027 |
Title: Stack-based buffer overflow in the RuntimeDiagnosticPing function in /bin/webs on D-Link DIR-100 routers might allow remote authenticated administrators to execute arbitrary commands via a long set/runtime/diagnostic/pingIp parameter to... |
Type: Hardware |
Bulletins:
CVE-2013-6027 |
Severity: High |
| Description: Stack-based buffer overflow in the RuntimeDiagnosticPing function in /bin/webs on D-Link DIR-100 routers might allow remote authenticated administrators to execute arbitrary commands via a long set/runtime/diagnostic/pingIp parameter to Tools/tools_misc.xgi. | ||||
| Applies to: DIR-100 |
Created: 2013-10-19 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-6015 |
Title: Juniper Junos before 10.4S14, 11.4 before 11.4R5-S2, 12.1R before 12.1R3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D15 on SRX Series services gateways, when a plugin using TCP proxy is configured, allows remote attackers to cause a... |
Type: Hardware |
Bulletins:
CVE-2013-6015 |
Severity: Medium |
| Description: Juniper Junos before 10.4S14, 11.4 before 11.4R5-S2, 12.1R before 12.1R3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D15 on SRX Series services gateways, when a plugin using TCP proxy is configured, allows remote attackers to cause a denial of service (flow daemon crash) via an unspecified sequence of TCP packets. | ||||
| Applies to: |
Created: 2013-10-17 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-6170 |
Title: Juniper Junos 10.0 before 10.0S28, 10.4 before 10.4R7, 11.1 before 11.1R5, 11.2 before 11.2R2, and 11.4 before 11.4R1, when in a Next-Generation Multicast VPN (NGEN MVPN) environment, allows remote attackers to cause a denial of service (RPD routing... |
Type: Hardware |
Bulletins:
CVE-2013-6170 SFBID62973 |
Severity: Medium |
| Description: Juniper Junos 10.0 before 10.0S28, 10.4 before 10.4R7, 11.1 before 11.1R5, 11.2 before 11.2R2, and 11.4 before 11.4R1, when in a Next-Generation Multicast VPN (NGEN MVPN) environment, allows remote attackers to cause a denial of service (RPD routing daemon crash) via a large number of crafted PIM (S,G) join requests. | ||||
| Applies to: |
Created: 2013-10-17 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-4689 |
Title: J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1R before 12.1R6, 12.1X44 before 12.1X44-D15, 12.1x45 before 12.1X45-D10, 12.2 before 12.2R3, 12.3 before 12.3R2, and 13.1 before 13.1R3 allow remote attackers to bypass the cross-site... |
Type: Hardware |
Bulletins:
CVE-2013-4689 SFBID62940 |
Severity: Medium |
| Description: J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1R before 12.1R6, 12.1X44 before 12.1X44-D15, 12.1x45 before 12.1X45-D10, 12.2 before 12.2R3, 12.3 before 12.3R2, and 13.1 before 13.1R3 allow remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism and hijack the authentication of administrators for requests that (1) create new administrator accounts or (2) have other unspecified impacts. | ||||
| Applies to: |
Created: 2013-10-17 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-6013 |
Title: Buffer overflow in the flow daemon (flowd) in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7-S2, 12.1.X44 before 12.1X44-D15, 12.1X45 before 12.1X45-D10 on SRX devices, when using telnet pass-through authentication on the firewall, might... |
Type: Hardware |
Bulletins:
CVE-2013-6013 SFBID62962 |
Severity: Medium |
| Description: Buffer overflow in the flow daemon (flowd) in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7-S2, 12.1.X44 before 12.1X44-D15, 12.1X45 before 12.1X45-D10 on SRX devices, when using telnet pass-through authentication on the firewall, might allow remote attackers to execute arbitrary code via a crafted telnet message. | ||||
| Applies to: |
Created: 2013-10-17 |
Updated: 2023-05-24 |
||
| ID: MITRE:18318 |
Title: Vulnerability in Active Directory Federation Services could allow information disclosure - MS13-066 |
Type: Software |
Bulletins:
MITRE:18318 CVE-2013-3185 |
Severity: Medium |
| Description: Microsoft Active Directory Federation Services (AD FS) 1.x through 2.1 on Windows Server 2003 R2 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allows remote attackers to obtain sensitive information about the service account, and possibly conduct account-lockout attacks, by connecting to an endpoint, aka "AD FS Information Disclosure Vulnerability." | ||||
| Applies to: Microsoft Active Directory Federation Services |
Created: 2013-10-14 |
Updated: 2023-05-24 |
||
| ID: CVE-2012-4097 |
Title: The BGP implementation in Cisco NX-OS does not properly filter segment types in AS paths, which allows remote attackers to cause a denial of service (BGP service reset) via a malformed UPDATE message, aka Bug ID CSCtn13043. |
Type: Hardware |
Bulletins:
CVE-2012-4097 |
Severity: Medium |
| Description: The BGP implementation in Cisco NX-OS does not properly filter segment types in AS paths, which allows remote attackers to cause a denial of service (BGP service reset) via a malformed UPDATE message, aka Bug ID CSCtn13043. | ||||
| Applies to: |
Created: 2013-10-13 |
Updated: 2023-05-24 |
||
| ID: CVE-2012-4099 |
Title: The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13065. |
Type: Hardware |
Bulletins:
CVE-2012-4099 |
Severity: Medium |
| Description: The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13065. | ||||
| Applies to: |
Created: 2013-10-13 |
Updated: 2023-05-24 |
||
| ID: CVE-2012-4121 |
Title: Cisco NX-OS allows local users to gain privileges, and read or modify arbitrary files, via the sed (1) r and (2) w commands, aka Bug IDs CSCts56559, CSCts56565, CSCts56570, and CSCts56574. |
Type: Hardware |
Bulletins:
CVE-2012-4121 |
Severity: Medium |
| Description: Cisco NX-OS allows local users to gain privileges, and read or modify arbitrary files, via the sed (1) r and (2) w commands, aka Bug IDs CSCts56559, CSCts56565, CSCts56570, and CSCts56574. | ||||
| Applies to: |
Created: 2013-10-13 |
Updated: 2023-05-24 |
||
| ID: CVE-2012-4077 |
Title: Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via the sed e option, aka Bug IDs CSCtf25457 and CSCtf27651. |
Type: Hardware |
Bulletins:
CVE-2012-4077 SFBID62849 |
Severity: Medium |
| Description: Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via the sed e option, aka Bug IDs CSCtf25457 and CSCtf27651. | ||||
| Applies to: |
Created: 2013-10-13 |
Updated: 2023-05-24 |
||
| ID: CVE-2012-4076 |
Title: Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in a command that calls the system library function, aka Bug IDs CSCtf23559 and CSCtf27780. |
Type: Hardware |
Bulletins:
CVE-2012-4076 SFBID62848 |
Severity: Medium |
| Description: Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in a command that calls the system library function, aka Bug IDs CSCtf23559 and CSCtf27780. | ||||
| Applies to: |
Created: 2013-10-13 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5499 |
Title: The remember feature in the DHCP server in Cisco IOS allows remote attackers to cause a denial of service (device reload) by acquiring a lease and then sending a DHCPRELEASE message, aka Bug ID CSCuh46822. |
Type: Hardware |
Bulletins:
CVE-2013-5499 |
Severity: Medium |
| Description: The remember feature in the DHCP server in Cisco IOS allows remote attackers to cause a denial of service (device reload) by acquiring a lease and then sending a DHCPRELEASE message, aka Bug ID CSCuh46822. | ||||
| Applies to: |
Created: 2013-10-10 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5527 |
Title: The OSPF functionality in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted options in an LSA type 11 packet, aka Bug ID CSCui21030. |
Type: Hardware |
Bulletins:
CVE-2013-5527 SFBID62904 |
Severity: Medium |
| Description: The OSPF functionality in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted options in an LSA type 11 packet, aka Bug ID CSCui21030. | ||||
| Applies to: |
Created: 2013-10-10 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5528 |
Title: Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug... |
Type: Hardware |
Bulletins:
CVE-2013-5528 SFBID62960 |
Severity: Medium |
| Description: Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-10-10 |
Updated: 2023-05-24 |
||
| ID: CVE-2012-4091 |
Title: The RIP service engine in Cisco NX-OS allows remote attackers to cause a denial of service (engine restart) via a malformed (1) RIPv4 or (2) RIPv6 message, aka Bug ID CSCtj73415. |
Type: Hardware |
Bulletins:
CVE-2012-4091 SFBID62838 |
Severity: Medium |
| Description: The RIP service engine in Cisco NX-OS allows remote attackers to cause a denial of service (engine restart) via a malformed (1) RIPv4 or (2) RIPv6 message, aka Bug ID CSCtj73415. | ||||
| Applies to: |
Created: 2013-10-05 |
Updated: 2023-05-24 |
||
| ID: CVE-2012-4090 |
Title: The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089. |
Type: Hardware |
Bulletins:
CVE-2012-4090 SFBID62841 |
Severity: Medium |
| Description: The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089. | ||||
| Applies to: Cisco Nexus 7000 Cisco Nexus 7000-9slot Cisco Nexus 7010 Cisco Nexus 7018 |
Created: 2013-10-05 |
Updated: 2023-05-24 |
||
| ID: CVE-2012-4122 |
Title: The CLI parser in Cisco NX-OS allows local users to bypass intended access restrictions, and overwrite or create arbitrary files, via shell output redirection, aka Bug IDs CSCts56672 and CSCts56669. |
Type: Hardware |
Bulletins:
CVE-2012-4122 SFBID62843 |
Severity: Medium |
| Description: The CLI parser in Cisco NX-OS allows local users to bypass intended access restrictions, and overwrite or create arbitrary files, via shell output redirection, aka Bug IDs CSCts56672 and CSCts56669. | ||||
| Applies to: |
Created: 2013-10-05 |
Updated: 2023-05-24 |
||
| ID: CVE-2012-4098 |
Title: The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13055. |
Type: Hardware |
Bulletins:
CVE-2012-4098 |
Severity: Medium |
| Description: The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13055. | ||||
| Applies to: |
Created: 2013-10-05 |
Updated: 2023-05-24 |
||
| ID: CVE-2012-4141 |
Title: Directory traversal vulnerability in the CLI parser in Cisco NX-OS allows local users to create arbitrary script files via a relative pathname in the "file name" parameter, aka Bug IDs CSCua71557 and CSCua71551. |
Type: Hardware |
Bulletins:
CVE-2012-4141 SFBID62839 |
Severity: Medium |
| Description: Directory traversal vulnerability in the CLI parser in Cisco NX-OS allows local users to create arbitrary script files via a relative pathname in the "file name" parameter, aka Bug IDs CSCua71557 and CSCua71551. | ||||
| Applies to: |
Created: 2013-10-05 |
Updated: 2023-05-24 |
||
| ID: CVE-2012-4075 |
Title: Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in unspecified command parameters, aka Bug IDs CSCtf19827 and CSCtf27788. |
Type: Hardware |
Bulletins:
CVE-2012-4075 SFBID62837 |
Severity: High |
| Description: Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in unspecified command parameters, aka Bug IDs CSCtf19827 and CSCtf27788. | ||||
| Applies to: |
Created: 2013-10-05 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5519 |
Title: Cross-site scripting (XSS) vulnerability in the management interface on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuf77810. |
Type: Hardware |
Bulletins:
CVE-2013-5519 SFBID62787 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in the management interface on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuf77810. | ||||
| Applies to: |
Created: 2013-10-03 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5503 |
Title: The UDP process in Cisco IOS XR 4.3.1 does not free packet memory upon detecting full packet queues, which allows remote attackers to cause a denial of service (memory consumption) via UDP packets to listening ports, aka Bug ID CSCue69413. |
Type: Hardware |
Bulletins:
CVE-2013-5503 |
Severity: High |
| Description: The UDP process in Cisco IOS XR 4.3.1 does not free packet memory upon detecting full packet queues, which allows remote attackers to cause a denial of service (memory consumption) via UDP packets to listening ports, aka Bug ID CSCue69413. | ||||
| Applies to: |
Created: 2013-10-02 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5516 |
Title: The Media Snapshot implementation on Cisco TelePresence Multipoint Switch (CTMS) devices allows remote authenticated users to cause a denial of service (device reload) by sending many Media Snapshot requests at the time of a meeting termination, aka... |
Type: Hardware |
Bulletins:
CVE-2013-5516 |
Severity: Medium |
| Description: The Media Snapshot implementation on Cisco TelePresence Multipoint Switch (CTMS) devices allows remote authenticated users to cause a denial of service (device reload) by sending many Media Snapshot requests at the time of a meeting termination, aka Bug ID CSCuh44796. | ||||
| Applies to: Cisco Telepresence Multipoint Switch |
Created: 2013-09-30 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5476 |
Title: The Zone-Based Firewall (ZFW) feature in Cisco IOS 15.1 through 15.2, when content filtering or HTTP ALG inspection is enabled, allows remote attackers to cause a denial of service (device reload or hang) via crafted IPv4 HTTP traffic, aka Bug ID... |
Type: Hardware |
Bulletins:
CVE-2013-5476 |
Severity: High |
| Description: The Zone-Based Firewall (ZFW) feature in Cisco IOS 15.1 through 15.2, when content filtering or HTTP ALG inspection is enabled, allows remote attackers to cause a denial of service (device reload or hang) via crafted IPv4 HTTP traffic, aka Bug ID CSCtx56174. | ||||
| Applies to: |
Created: 2013-09-27 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5477 |
Title: The T1/E1 driver-queue functionality in Cisco IOS 12.2 and 15.0 through 15.3, when an HDLC32 driver is used, allows remote attackers to cause a denial of service (interface queue wedge) via bursty network traffic, aka Bug ID CSCub67465. |
Type: Hardware |
Bulletins:
CVE-2013-5477 |
Severity: High |
| Description: The T1/E1 driver-queue functionality in Cisco IOS 12.2 and 15.0 through 15.3, when an HDLC32 driver is used, allows remote attackers to cause a denial of service (interface queue wedge) via bursty network traffic, aka Bug ID CSCub67465. | ||||
| Applies to: |
Created: 2013-09-27 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5498 |
Title: The PPTP-ALG component in CRS Carrier Grade Services Engine (CGSE) and ASR 9000 Integrated Service Module (ISM) in Cisco IOS XR allows remote attackers to cause a denial of service (module reset) via crafted packet streams, aka Bug ID CSCue91963. |
Type: Hardware |
Bulletins:
CVE-2013-5498 SFBID62651 |
Severity: Medium |
| Description: The PPTP-ALG component in CRS Carrier Grade Services Engine (CGSE) and ASR 9000 Integrated Service Module (ISM) in Cisco IOS XR allows remote attackers to cause a denial of service (module reset) via crafted packet streams, aka Bug ID CSCue91963. | ||||
| Applies to: |
Created: 2013-09-27 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5481 |
Title: The PPTP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted TCP port-1723 packets, aka Bug ID CSCtq14817. |
Type: Hardware |
Bulletins:
CVE-2013-5481 |
Severity: High |
| Description: The PPTP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted TCP port-1723 packets, aka Bug ID CSCtq14817. | ||||
| Applies to: |
Created: 2013-09-27 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5472 |
Title: The NTP implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.1, and IOS XE 2.1 through 3.3, does not properly handle encapsulation of multicast NTP packets within MSDP SA messages, which allows remote attackers to cause a denial of... |
Type: Hardware |
Bulletins:
CVE-2013-5472 |
Severity: High |
| Description: The NTP implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.1, and IOS XE 2.1 through 3.3, does not properly handle encapsulation of multicast NTP packets within MSDP SA messages, which allows remote attackers to cause a denial of service (device reload) by leveraging an MSDP peer relationship, aka Bug ID CSCuc81226. | ||||
| Applies to: |
Created: 2013-09-27 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5480 |
Title: The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCuf28733. |
Type: Hardware |
Bulletins:
CVE-2013-5480 |
Severity: High |
| Description: The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCuf28733. | ||||
| Applies to: |
Created: 2013-09-27 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5479 |
Title: The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCtn53730. |
Type: Hardware |
Bulletins:
CVE-2013-5479 |
Severity: High |
| Description: The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCtn53730. | ||||
| Applies to: |
Created: 2013-09-27 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5474 |
Title: Race condition in the IPv6 virtual fragmentation reassembly (VFR) implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.3 allows remote attackers to cause a denial of service (device reload or hang) via fragmented IPv6 packets, aka Bug... |
Type: Hardware |
Bulletins:
CVE-2013-5474 |
Severity: High |
| Description: Race condition in the IPv6 virtual fragmentation reassembly (VFR) implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.3 allows remote attackers to cause a denial of service (device reload or hang) via fragmented IPv6 packets, aka Bug ID CSCud64812. | ||||
| Applies to: |
Created: 2013-09-27 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5160 |
Title: Passcode Lock in Apple iOS before 7.0.2 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by making a series of taps of the emergency-call button... |
Type: Mobile Devices |
Bulletins:
CVE-2013-5160 |
Severity: Low |
| Description: Passcode Lock in Apple iOS before 7.0.2 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by making a series of taps of the emergency-call button to trigger a NULL pointer dereference. | ||||
| Applies to: |
Created: 2013-09-27 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5161 |
Title: Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened... |
Type: Mobile Devices |
Bulletins:
CVE-2013-5161 |
Severity: Medium |
| Description: Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened apps, by leveraging unspecified transition errors. | ||||
| Applies to: |
Created: 2013-09-27 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5473 |
Title: Memory leak in Cisco IOS 12.2, 15.1, and 15.2; IOS XE 3.4.2S through 3.4.5S; and IOS XE 3.6.xS before 3.6.1S allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed IKEv1 packets, aka Bug ID CSCtx66011. |
Type: Hardware |
Bulletins:
CVE-2013-5473 |
Severity: High |
| Description: Memory leak in Cisco IOS 12.2, 15.1, and 15.2; IOS XE 3.4.2S through 3.4.5S; and IOS XE 3.6.xS before 3.6.1S allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed IKEv1 packets, aka Bug ID CSCtx66011. | ||||
| Applies to: |
Created: 2013-09-27 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5478 |
Title: Cisco IOS 15.0 through 15.3 and IOS XE 3.2 through 3.8, when a VRF interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via crafted UDP RSVP packets, aka Bug ID CSCuf17023. |
Type: Hardware |
Bulletins:
CVE-2013-5478 |
Severity: High |
| Description: Cisco IOS 15.0 through 15.3 and IOS XE 3.2 through 3.8, when a VRF interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via crafted UDP RSVP packets, aka Bug ID CSCuf17023. | ||||
| Applies to: |
Created: 2013-09-27 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5475 |
Title: Cisco IOS 12.2 through 12.4 and 15.0 through 15.3, and IOS XE 2.1 through 3.9, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets that are processed locally by a (1) server or (2) relay agent, aka Bug ID... |
Type: Hardware |
Bulletins:
CVE-2013-5475 |
Severity: High |
| Description: Cisco IOS 12.2 through 12.4 and 15.0 through 15.3, and IOS XE 2.1 through 3.9, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets that are processed locally by a (1) server or (2) relay agent, aka Bug ID CSCug31561. | ||||
| Applies to: |
Created: 2013-09-27 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1037 |
Title: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs... |
Type: Mobile Devices |
Bulletins:
CVE-2013-1037 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5126 |
Title: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs... |
Type: Mobile Devices |
Bulletins:
CVE-2013-5126 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5127 |
Title: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs... |
Type: Mobile Devices |
Bulletins:
CVE-2013-5127 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5128 |
Title: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs... |
Type: Mobile Devices |
Bulletins:
CVE-2013-5128 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1038 |
Title: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs... |
Type: Mobile Devices |
Bulletins:
CVE-2013-1038 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1039 |
Title: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs... |
Type: Mobile Devices |
Bulletins:
CVE-2013-1039 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1040 |
Title: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs... |
Type: Mobile Devices |
Bulletins:
CVE-2013-1040 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1041 |
Title: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs... |
Type: Mobile Devices |
Bulletins:
CVE-2013-1041 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1042 |
Title: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs... |
Type: Mobile Devices |
Bulletins:
CVE-2013-1042 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1043 |
Title: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs... |
Type: Mobile Devices |
Bulletins:
CVE-2013-1043 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1044 |
Title: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs... |
Type: Mobile Devices |
Bulletins:
CVE-2013-1044 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1045 |
Title: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs... |
Type: Mobile Devices |
Bulletins:
CVE-2013-1045 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1046 |
Title: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs... |
Type: Mobile Devices |
Bulletins:
CVE-2013-1046 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1047 |
Title: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs... |
Type: Mobile Devices |
Bulletins:
CVE-2013-1047 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5125 |
Title: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs... |
Type: Mobile Devices |
Bulletins:
CVE-2013-5125 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5159 |
Title: WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element. |
Type: Mobile Devices |
Bulletins:
CVE-2013-5159 |
Severity: Medium |
| Description: WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5157 |
Title: The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests to the daemon. |
Type: Mobile Devices |
Bulletins:
CVE-2013-5157 |
Severity: Medium |
| Description: The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests to the daemon. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5156 |
Title: The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct... |
Type: Mobile Devices |
Bulletins:
CVE-2013-5156 |
Severity: Medium |
| Description: The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct requests to the daemon. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5158 |
Title: The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Twitter interaction via unspecified... |
Type: Mobile Devices |
Bulletins:
CVE-2013-5158 |
Severity: Low |
| Description: The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Twitter interaction via unspecified vectors. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5154 |
Title: The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a... |
Type: Mobile Devices |
Bulletins:
CVE-2013-5154 |
Severity: Medium |
| Description: The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a crafted application. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5155 |
Title: The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random. |
Type: Mobile Devices |
Bulletins:
CVE-2013-5155 |
Severity: High |
| Description: The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1121 |
Title: The regex engine in the BGP implementation in Cisco NX-OS, when a complex regular expression is configured for inbound routes, allows remote attackers to cause a denial of service (device reload) via a crafted AS path set, aka Bug ID CSCuf49554. |
Type: Hardware |
Bulletins:
CVE-2013-1121 |
Severity: Medium |
| Description: The regex engine in the BGP implementation in Cisco NX-OS, when a complex regular expression is configured for inbound routes, allows remote attackers to cause a denial of service (device reload) via a crafted AS path set, aka Bug ID CSCuf49554. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5149 |
Title: The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that employs a crafted push-notification... |
Type: Mobile Devices |
Bulletins:
CVE-2013-5149 |
Severity: Medium |
| Description: The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that employs a crafted push-notification registration process. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5141 |
Title: The kernel in Apple iOS before 7 uses an incorrect data size for a certain integer variable, which allows attackers to cause a denial of service (infinite loop and device hang) via a crafted application, related to an "integer... |
Type: Mobile Devices |
Bulletins:
CVE-2013-5141 |
Severity: High |
| Description: The kernel in Apple iOS before 7 uses an incorrect data size for a certain integer variable, which allows attackers to cause a denial of service (infinite loop and device hang) via a crafted application, related to an "integer truncation vulnerability." | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5142 |
Title: The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2) segctl API. |
Type: Mobile Devices |
Bulletins:
CVE-2013-5142 |
Severity: Medium |
| Description: The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2) segctl API. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5140 |
Title: The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment. |
Type: Mobile Devices |
Bulletins:
CVE-2013-5140 |
Severity: High |
| Description: The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2023-05-24 |
||
| ID: CVE-2011-2391 |
Title: The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets. |
Type: Mobile Devices |
Bulletins:
CVE-2011-2391 |
Severity: Medium |
| Description: The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5139 |
Title: The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds array access) via a crafted application. |
Type: Mobile Devices |
Bulletins:
CVE-2013-5139 |
Severity: High |
| Description: The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds array access) via a crafted application. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5150 |
Title: The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation. |
Type: Mobile Devices |
Bulletins:
CVE-2013-5150 |
Severity: Low |
| Description: The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5153 |
Title: Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors. |
Type: Mobile Devices |
Bulletins:
CVE-2013-5153 |
Severity: Low |
| Description: Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1036 |
Title: Safari in Apple iOS before 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. |
Type: Mobile Devices |
Bulletins:
CVE-2013-1036 |
Severity: Medium |
| Description: Safari in Apple iOS before 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5147 |
Title: Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of... |
Type: Mobile Devices |
Bulletins:
CVE-2013-5147 |
Severity: Low |
| Description: Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of a SIM card. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5129 |
Title: Multiple cross-site scripting (XSS) vulnerabilities in WebKit in Apple iOS before 7 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation. |
Type: Mobile Devices |
Bulletins:
CVE-2013-5129 |
Severity: Medium |
| Description: Multiple cross-site scripting (XSS) vulnerabilities in WebKit in Apple iOS before 7 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5151 |
Title: Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file. |
Type: Mobile Devices |
Bulletins:
CVE-2013-5151 |
Severity: Medium |
| Description: Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5152 |
Title: Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site. |
Type: Mobile Devices |
Bulletins:
CVE-2013-5152 |
Severity: Medium |
| Description: Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5145 |
Title: kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message. |
Type: Mobile Devices |
Bulletins:
CVE-2013-5145 |
Severity: Medium |
| Description: kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5137 |
Title: IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API. |
Type: Mobile Devices |
Bulletins:
CVE-2013-5137 |
Severity: Low |
| Description: IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5138 |
Title: IOCatalogue in IOKitUser in Apple iOS before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted application. |
Type: Mobile Devices |
Bulletins:
CVE-2013-5138 |
Severity: Medium |
| Description: IOCatalogue in IOKitUser in Apple iOS before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted application. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-0957 |
Title: Data Protection in Apple iOS before 7 allows attackers to bypass intended limits on incorrect passcode entry, and consequently avoid a configured Erase Data setting, by leveraging the presence of an app in the third-party sandbox. |
Type: Mobile Devices |
Bulletins:
CVE-2013-0957 |
Severity: Medium |
| Description: Data Protection in Apple iOS before 7 allows attackers to bypass intended limits on incorrect passcode entry, and consequently avoid a configured Erase Data setting, by leveraging the presence of an app in the third-party sandbox. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5131 |
Title: Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. |
Type: Mobile Devices |
Bulletins:
CVE-2013-5131 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1028 |
Title: The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive... |
Type: Mobile Devices |
Bulletins:
CVE-2013-1028 |
Severity: Medium |
| Description: The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive information via a crafted certificate. | ||||
| Applies to: |
Created: 2013-09-16 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5496 |
Title: Open Network Environment Platform (ONEP) in Cisco NX-OS allows remote authenticated users to cause a denial of service (network-element reload) via a crafted packet, aka Bug ID CSCui51551. |
Type: Hardware |
Bulletins:
CVE-2013-5496 |
Severity: Medium |
| Description: Open Network Environment Platform (ONEP) in Cisco NX-OS allows remote authenticated users to cause a denial of service (network-element reload) via a crafted packet, aka Bug ID CSCui51551. | ||||
| Applies to: |
Created: 2013-09-16 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1026 |
Title: Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document. |
Type: Mobile Devices |
Bulletins:
CVE-2013-1026 |
Severity: Medium |
| Description: Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document. | ||||
| Applies to: |
Created: 2013-09-16 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1025 |
Title: Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document. |
Type: Mobile Devices |
Bulletins:
CVE-2013-1025 |
Severity: Medium |
| Description: Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document. | ||||
| Applies to: |
Created: 2013-09-16 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5649 |
Title: Multiple cross-site scripting (XSS) vulnerabilities in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.1 before 7.1r15, 7.2 before 7.2r11, 7.3 before 7.3r6, and 7.4 before 7.4r3 allow (1) remote attackers to inject arbitrary... |
Type: Hardware |
Bulletins:
CVE-2013-5649 |
Severity: Medium |
| Description: Multiple cross-site scripting (XSS) vulnerabilities in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.1 before 7.1r15, 7.2 before 7.2r11, 7.3 before 7.3r6, and 7.4 before 7.4r3 allow (1) remote attackers to inject arbitrary web script or HTML via vectors involving login pages, and allow (2) remote authenticated users to inject arbitrary web script or HTML via vectors involving a support page. | ||||
| Applies to: |
Created: 2013-09-13 |
Updated: 2023-05-24 |
||
| ID: MITRE:16762 |
Title: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:16762 CVE-2013-0999 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17187 |
Title: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:17187 CVE-2013-1002 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17252 |
Title: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:17252 CVE-2013-1003 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17298 |
Title: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:17298 CVE-2013-0996 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17300 |
Title: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:17300 CVE-2013-0998 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17009 |
Title: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:17009 CVE-2013-0993 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17561 |
Title: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:17561 CVE-2013-0995 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17572 |
Title: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:17572 CVE-2013-1001 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17601 |
Title: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:17601 CVE-2013-1005 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17604 |
Title: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:17604 CVE-2013-1004 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17621 |
Title: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:17621 CVE-2013-0992 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17123 |
Title: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:17123 CVE-2013-1010 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17143 |
Title: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:17143 CVE-2013-1006 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17407 |
Title: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:17407 CVE-2013-1011 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:16907 |
Title: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:16907 CVE-2013-0991 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17359 |
Title: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:17359 CVE-2013-1008 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17396 |
Title: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:17396 CVE-2013-1000 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17400 |
Title: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:17400 CVE-2013-0994 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17441 |
Title: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:17441 CVE-2013-1007 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17466 |
Title: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:17466 CVE-2013-0997 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:16768 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:16768 CVE-2012-3632 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:16780 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:16780 CVE-2012-3660 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17184 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:17184 CVE-2012-3617 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17199 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:17199 CVE-2012-3616 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17224 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:17224 CVE-2012-3613 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17237 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:17237 CVE-2012-3673 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17246 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:17246 CVE-2012-3648 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17264 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:17264 CVE-2012-3652 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17269 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:17269 CVE-2012-3607 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17272 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:17272 CVE-2012-3649 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17288 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:17288 CVE-2012-3699 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:16986 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:16986 CVE-2012-3700 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17559 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:17559 CVE-2012-3710 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17562 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:17562 CVE-2012-3659 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17575 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:17575 CVE-2012-3672 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17582 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:17582 CVE-2012-3704 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:16532 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:16532 CVE-2012-3602 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:16588 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:16588 CVE-2012-3624 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:16983 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:16983 CVE-2012-3614 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17507 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:17507 CVE-2012-3623 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17516 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:17516 CVE-2012-3647 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17518 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:17518 CVE-2012-3706 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17523 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:17523 CVE-2012-3621 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17524 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:17524 CVE-2012-3685 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17530 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:17530 CVE-2012-3643 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17539 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:17539 CVE-2012-3712 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17544 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:17544 CVE-2012-3654 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17546 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:17546 CVE-2012-3705 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17548 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:17548 CVE-2012-3687 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:16626 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:16626 CVE-2012-3671 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:16638 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:16638 CVE-2012-3711 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17064 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:17064 CVE-2012-3707 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17081 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:17081 CVE-2012-3598 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17144 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:17144 CVE-2012-3675 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17163 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:17163 CVE-2012-3651 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:16874 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:16874 CVE-2012-3606 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:16891 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:16891 CVE-2012-3657 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17336 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:17336 CVE-2012-3601 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17342 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:17342 CVE-2012-3677 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17352 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:17352 CVE-2012-3676 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17357 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:17357 CVE-2012-3622 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17377 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:17377 CVE-2012-3708 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17384 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:17384 CVE-2012-3688 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17393 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:17393 CVE-2012-3684 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17433 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:17433 CVE-2012-3702 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17437 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:17437 CVE-2012-3612 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17445 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:17445 CVE-2012-3701 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17463 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:17463 CVE-2012-3692 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17467 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:17467 CVE-2012-3658 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17478 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:17478 CVE-2012-3703 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17481 |
Title: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Software |
Bulletins:
MITRE:17481 CVE-2012-3709 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17263 |
Title: WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:17263 CVE-2012-0639 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17068 |
Title: WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:17068 CVE-2012-0636 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17138 |
Title: WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:17138 CVE-2012-0638 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17365 |
Title: WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:17365 CVE-2012-0634 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17368 |
Title: WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:17368 CVE-2011-2866 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17469 |
Title: WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:17469 CVE-2012-0637 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17475 |
Title: WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:17475 CVE-2012-0648 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17212 |
Title: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:17212 CVE-2011-3238 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17203 |
Title: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:17203 CVE-2011-3233 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17207 |
Title: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:17207 CVE-2011-3237 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17208 |
Title: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:17208 CVE-2011-2817 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17211 |
Title: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:17211 CVE-2011-2820 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17317 |
Title: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:17317 CVE-2011-2831 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17020 |
Title: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:17020 CVE-2011-2339 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17051 |
Title: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:17051 CVE-2011-2811 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17483 |
Title: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:17483 CVE-2011-3239 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:16714 |
Title: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:16714 CVE-2011-3236 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:16724 |
Title: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:16724 CVE-2011-2809 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17076 |
Title: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:17076 CVE-2011-2816 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17084 |
Title: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:17084 CVE-2011-2341 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17133 |
Title: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:17133 CVE-2011-2352 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17170 |
Title: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:17170 CVE-2011-3235 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:16865 |
Title: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:16865 CVE-2011-2354 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17340 |
Title: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:17340 CVE-2011-2356 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17355 |
Title: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:17355 CVE-2011-3244 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17362 |
Title: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:17362 CVE-2011-2338 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17370 |
Title: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:17370 CVE-2011-2815 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17383 |
Title: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:17383 CVE-2011-2814 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17401 |
Title: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:17401 CVE-2011-3241 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17444 |
Title: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Software |
Bulletins:
MITRE:17444 CVE-2011-2813 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17241 |
Title: WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly parse HTML elements associated with document namespaces, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory... |
Type: Software |
Bulletins:
MITRE:17241 CVE-2011-0149 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly parse HTML elements associated with document namespaces, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to a "dangling pointer" and iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17072 |
Title: WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly access glyph data during layout actions for floating blocks associated with pseudo-elements, which allows man-in-the-middle attackers to execute arbitrary code or... |
Type: Software |
Bulletins:
MITRE:17072 CVE-2011-0133 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly access glyph data during layout actions for floating blocks associated with pseudo-elements, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:16788 |
Title: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... |
Type: Software |
Bulletins:
MITRE:16788 CVE-2011-0126 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17218 |
Title: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... |
Type: Software |
Bulletins:
MITRE:17218 CVE-2011-0153 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17222 |
Title: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... |
Type: Software |
Bulletins:
MITRE:17222 CVE-2011-0136 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:16730 |
Title: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... |
Type: Software |
Bulletins:
MITRE:16730 CVE-2011-0141 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17191 |
Title: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... |
Type: Software |
Bulletins:
MITRE:17191 CVE-2011-0156 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17247 |
Title: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... |
Type: Software |
Bulletins:
MITRE:17247 CVE-2011-0127 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17250 |
Title: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... |
Type: Software |
Bulletins:
MITRE:17250 CVE-2011-0117 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17254 |
Title: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... |
Type: Software |
Bulletins:
MITRE:17254 CVE-2011-0119 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17280 |
Title: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... |
Type: Software |
Bulletins:
MITRE:17280 CVE-2011-0124 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17299 |
Title: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... |
Type: Software |
Bulletins:
MITRE:17299 CVE-2011-0155 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17312 |
Title: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... |
Type: Software |
Bulletins:
MITRE:17312 CVE-2011-0144 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:16568 |
Title: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... |
Type: Software |
Bulletins:
MITRE:16568 CVE-2011-0130 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:16959 |
Title: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... |
Type: Software |
Bulletins:
MITRE:16959 CVE-2011-0112 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17018 |
Title: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... |
Type: Software |
Bulletins:
MITRE:17018 CVE-2011-0123 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17104 |
Title: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... |
Type: Software |
Bulletins:
MITRE:17104 CVE-2011-0142 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17127 |
Title: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... |
Type: Software |
Bulletins:
MITRE:17127 CVE-2011-0145 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17059 |
Title: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... |
Type: Software |
Bulletins:
MITRE:17059 CVE-2011-0134 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17070 |
Title: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... |
Type: Software |
Bulletins:
MITRE:17070 CVE-2011-0113 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17092 |
Title: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... |
Type: Software |
Bulletins:
MITRE:17092 CVE-2011-0125 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17094 |
Title: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... |
Type: Software |
Bulletins:
MITRE:17094 CVE-2011-0131 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17161 |
Title: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... |
Type: Software |
Bulletins:
MITRE:17161 CVE-2011-0129 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17167 |
Title: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... |
Type: Software |
Bulletins:
MITRE:17167 CVE-2011-0135 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17172 |
Title: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... |
Type: Software |
Bulletins:
MITRE:17172 CVE-2011-0111 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17413 |
Title: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... |
Type: Software |
Bulletins:
MITRE:17413 CVE-2011-0143 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:16457 |
Title: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... |
Type: Software |
Bulletins:
MITRE:16457 CVE-2011-0137 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:16488 |
Title: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... |
Type: Software |
Bulletins:
MITRE:16488 CVE-2011-0147 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:16843 |
Title: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... |
Type: Software |
Bulletins:
MITRE:16843 CVE-2011-0146 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:16871 |
Title: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... |
Type: Software |
Bulletins:
MITRE:16871 CVE-2011-0165 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:16903 |
Title: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... |
Type: Software |
Bulletins:
MITRE:16903 CVE-2011-0114 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:16916 |
Title: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... |
Type: Software |
Bulletins:
MITRE:16916 CVE-2011-0148 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:16938 |
Title: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... |
Type: Software |
Bulletins:
MITRE:16938 CVE-2011-0168 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17327 |
Title: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... |
Type: Software |
Bulletins:
MITRE:17327 CVE-2011-0118 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17339 |
Title: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... |
Type: Software |
Bulletins:
MITRE:17339 CVE-2011-0150 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17372 |
Title: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... |
Type: Software |
Bulletins:
MITRE:17372 CVE-2011-0122 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17373 |
Title: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... |
Type: Software |
Bulletins:
MITRE:17373 CVE-2011-0120 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17374 |
Title: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... |
Type: Software |
Bulletins:
MITRE:17374 CVE-2011-0121 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17378 |
Title: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... |
Type: Software |
Bulletins:
MITRE:17378 CVE-2011-0140 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17394 |
Title: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... |
Type: Software |
Bulletins:
MITRE:17394 CVE-2011-0128 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17397 |
Title: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... |
Type: Software |
Bulletins:
MITRE:17397 CVE-2011-0151 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17446 |
Title: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... |
Type: Software |
Bulletins:
MITRE:17446 CVE-2011-0139 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17452 |
Title: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... |
Type: Software |
Bulletins:
MITRE:17452 CVE-2011-0138 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17482 |
Title: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a... |
Type: Software |
Bulletins:
MITRE:17482 CVE-2011-0164 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17308 |
Title: WebKit, as used in Apple iTunes before 10.2 on Windows and Apple iOS, does not properly implement the .sort function for JavaScript arrays, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service... |
Type: Software |
Bulletins:
MITRE:17308 CVE-2011-0154 |
Severity: Medium |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows and Apple iOS, does not properly implement the .sort function for JavaScript arrays, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:16756 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:16756 CVE-2012-0614 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:16795 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:16795 CVE-2011-2869 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:16826 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:16826 CVE-2012-0631 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17185 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:17185 CVE-2012-0615 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17204 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:17204 CVE-2012-0599 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17271 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:17271 CVE-2012-0620 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17276 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:17276 CVE-2011-2833 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17282 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:17282 CVE-2012-0622 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17287 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:17287 CVE-2012-0602 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17297 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:17297 CVE-2011-2871 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17302 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:17302 CVE-2012-0619 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17319 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:17319 CVE-2012-0624 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:16994 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:16994 CVE-2011-2867 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:16941 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:16941 CVE-2012-0594 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:16974 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:16974 CVE-2012-0596 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:16980 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:16980 CVE-2012-0633 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17048 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:17048 CVE-2012-0617 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17486 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:17486 CVE-2012-0604 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17488 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:17488 CVE-2012-0592 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:16678 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:16678 CVE-2012-0632 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:16726 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:16726 CVE-2012-0608 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17057 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:17057 CVE-2012-0595 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17060 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:17060 CVE-2012-0605 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17082 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:17082 CVE-2012-0630 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17128 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:17128 CVE-2012-0618 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17152 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:17152 CVE-2012-0610 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17156 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:17156 CVE-2012-0612 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17158 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:17158 CVE-2012-0591 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17168 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:17168 CVE-2012-0606 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17169 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:17169 CVE-2012-0635 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17174 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:17174 CVE-2012-0607 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17419 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:17419 CVE-2012-0629 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17427 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:17427 CVE-2012-0593 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17429 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:17429 CVE-2012-0627 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17431 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:17431 CVE-2012-0623 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:16862 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:16862 CVE-2012-0626 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:16879 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:16879 CVE-2012-0597 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17326 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:17326 CVE-2011-2873 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17331 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:17331 CVE-2012-0616 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17334 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:17334 CVE-2011-2870 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17364 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:17364 CVE-2012-0625 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17366 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:17366 CVE-2012-0611 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17375 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:17375 CVE-2012-0598 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17387 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:17387 CVE-2012-0603 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17432 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:17432 CVE-2012-0621 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17434 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:17434 CVE-2012-0609 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17435 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:17435 CVE-2011-2868 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17438 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:17438 CVE-2011-2872 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17458 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:17458 CVE-2012-0628 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17464 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:17464 CVE-2012-0601 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17471 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:17471 CVE-2012-0600 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17473 |
Title: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Software |
Bulletins:
MITRE:17473 CVE-2012-0613 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17220 |
Title: Use-after-free vulnerability in the setOuterText method in the htmlelement library in WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service... |
Type: Software |
Bulletins:
MITRE:17220 CVE-2011-0116 |
Severity: High |
| Description: Use-after-free vulnerability in the setOuterText method in the htmlelement library in WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to DOM manipulations during iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17099 |
Title: Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an itms: URL with a long URL component after a colon |
Type: Software |
Bulletins:
MITRE:17099 CVE-2009-0950 |
Severity: High |
| Description: Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an itms: URL with a long URL component after a colon. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17367 |
Title: Heap-based buffer overflow in ImageIO in CoreGraphics in Apple iTunes before 10.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted International Color Consortium... |
Type: Software |
Bulletins:
MITRE:17367 CVE-2011-0170 |
Severity: High |
| Description: Heap-based buffer overflow in ImageIO in CoreGraphics in Apple iTunes before 10.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted International Color Consortium (ICC) profile in a JPEG image. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17303 |
Title: Heap-based buffer overflow in Apple iTunes before 7.4 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted album cover art in the covr atom of an MP4/AAC file |
Type: Software |
Bulletins:
MITRE:17303 CVE-2007-3752 |
Severity: High |
| Description: Heap-based buffer overflow in Apple iTunes before 7.4 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted album cover art in the covr atom of an MP4/AAC file. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17016 |
Title: Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist |
Type: Software |
Bulletins:
MITRE:17016 CVE-2012-0677 |
Severity: High |
| Description: Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:16919 |
Title: CoreFoundation, as used in Apple iTunes before 10.5, does not properly perform string tokenization, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash)... |
Type: Software |
Bulletins:
MITRE:16919 CVE-2011-0259 |
Severity: High |
| Description: CoreFoundation, as used in Apple iTunes before 10.5, does not properly perform string tokenization, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17228 |
Title: Buffer overflow in CoreMedia, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding |
Type: Software |
Bulletins:
MITRE:17228 CVE-2011-3219 |
Severity: High |
| Description: Buffer overflow in CoreMedia, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:16784 |
Title: Buffer overflow in CoreAudio, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Advanced Audio Coding (AAC) stream |
Type: Software |
Bulletins:
MITRE:16784 CVE-2011-3252 |
Severity: High |
| Description: Buffer overflow in CoreAudio, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Advanced Audio Coding (AAC) stream. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17304 |
Title: Buffer overflow in Apple iTunes before 4.8 allows remote attackers to execute arbitrary code via a crafted MPEG4 file |
Type: Software |
Bulletins:
MITRE:17304 CVE-2005-1248 |
Severity: High |
| Description: Buffer overflow in Apple iTunes before 4.8 allows remote attackers to execute arbitrary code via a crafted MPEG4 file. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17605 |
Title: Apple iTunes before 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate |
Type: Software |
Bulletins:
MITRE:17605 CVE-2013-1014 |
Severity: Medium |
| Description: Apple iTunes before 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:17136 |
Title: Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning |
Type: Software |
Bulletins:
MITRE:17136 CVE-2008-3434 |
Severity: High |
| Description: Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: MITRE:16978 |
Title: Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a... |
Type: Software |
Bulletins:
MITRE:16978 CVE-2007-1008 |
Severity: Low |
| Description: Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requires an attacker to perform DNS spoofing or man-in-the-middle attacks for exploitation. | ||||
| Applies to: Apple iTunes |
Created: 2013-09-09 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-3458 |
Title: Cisco Adaptive Security Appliances (ASA) devices, when SMP is used, do not properly process X.509 certificates, which allows remote attackers to cause a denial of service (device crash) via a large volume of (1) SSL or (2) TLS traffic, aka Bug ID... |
Type: Hardware |
Bulletins:
CVE-2013-3458 |
Severity: High |
| Description: Cisco Adaptive Security Appliances (ASA) devices, when SMP is used, do not properly process X.509 certificates, which allows remote attackers to cause a denial of service (device crash) via a large volume of (1) SSL or (2) TLS traffic, aka Bug ID CSCuh19462. | ||||
| Applies to: |
Created: 2013-09-07 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-3474 |
Title: The Web Administrator Interface on Cisco Wireless LAN Controller (WLC) devices allows remote authenticated users to cause a denial of service (device crash) by leveraging membership in the Full Manager managers group, Read Only managers group, or... |
Type: Hardware |
Bulletins:
CVE-2013-3474 SFBID62084 |
Severity: Medium |
| Description: The Web Administrator Interface on Cisco Wireless LAN Controller (WLC) devices allows remote authenticated users to cause a denial of service (device crash) by leveraging membership in the Full Manager managers group, Read Only managers group, or Lobby Ambassador managers group, and sending a request that (1) lacks a parameter value or (2) contains a malformed parameter value, aka Bug IDs CSCuh14313, CSCuh14159, CSCuh14368, and CSCuh14436. | ||||
| Applies to: |
Created: 2013-08-30 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-5469 |
Title: The TCP implementation in Cisco IOS does not properly implement the transitions from the ESTABLISHED state to the CLOSED state, which allows remote attackers to cause a denial of service (flood of ACK packets) via a crafted series of ACK and FIN... |
Type: Hardware |
Bulletins:
CVE-2013-5469 SFBID62083 |
Severity: High |
| Description: The TCP implementation in Cisco IOS does not properly implement the transitions from the ESTABLISHED state to the CLOSED state, which allows remote attackers to cause a denial of service (flood of ACK packets) via a crafted series of ACK and FIN packets, aka Bug ID CSCtz14399. | ||||
| Applies to: |
Created: 2013-08-30 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-3470 |
Title: The RIP process in Cisco IOS XR allows remote attackers to cause a denial of service (process crash) via a crafted version-2 RIP packet, aka Bug ID CSCue46731. |
Type: Hardware |
Bulletins:
CVE-2013-3470 SFBID62066 |
Severity: Medium |
| Description: The RIP process in Cisco IOS XR allows remote attackers to cause a denial of service (process crash) via a crafted version-2 RIP packet, aka Bug ID CSCue46731. | ||||
| Applies to: |
Created: 2013-08-29 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-3463 |
Title: The protocol-inspection feature on Cisco Adaptive Security Appliances (ASA) devices does not properly implement the idle timeout, which allows remote attackers to cause a denial of service (connection-table exhaustion) via crafted requests that use... |
Type: Hardware |
Bulletins:
CVE-2013-3463 SFBID62068 |
Severity: Medium |
| Description: The protocol-inspection feature on Cisco Adaptive Security Appliances (ASA) devices does not properly implement the idle timeout, which allows remote attackers to cause a denial of service (connection-table exhaustion) via crafted requests that use an inspected protocol, aka Bug ID CSCuh13899. | ||||
| Applies to: |
Created: 2013-08-29 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-3472 |
Title: Cross-site request forgery (CSRF) vulnerability in the Enterprise License Manager (ELM) in Cisco Unified Communications Manager (CM) allows remote attackers to hijack the authentication of arbitrary users for requests that make ELM modifications,... |
Type: Hardware |
Bulletins:
CVE-2013-3472 |
Severity: Medium |
| Description: Cross-site request forgery (CSRF) vulnerability in the Enterprise License Manager (ELM) in Cisco Unified Communications Manager (CM) allows remote attackers to hijack the authentication of arbitrary users for requests that make ELM modifications, aka Bug ID CSCui58210. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-08-29 |
Updated: 2023-05-24 |
||
| ID: MITRE:17341 |
Title: TrueType Font Parsing Vulnerability |
Type: Software |
Bulletins:
MITRE:17341 CVE-2013-3129 |
Severity: High |
| Description: Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight 5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and GDI+, DirectWrite, and Journal, in Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT; GDI+ in Office 2003 SP3, 2007 SP3, and 2010 SP1; GDI+ in Visual Studio .NET 2003 SP1; and GDI+ in Lync 2010, 2010 Attendee, 2013, and Basic 2013 allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability." | ||||
| Applies to: Microsoft .NET Framework 3.0 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.0 Microsoft .NET Framework 4.5 Microsoft Office 2003 Microsoft Office 2007 Microsoft Office 2010 Microsoft Silverlight 5 |
Created: 2013-08-26 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-3460 |
Title: Memory leak in Cisco Unified Communications Manager (Unified CM) 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(1) allows remote attackers to cause a denial of service (service disruption) via a high rate of UDP packets, aka... |
Type: Hardware |
Bulletins:
CVE-2013-3460 |
Severity: High |
| Description: Memory leak in Cisco Unified Communications Manager (Unified CM) 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(1) allows remote attackers to cause a denial of service (service disruption) via a high rate of UDP packets, aka Bug ID CSCub85597. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-08-24 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-3461 |
Title: Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption,... |
Type: Hardware |
Bulletins:
CVE-2013-3461 |
Severity: High |
| Description: Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption, and service disruption) via a flood of UDP packets to port 5060, aka Bug ID CSCub35869. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-08-24 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-3459 |
Title: Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6a does not properly handle errors, which allows remote attackers to cause a denial of service (service disruption) via malformed registration messages, aka Bug ID CSCuf93466. |
Type: Hardware |
Bulletins:
CVE-2013-3459 |
Severity: High |
| Description: Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6a does not properly handle errors, which allows remote attackers to cause a denial of service (service disruption) via malformed registration messages, aka Bug ID CSCuf93466. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-08-24 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-3462 |
Title: Buffer overflow in Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6, 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(2) allows remote authenticated users to execute arbitrary code via unspecified... |
Type: Hardware |
Bulletins:
CVE-2013-3462 |
Severity: High |
| Description: Buffer overflow in Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6, 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(2) allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Bug ID CSCud54358. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-08-24 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-3453 |
Title: Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (memory and CPU consumption) by making many TCP... |
Type: Hardware |
Bulletins:
CVE-2013-3453 |
Severity: High |
| Description: Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (memory and CPU consumption) by making many TCP connections to port (1) 5060 or (2) 5061, aka Bug ID CSCud84959. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-08-22 |
Updated: 2023-05-24 |
||
| ID: MITRE:16998 |
Title: WMV Video Decoder remote code execution vulnerability - MS13-057 |
Type: Miscellaneous |
Bulletins:
MITRE:16998 CVE-2013-3127 |
Severity: High |
| Description: The Microsoft WMV video codec in wmv9vcm.dll, wmvdmod.dll in Windows Media Format Runtime 9 and 9.5, and wmvdecod.dll in Windows Media Format Runtime 11 and Windows Media Player 11 and 12 allows remote attackers to execute arbitrary code via a crafted media file, aka "WMV Video Decoder Remote Code Execution Vulnerability." | ||||
| Applies to: Windows Media Format Runtime 11 Windows Media Format Runtime 9.0 Windows Media Format Runtime 9.5 Windows Media Player 12 |
Created: 2013-08-19 |
Updated: 2023-05-24 |
||
| ID: MITRE:17253 |
Title: Microsoft Windows Defender Improper Pathname Vulnerability - MS13-058 |
Type: Software |
Bulletins:
MITRE:17253 CVE-2013-3154 |
Severity: Medium |
| Description: The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory, aka "Microsoft Windows 7 Defender Improper Pathname Vulnerability." | ||||
| Applies to: |
Created: 2013-08-19 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-3464 |
Title: Cisco IOS XR allows local users to cause a denial of service (Silicon Packet Processor memory corruption, improper mutex handling, and device reload) by starting an outbound flood of large ICMP Echo Request packets and stopping this with a CTRL-C... |
Type: Hardware |
Bulletins:
CVE-2013-3464 |
Severity: Medium |
| Description: Cisco IOS XR allows local users to cause a denial of service (Silicon Packet Processor memory corruption, improper mutex handling, and device reload) by starting an outbound flood of large ICMP Echo Request packets and stopping this with a CTRL-C sequence, aka Bug ID CSCui60347. | ||||
| Applies to: |
Created: 2013-08-13 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-4806 |
Title: The OSPF implementation on HP JD9##A routers; HP J4###A, J484#B, J8###A, JD3##A, JE###A, and JF55#A switches; HP 3COM routers and switches; and HP H3C routers and switches does not consider the possibility of duplicate Link State ID values in Link... |
Type: Hardware |
Bulletins:
CVE-2013-4806 |
Severity: High |
| Description: The OSPF implementation on HP JD9##A routers; HP J4###A, J484#B, J8###A, JD3##A, JE###A, and JF55#A switches; HP 3COM routers and switches; and HP H3C routers and switches does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote authenticated users to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149. | ||||
| Applies to: ... 3Com Router 3012 3Com Router 3013 3Com Router 5012 3Com Router 5232 3Com Router 5642 3Com Router 5682 3Com Switch 5500-SI 24-Port 3Com Switch 5500G-48P-SI 3Com Switch 5500G-EI 24-Port 3Com Switch 5500G-EI 48-Port hh3c-s5600-26C |
Created: 2013-08-12 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-3454 |
Title: Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices, has a default password for the pwrecovery account, which makes it easier for remote attackers to modify the... |
Type: Hardware |
Bulletins:
CVE-2013-3454 |
Severity: High |
| Description: Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices, has a default password for the pwrecovery account, which makes it easier for remote attackers to modify the configuration or perform arbitrary actions via HTTPS requests, aka Bug ID CSCui43128. | ||||
| Applies to: Cisco TX 9000 Cisco TX 9200 Cisco TelePresence System 1300 Cisco TelePresence System 3000 Cisco TelePresence System 3010 Cisco TelePresence System 3200 Cisco TelePresence System 3210 |
Created: 2013-08-08 |
Updated: 2023-05-24 |
||
| ID: MITRE:17256 |
Title: Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect integrity... |
Type: Software |
Bulletins:
MITRE:17256 CVE-2013-2457 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect implementation of "certain class checks" that allows remote attackers to bypass intended class restrictions. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-08-05 |
Updated: 2023-05-24 |
||
| ID: MITRE:16770 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect... |
Type: Software |
Bulletins:
MITRE:16770 CVE-2013-2447 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to obtain a socket's local address via vectors involving inconsistencies between Socket.getLocalAddress and InetAddress.getLocalHost. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-08-05 |
Updated: 2023-05-24 |
||
| ID: MITRE:17214 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect... |
Type: Software |
Bulletins:
MITRE:17214 CVE-2013-2455 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and CVE-2013-2452. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect access checks by the (1) getEnclosingClass, (2) getEnclosingMethod, and (3) getEnclosingConstructor methods. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-08-05 |
Updated: 2023-05-24 |
||
| ID: MITRE:16389 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect... |
Type: Software |
Bulletins:
MITRE:16389 CVE-2013-2464 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2463, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, and CVE-2013-2473. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-08-05 |
Updated: 2023-05-24 |
||
| ID: MITRE:16806 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect... |
Type: Software |
Bulletins:
MITRE:16806 CVE-2013-2470 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "ImagingLib byte lookup processing." | ||||
| Applies to: Java Runtime Environment |
Created: 2013-08-05 |
Updated: 2023-05-24 |
||
| ID: MITRE:17181 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect... |
Type: Software |
Bulletins:
MITRE:17181 CVE-2013-2459 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "integer overflow checks." | ||||
| Applies to: Java Runtime Environment |
Created: 2013-08-05 |
Updated: 2023-05-24 |
||
| ID: MITRE:17189 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect... |
Type: Software |
Bulletins:
MITRE:17189 CVE-2013-2473 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ByteBandedRaster size checks" in 2D. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-08-05 |
Updated: 2023-05-24 |
||
| ID: MITRE:17230 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect... |
Type: Software |
Bulletins:
MITRE:17230 CVE-2013-2443 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2452 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect "checking order" within the AccessControlContext class. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-08-05 |
Updated: 2023-05-24 |
||
| ID: MITRE:17236 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect... |
Type: Software |
Bulletins:
MITRE:17236 CVE-2013-2454 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via vectors related to JDBC. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly restrict access to certain class packages in the SerialJavaObject class, which allows remote attackers to bypass the Java sandbox. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-08-05 |
Updated: 2023-05-24 |
||
| ID: MITRE:17294 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect... |
Type: Software |
Bulletins:
MITRE:17294 CVE-2013-2456 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper access checks for subclasses in the ObjectOutputStream class. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-08-05 |
Updated: 2023-05-24 |
||
| ID: MITRE:16580 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect... |
Type: Software |
Bulletins:
MITRE:16580 CVE-2013-2452 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "network address handling in virtual machine identifiers" and the lack of "unique and unpredictable IDs" in the java.rmi.dgc.VMID class. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-08-05 |
Updated: 2023-05-24 |
||
| ID: MITRE:17042 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect... |
Type: Software |
Bulletins:
MITRE:17042 CVE-2013-2469 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image layout verification" in 2D. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-08-05 |
Updated: 2023-05-24 |
||
| ID: MITRE:16311 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect... |
Type: Software |
Bulletins:
MITRE:16311 CVE-2013-2446 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via vectors related to CORBA. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly enforce access restrictions for CORBA output streams. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-08-05 |
Updated: 2023-05-24 |
||
| ID: MITRE:17106 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect... |
Type: Software |
Bulletins:
MITRE:17106 CVE-2013-2465 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-08-05 |
Updated: 2023-05-24 |
||
| ID: MITRE:16712 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect... |
Type: Software |
Bulletins:
MITRE:16712 CVE-2013-2472 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ShortBandedRaster size checks" in 2D. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-08-05 |
Updated: 2023-05-24 |
||
| ID: MITRE:17052 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect... |
Type: Software |
Bulletins:
MITRE:17052 CVE-2013-2448 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to insufficient "access restrictions" and "robustness of sound classes." | ||||
| Applies to: Java Runtime Environment |
Created: 2013-08-05 |
Updated: 2023-05-24 |
||
| ID: MITRE:17090 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect... |
Type: Software |
Bulletins:
MITRE:17090 CVE-2013-2445 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vectors related to Hotspot. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "handling of memory allocation errors." | ||||
| Applies to: Java Runtime Environment |
Created: 2013-08-05 |
Updated: 2023-05-24 |
||
| ID: MITRE:17149 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect... |
Type: Software |
Bulletins:
MITRE:17149 CVE-2013-2463 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image attribute verification" in 2D. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-08-05 |
Updated: 2023-05-24 |
||
| ID: MITRE:17176 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect... |
Type: Software |
Bulletins:
MITRE:17176 CVE-2013-2450 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper handling of circular references in ObjectStreamClass. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-08-05 |
Updated: 2023-05-24 |
||
| ID: MITRE:16840 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect... |
Type: Software |
Bulletins:
MITRE:16840 CVE-2013-2471 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect IntegerComponentRaster size checks." | ||||
| Applies to: Java Runtime Environment |
Created: 2013-08-05 |
Updated: 2023-05-24 |
||
| ID: MITRE:17221 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows local users to affect... |
Type: Software |
Bulletins:
MITRE:17221 CVE-2013-1500 |
Severity: Low |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality and integrity via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to weak permissions for shared memory. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-08-05 |
Updated: 2023-05-24 |
||
| ID: MITRE:16545 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect integrity via vectors related to... |
Type: Software |
Bulletins:
MITRE:16545 CVE-2013-2453 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to a missing check for "package access" by the MBeanServer Introspector. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-08-05 |
Updated: 2023-05-24 |
||
| ID: MITRE:16803 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and... |
Type: Software |
Bulletins:
MITRE:16803 CVE-2013-2442 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2466 and CVE-2013-2468. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-08-05 |
Updated: 2023-05-24 |
||
| ID: MITRE:17206 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and... |
Type: Software |
Bulletins:
MITRE:17206 CVE-2013-2468 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2442 and CVE-2013-2466. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-08-05 |
Updated: 2023-05-24 |
||
| ID: MITRE:16982 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and... |
Type: Software |
Bulletins:
MITRE:16982 CVE-2013-2466 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2442 and CVE-2013-2468. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-08-05 |
Updated: 2023-05-24 |
||
| ID: MITRE:16887 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and... |
Type: Software |
Bulletins:
MITRE:16887 CVE-2013-2461 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June and July 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass verification of XML signatures via vectors related to a "Missing check for [a] valid DOMCanonicalizationMethod canonicalization algorithm." | ||||
| Applies to: Java Runtime Environment |
Created: 2013-08-05 |
Updated: 2023-05-24 |
||
| ID: MITRE:16617 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality via unknown vectors... |
Type: Software |
Bulletins:
MITRE:16617 CVE-2013-2437 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Deployment. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-08-05 |
Updated: 2023-05-24 |
||
| ID: MITRE:17098 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality via unknown vectors... |
Type: Software |
Bulletins:
MITRE:17098 CVE-2013-2412 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serviceability. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient indication of an SSL connection failure by JConsole, related to RMI connection dialog box. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-08-05 |
Updated: 2023-05-24 |
||
| ID: MITRE:17195 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality and availability... |
Type: Software |
Bulletins:
MITRE:17195 CVE-2013-2407 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "XML security and the class loader." | ||||
| Applies to: Java Runtime Environment |
Created: 2013-08-05 |
Updated: 2023-05-24 |
||
| ID: MITRE:17265 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows local users to affect confidentiality, integrity, and... |
Type: Software |
Bulletins:
MITRE:17265 CVE-2013-2451 |
Severity: Low |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper enforcement of exclusive port binds when running on Windows, which allows attackers to bind to ports that are already in use. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-08-05 |
Updated: 2023-05-24 |
||
| ID: MITRE:17180 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment. |
Type: Software |
Bulletins:
MITRE:17180 CVE-2013-3744 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2400. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-08-05 |
Updated: 2023-05-24 |
||
| ID: MITRE:16899 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment. |
Type: Software |
Bulletins:
MITRE:16899 CVE-2013-2400 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-3744. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-08-05 |
Updated: 2023-05-24 |
||
| ID: MITRE:17257 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown... |
Type: Software |
Bulletins:
MITRE:17257 CVE-2013-2462 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-08-05 |
Updated: 2023-05-24 |
||
| ID: MITRE:17116 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown... |
Type: Software |
Bulletins:
MITRE:17116 CVE-2013-2460 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "insufficient access checks" in the tracing component. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-08-05 |
Updated: 2023-05-24 |
||
| ID: MITRE:17192 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries. |
Type: Software |
Bulletins:
MITRE:17192 CVE-2013-2449 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to GnomeFileTypeDetector and a missing check for read permissions for a path. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-08-05 |
Updated: 2023-05-24 |
||
| ID: MITRE:17069 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to... |
Type: Software |
Bulletins:
MITRE:17069 CVE-2013-2458 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via "an error related to method handles." | ||||
| Applies to: Java Runtime Environment |
Created: 2013-08-05 |
Updated: 2023-05-24 |
||
| ID: MITRE:17202 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 45 and earlier and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and... |
Type: Software |
Bulletins:
MITRE:17202 CVE-2013-3743 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 45 and earlier and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-08-05 |
Updated: 2023-05-24 |
||
| ID: MITRE:17014 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 5.0 Update 45 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors... |
Type: Software |
Bulletins:
MITRE:17014 CVE-2013-2467 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 5.0 Update 45 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Java installer. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-08-05 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-3442 |
Title: The web portal in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854. |
Type: Hardware |
Bulletins:
CVE-2013-3442 |
Severity: Medium |
| Description: The web portal in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-08-05 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-3451 |
Title: Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Unified Communications Manager (Unified CM) allow remote attackers to hijack the authentication of arbitrary users for requests that perform arbitrary Unified CM operations, aka Bug... |
Type: Hardware |
Bulletins:
CVE-2013-3451 |
Severity: Medium |
| Description: Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Unified Communications Manager (Unified CM) allow remote attackers to hijack the authentication of arbitrary users for requests that perform arbitrary Unified CM operations, aka Bug ID CSCui13033. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-08-05 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-3450 |
Title: Cross-site request forgery (CSRF) vulnerability in the User WebDialer page in Cisco Unified Communications Manager (Unified CM) allows remote attackers to hijack the authentication of arbitrary users for requests that dial calls, aka Bug ID CSCui13028. |
Type: Hardware |
Bulletins:
CVE-2013-3450 |
Severity: Medium |
| Description: Cross-site request forgery (CSRF) vulnerability in the User WebDialer page in Cisco Unified Communications Manager (Unified CM) allows remote attackers to hijack the authentication of arbitrary users for requests that dial calls, aka Bug ID CSCui13028. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-08-05 |
Updated: 2023-05-24 |
||
| ID: CVE-2012-5460 |
Title: Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText... |
Type: Hardware |
Bulletins:
CVE-2012-5460 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter. | ||||
| Applies to: |
Created: 2013-08-01 |
Updated: 2023-05-24 |
||
| ID: MITRE:16835 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks... |
Type: Software |
Bulletins:
MITRE:16835 CVE-2013-0386 |
Severity: Medium |
| Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure. | ||||
| Applies to: MySQL Server 5.5 |
Created: 2013-07-29 |
Updated: 2023-05-24 |
||
| ID: MITRE:17186 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful unauthenticated... |
Type: Services |
Bulletins:
MITRE:17186 CVE-2012-1702 |
Severity: Medium |
| Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors. | ||||
| Applies to: MySQL Server 5.1 MySQL Server 5.5 |
Created: 2013-07-29 |
Updated: 2023-05-24 |
||
| ID: MITRE:17266 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated... |
Type: Services |
Bulletins:
MITRE:17266 CVE-2012-0574 |
Severity: Medium |
| Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors. | ||||
| Applies to: MySQL Server 5.1 MySQL Server 5.5 |
Created: 2013-07-29 |
Updated: 2023-05-24 |
||
| ID: MITRE:16267 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Replication). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability requiring logon to... |
Type: Services |
Bulletins:
MITRE:16267 CVE-2013-0385 |
Severity: Medium |
| Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication. | ||||
| Applies to: MySQL Server 5.1 MySQL Server 5.5 |
Created: 2013-07-29 |
Updated: 2023-05-24 |
||
| ID: MITRE:17175 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Replication). Supported versions that are affected are 5.1.66 and earlier and 5.1.28 and earlier. Easily exploitable vulnerability allows successful... |
Type: Services |
Bulletins:
MITRE:17175 CVE-2013-0375 |
Severity: Medium |
| Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication. | ||||
| Applies to: MySQL Server 5.1 MySQL Server 5.5 |
Created: 2013-07-29 |
Updated: 2023-05-24 |
||
| ID: MITRE:16877 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Privileges). Supported versions that are affected are 5.5.28 and earlier. Difficult to exploit vulnerability allows successful authenticated network... |
Type: Software |
Bulletins:
MITRE:16877 CVE-2012-5096 |
Severity: Low |
| Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors. | ||||
| Applies to: MySQL Server 5.5 |
Created: 2013-07-29 |
Updated: 2023-05-24 |
||
| ID: MITRE:16395 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Privileges). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful... |
Type: Services |
Bulletins:
MITRE:16395 CVE-2012-5611 |
Severity: Medium |
| Description: Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command. | ||||
| Applies to: MySQL Server 5.1 MySQL Server 5.5 |
Created: 2013-07-29 |
Updated: 2023-05-24 |
||
| ID: MITRE:17077 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Partition). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks... |
Type: Software |
Bulletins:
MITRE:17077 CVE-2013-0367 |
Severity: Medium |
| Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition. | ||||
| Applies to: MySQL Server 5.5 |
Created: 2013-07-29 |
Updated: 2023-05-24 |
||
| ID: MITRE:16960 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Parser). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via... |
Type: Software |
Bulletins:
MITRE:16960 CVE-2012-5612 |
Severity: Medium |
| Description: Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands. | ||||
| Applies to: MySQL Server 5.5 |
Created: 2013-07-29 |
Updated: 2023-05-24 |
||
| ID: MITRE:16947 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks... |
Type: Software |
Bulletins:
MITRE:16947 CVE-2012-0578 |
Severity: Medium |
| Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. | ||||
| Applies to: MySQL Server 5.5 |
Created: 2013-07-29 |
Updated: 2023-05-24 |
||
| ID: MITRE:16825 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful... |
Type: Services |
Bulletins:
MITRE:16825 CVE-2013-0389 |
Severity: Medium |
| Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. | ||||
| Applies to: MySQL Server 5.1 MySQL Server 5.5 |
Created: 2013-07-29 |
Updated: 2023-05-24 |
||
| ID: MITRE:17268 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful... |
Type: Services |
Bulletins:
MITRE:17268 CVE-2012-1705 |
Severity: Medium |
| Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. | ||||
| Applies to: MySQL Server 5.1 MySQL Server 5.5 |
Created: 2013-07-29 |
Updated: 2023-05-24 |
||
| ID: MITRE:16758 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Locking). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Difficult to exploit vulnerability allows successful... |
Type: Services |
Bulletins:
MITRE:16758 CVE-2013-0383 |
Severity: Medium |
| Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking. | ||||
| Applies to: MySQL Server 5.1 MySQL Server 5.5 |
Created: 2013-07-29 |
Updated: 2023-05-24 |
||
| ID: MITRE:16451 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via... |
Type: Software |
Bulletins:
MITRE:16451 CVE-2013-0371 |
Severity: Medium |
| Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability, related to MyISAM. | ||||
| Applies to: MySQL Server 5.5 |
Created: 2013-07-29 |
Updated: 2023-05-24 |
||
| ID: MITRE:17255 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via... |
Type: Software |
Bulletins:
MITRE:17255 CVE-2013-0368 |
Severity: Medium |
| Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. | ||||
| Applies to: MySQL Server 5.5 |
Created: 2013-07-29 |
Updated: 2023-05-24 |
||
| ID: MITRE:16792 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated... |
Type: Services |
Bulletins:
MITRE:16792 CVE-2012-0572 |
Severity: Medium |
| Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. | ||||
| Applies to: MySQL Server 5.1 MySQL Server 5.5 |
Created: 2013-07-29 |
Updated: 2023-05-24 |
||
| ID: MITRE:16632 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Information Schema). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful... |
Type: Services |
Bulletins:
MITRE:16632 CVE-2013-0384 |
Severity: Medium |
| Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Information Schema. | ||||
| Applies to: MySQL Server 5.1 MySQL Server 5.5 |
Created: 2013-07-29 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-3414 |
Title: Cross-site scripting (XSS) vulnerability in the WebVPN portal login page on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCug83080. |
Type: Hardware |
Bulletins:
CVE-2013-3414 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in the WebVPN portal login page on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCug83080. | ||||
| Applies to: |
Created: 2013-07-25 |
Updated: 2023-05-24 |
||
| ID: MITRE:16375 |
Title: The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to... |
Type: Software |
Bulletins:
MITRE:16375 CVE-2013-4083 |
Severity: Medium |
| Description: The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | ||||
| Applies to: Wireshark |
Created: 2013-07-22 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-3436 |
Title: The default configuration of the Group Encrypted Transport VPN (GET VPN) feature on Cisco IOS uses an improper mechanism for enabling Group Domain of Interpretation (GDOI) traffic flow, which allows remote attackers to bypass the encryption policy... |
Type: Hardware |
Bulletins:
CVE-2013-3436 SFBID61362 |
Severity: Medium |
| Description: The default configuration of the Group Encrypted Transport VPN (GET VPN) feature on Cisco IOS uses an improper mechanism for enabling Group Domain of Interpretation (GDOI) traffic flow, which allows remote attackers to bypass the encryption policy via certain uses of UDP port 848, aka Bug ID CSCui07698. | ||||
| Applies to: |
Created: 2013-07-19 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-3433 |
Title: Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka... |
Type: Hardware |
Bulletins:
CVE-2013-3433 SFBID61297 |
Severity: Medium |
| Description: Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02276. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-07-18 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-3434 |
Title: Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka... |
Type: Hardware |
Bulletins:
CVE-2013-3434 SFBID61296 |
Severity: Medium |
| Description: Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02242. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-07-18 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-3412 |
Title: SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuh81766. |
Type: Hardware |
Bulletins:
CVE-2013-3412 |
Severity: Medium |
| Description: SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuh81766. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-07-18 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-3404 |
Title: SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging... |
Type: Hardware |
Bulletins:
CVE-2013-3404 |
Severity: High |
| Description: SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-07-18 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-3403 |
Title: Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allow local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged... |
Type: Hardware |
Bulletins:
CVE-2013-3403 |
Severity: Medium |
| Description: Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allow local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCuh73454. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-07-18 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-3402 |
Title: An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440. |
Type: Hardware |
Bulletins:
CVE-2013-3402 |
Severity: Medium |
| Description: An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-07-18 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-4686 |
Title: The kernel in Juniper Junos 10.4 before 10.4R14, 11.4 before 11.4R8, 11.4X27 before 11.4X27.43, 12.1 before 12.1R6, 12.1X44 before 12.1X44-D20, 12.2 before 12.2R4, and 12.3 before 12.3R2, in certain VLAN configurations with unrestricted arp-resp and... |
Type: Hardware |
Bulletins:
CVE-2013-4686 SFBID61126 |
Severity: High |
| Description: The kernel in Juniper Junos 10.4 before 10.4R14, 11.4 before 11.4R8, 11.4X27 before 11.4X27.43, 12.1 before 12.1R6, 12.1X44 before 12.1X44-D20, 12.2 before 12.2R4, and 12.3 before 12.3R2, in certain VLAN configurations with unrestricted arp-resp and proxy-arp settings, allows remote attackers to cause a denial of service (device crash) via a crafted ARP request, aka PR 842091. | ||||
| Applies to: |
Created: 2013-07-11 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-4690 |
Title: Juniper Junos 10.4 before 10.4S13, 11.4 before 11.4R7-S1, 12.1 before 12.1R5-S3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on the SRX1400, SRX3400, and SRX3600 does not properly initialize memory locations used during padding of... |
Type: Hardware |
Bulletins:
CVE-2013-4690 SFBID61123 |
Severity: Medium |
| Description: Juniper Junos 10.4 before 10.4S13, 11.4 before 11.4R7-S1, 12.1 before 12.1R5-S3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on the SRX1400, SRX3400, and SRX3600 does not properly initialize memory locations used during padding of Ethernet packets, which allows remote attackers to obtain sensitive information by reading packet data, aka PR 829536, a related issue to CVE-2003-0001. | ||||
| Applies to: Juniper SRX1400 Juniper SRX3400 Juniper SRX3600 |
Created: 2013-07-11 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-4684 |
Title: flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R8, 12.1 before 12.1R7, and 12.1X44 before 12.1X44-D15 on SRX devices, when PIM and NAT are enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted PIM... |
Type: Hardware |
Bulletins:
CVE-2013-4684 SFBID61127 |
Severity: High |
| Description: flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R8, 12.1 before 12.1R7, and 12.1X44 before 12.1X44-D15 on SRX devices, when PIM and NAT are enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted PIM packets, aka PR 842253. | ||||
| Applies to: Juniper SRX100 Juniper SRX110 Juniper SRX1400 Juniper SRX210 Juniper SRX220 Juniper SRX240 Juniper SRX3400 Juniper SRX3600 Juniper SRX550 Juniper SRX5600 Juniper SRX5800 Juniper SRX650 |
Created: 2013-07-11 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-4687 |
Title: flowd in Juniper Junos 10.4 before 10.4S14, 11.2 and 11.4 before 11.4R6-S2, and 12.1 before 12.1R6 on SRX devices, when certain Application Layer Gateways (ALGs) are enabled, allows remote attackers to cause a denial of service (daemon crash) via... |
Type: Hardware |
Bulletins:
CVE-2013-4687 SFBID61122 |
Severity: High |
| Description: flowd in Juniper Junos 10.4 before 10.4S14, 11.2 and 11.4 before 11.4R6-S2, and 12.1 before 12.1R6 on SRX devices, when certain Application Layer Gateways (ALGs) are enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted TCP packets, aka PRs 727980, 806269, and 835593. | ||||
| Applies to: Juniper SRX100 Juniper SRX110 Juniper SRX1400 Juniper SRX210 Juniper SRX220 Juniper SRX240 Juniper SRX3400 Juniper SRX3600 Juniper SRX550 Juniper SRX5600 Juniper SRX5800 Juniper SRX650 |
Created: 2013-07-11 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-4688 |
Title: flowd in Juniper Junos 10.4 before 10.4R11 on SRX devices, when the MSRPC Application Layer Gateway (ALG) is enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted MSRPC requests, aka PR 772834. |
Type: Hardware |
Bulletins:
CVE-2013-4688 SFBID61124 |
Severity: High |
| Description: flowd in Juniper Junos 10.4 before 10.4R11 on SRX devices, when the MSRPC Application Layer Gateway (ALG) is enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted MSRPC requests, aka PR 772834. | ||||
| Applies to: Juniper SRX100 Juniper SRX110 Juniper SRX1400 Juniper SRX210 Juniper SRX220 Juniper SRX240 Juniper SRX3400 Juniper SRX3600 Juniper SRX550 Juniper SRX5600 Juniper SRX5800 Juniper SRX650 |
Created: 2013-07-11 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-4685 |
Title: Buffer overflow in flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7, 12.1 before 12.1R6, and 12.1X44 before 12.1X44-D15 on SRX devices, when Captive Portal is enabled with the UAC enforcer role, allows remote attackers to execute... |
Type: Hardware |
Bulletins:
CVE-2013-4685 SFBID61125 |
Severity: High |
| Description: Buffer overflow in flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7, 12.1 before 12.1R6, and 12.1X44 before 12.1X44-D15 on SRX devices, when Captive Portal is enabled with the UAC enforcer role, allows remote attackers to execute arbitrary code via crafted HTTP requests, aka PR 849100. | ||||
| Applies to: Juniper SRX100 Juniper SRX110 Juniper SRX1400 Juniper SRX210 Juniper SRX220 Juniper SRX240 Juniper SRX3400 Juniper SRX3600 Juniper SRX550 Juniper SRX5600 Juniper SRX5800 Juniper SRX650 |
Created: 2013-07-11 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-3400 |
Title: The license-installation module in Cisco NX-OS on Nexus 1000V devices allows local users to execute arbitrary commands via crafted "install license" arguments, aka Bug ID CSCuh30824. |
Type: Hardware |
Bulletins:
CVE-2013-3400 |
Severity: Medium |
| Description: The license-installation module in Cisco NX-OS on Nexus 1000V devices allows local users to execute arbitrary commands via crafted "install license" arguments, aka Bug ID CSCuh30824. | ||||
| Applies to: Cisco Nexus 1000V VSM |
Created: 2013-07-10 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-4787 |
Title: Android 1.6 Donut through 4.2 Jelly Bean does not properly check cryptographic signatures for applications, which allows attackers to execute arbitrary code via an application package file (APK) that is modified in a way that does... |
Type: Mobile Devices |
Bulletins:
CVE-2013-4787 SFBID60952 |
Severity: High |
| Description: Android 1.6 Donut through 4.2 Jelly Bean does not properly check cryptographic signatures for applications, which allows attackers to execute arbitrary code via an application package file (APK) that is modified in a way that does not violate the cryptographic signature, probably involving multiple entries in a Zip file with the same name in which one entry is validated but the other entry is installed, aka Android security bug 8219321 and the "Master Key" vulnerability. | ||||
| Applies to: |
Created: 2013-07-09 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-2341 |
Title: Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and switches allows remote authenticated users to... |
Type: Hardware |
Bulletins:
CVE-2013-2341 |
Severity: High |
| Description: Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and switches allows remote authenticated users to execute arbitrary code or obtain sensitive information via unknown vectors. | ||||
| Applies to: 3Com Router 3012 3Com Router 3013 3Com Router 3016 3Com Router 3036 3Com Router 3040 3Com Router 3041 3Com Router 5009 3Com Router 5012 3Com Router 5231 3Com Router 5232 3Com Router 5640 3Com Router 5642 3Com Router... |
Created: 2013-07-06 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-2340 |
Title: Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and switches allows remote attackers to execute... |
Type: Hardware |
Bulletins:
CVE-2013-2340 |
Severity: High |
| Description: Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and switches allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors. | ||||
| Applies to: 3Com Router 3012 3Com Router 3013 3Com Router 3016 3Com Router 3036 3Com Router 3040 3Com Router 3041 3Com Router 5009 3Com Router 5012 3Com Router 5231 3Com Router 5232 3Com Router 5640 3Com Router 5642 3Com Router... |
Created: 2013-07-06 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-3382 |
Title: The Next-Generation Firewall (aka NGFW, formerly CX Context-Aware Security) module 9.x before 9.1.1.9 and 9.1.2.x before 9.1.2.12 for Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (device... |
Type: Hardware |
Bulletins:
CVE-2013-3382 |
Severity: High |
| Description: The Next-Generation Firewall (aka NGFW, formerly CX Context-Aware Security) module 9.x before 9.1.1.9 and 9.1.2.x before 9.1.2.12 for Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (device reload or traffic-processing outage) via fragmented (1) IPv4 or (2) IPv6 traffic, aka Bug ID CSCue88387. | ||||
| Applies to: |
Created: 2013-06-26 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-3397 |
Title: Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability component in Cisco Unified Communications Manager (CUCM) allows remote attackers to hijack the authentication of arbitrary users for requests that perform Unified... |
Type: Hardware |
Bulletins:
CVE-2013-3397 |
Severity: Medium |
| Description: Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability component in Cisco Unified Communications Manager (CUCM) allows remote attackers to hijack the authentication of arbitrary users for requests that perform Unified Serviceability actions, aka Bug ID CSCuh10298. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-06-26 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-3377 |
Title: Cisco TelePresence TC Software before 5.1.7 and TE Software before 4.1.3 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCue01743. |
Type: Hardware |
Bulletins:
CVE-2013-3377 |
Severity: High |
| Description: Cisco TelePresence TC Software before 5.1.7 and TE Software before 4.1.3 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCue01743. | ||||
| Applies to: Cisco Codec C40 Cisco Codec C60 Cisco Codec C90 Cisco Codec EX60 Cisco Codec EX90 |
Created: 2013-06-21 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-4616 |
Title: The WifiPasswordController generateDefaultPassword method in Preferences in Apple iOS 6 and earlier relies on the UITextChecker suggestWordInLanguage method for selection of Wi-Fi hotspot WPA2 PSK passphrases, which makes it easier... |
Type: Mobile Devices |
Bulletins:
CVE-2013-4616 |
Severity: Medium |
| Description: The WifiPasswordController generateDefaultPassword method in Preferences in Apple iOS 6 and earlier relies on the UITextChecker suggestWordInLanguage method for selection of Wi-Fi hotspot WPA2 PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack that leverages the insufficient number of possible passphrases. | ||||
| Applies to: |
Created: 2013-06-18 |
Updated: 2023-05-24 |
||
| ID: MITRE:16168 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Swing) 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect... |
Type: Software |
Bulletins:
MITRE:16168 CVE-2012-1716 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-10 |
Updated: 2023-05-24 |
||
| ID: MITRE:16430 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Sound) 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality,... |
Type: Software |
Bulletins:
MITRE:16430 CVE-2013-1481 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-10 |
Updated: 2023-05-24 |
||
| ID: MITRE:15923 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Security) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote... |
Type: Software |
Bulletins:
MITRE:15923 CVE-2012-1718 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect availability via unknown vectors related to Security. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-10 |
Updated: 2023-05-24 |
||
| ID: MITRE:16519 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: RMI) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect... |
Type: Software |
Bulletins:
MITRE:16519 CVE-2013-0424 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to cross-site scripting (XSS) in the sun.rmi.transport.proxy CGIHandler class that does not properly handle error messages in a (1) command or (2) port number. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-10 |
Updated: 2023-05-24 |
||
| ID: MITRE:16581 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Networking) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier, when running on... |
Type: Software |
Bulletins:
MITRE:16581 CVE-2012-1720 |
Severity: Low |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier, when running on Solaris, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-10 |
Updated: 2023-05-24 |
||
| ID: MITRE:16537 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Networking) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect integrity via... |
Type: Software |
Bulletins:
MITRE:16537 CVE-2013-0433 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to avoid triggering an exception during the deserialization of invalid InetSocketAddress data. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-10 |
Updated: 2023-05-24 |
||
| ID: MITRE:16013 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect integrity via... |
Type: Software |
Bulletins:
MITRE:16013 CVE-2013-0427 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Libraries. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to interrupt certain threads that should not be interrupted. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-10 |
Updated: 2023-05-24 |
||
| ID: MITRE:15888 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to... |
Type: Software |
Bulletins:
MITRE:15888 CVE-2013-0426 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-10 |
Updated: 2023-05-24 |
||
| ID: MITRE:16058 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to... |
Type: Software |
Bulletins:
MITRE:16058 CVE-2013-0425 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-10 |
Updated: 2023-05-24 |
||
| ID: MITRE:16496 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to... |
Type: Software |
Bulletins:
MITRE:16496 CVE-2013-0428 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "incorrect checks for proxy classes" in the Reflection API. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-10 |
Updated: 2023-05-24 |
||
| ID: MITRE:16558 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JSSE) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect... |
Type: Software |
Bulletins:
MITRE:16558 CVE-2013-0440 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the the SSL/TLS implementation via a large number of ClientHello packets that are not properly handled by (1) ClientHandshaker.java and (2) ServerHandshaker.java. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-10 |
Updated: 2023-05-24 |
||
| ID: MITRE:15832 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JSSE) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect... |
Type: Software |
Bulletins:
MITRE:15832 CVE-2013-0443 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a "small subgroup attack" to force the use of weak session keys or obtain sensitive information about the private key. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-10 |
Updated: 2023-05-24 |
||
| ID: MITRE:16550 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JMX) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect confidentiality,... |
Type: Software |
Bulletins:
MITRE:16550 CVE-2013-0450 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper checks of "access control context" in the JMX RequiredModelMBean class. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-10 |
Updated: 2023-05-24 |
||
| ID: MITRE:16530 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JMX) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality via... |
Type: Software |
Bulletins:
MITRE:16530 CVE-2013-0409 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality via vectors related to JMX. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-10 |
Updated: 2023-05-24 |
||
| ID: MITRE:16528 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JAXP) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect... |
Type: Software |
Bulletins:
MITRE:16528 CVE-2013-0434 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-10 |
Updated: 2023-05-24 |
||
| ID: MITRE:16513 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Hotspot) 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect... |
Type: Software |
Bulletins:
MITRE:16513 CVE-2012-1725 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-10 |
Updated: 2023-05-24 |
||
| ID: MITRE:16259 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Hotspot) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote... |
Type: Software |
Bulletins:
MITRE:16259 CVE-2012-1723 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-10 |
Updated: 2023-05-24 |
||
| ID: MITRE:15996 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers... |
Type: Software |
Bulletins:
MITRE:15996 CVE-2012-1711 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to CORBA. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-10 |
Updated: 2023-05-24 |
||
| ID: MITRE:16312 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers... |
Type: Software |
Bulletins:
MITRE:16312 CVE-2012-1719 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect integrity, related to CORBA. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-10 |
Updated: 2023-05-24 |
||
| ID: MITRE:16649 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect confidentiality,... |
Type: Software |
Bulletins:
MITRE:16649 CVE-2013-0429 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue involves the creation of a single PresentationManager that is shared across multiple thread groups, which allows remote attackers to bypass Java sandbox restrictions. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-10 |
Updated: 2023-05-24 |
||
| ID: MITRE:16566 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to... |
Type: Software |
Bulletins:
MITRE:16566 CVE-2013-0441 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-1476 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via certain methods that should not be serialized, aka "missing serialization restriction." | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-10 |
Updated: 2023-05-24 |
||
| ID: MITRE:16613 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to... |
Type: Software |
Bulletins:
MITRE:16613 CVE-2013-1475 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-10 |
Updated: 2023-05-24 |
||
| ID: MITRE:16652 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to... |
Type: Software |
Bulletins:
MITRE:16652 CVE-2013-1476 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-0441 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via "certain value handler constructors." | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-10 |
Updated: 2023-05-24 |
||
| ID: MITRE:16680 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect confidentiality,... |
Type: Software |
Bulletins:
MITRE:16680 CVE-2013-0445 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-10 |
Updated: 2023-05-24 |
||
| ID: MITRE:16567 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect... |
Type: Software |
Bulletins:
MITRE:16567 CVE-2013-0432 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient clipboard access premission checks." | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-10 |
Updated: 2023-05-24 |
||
| ID: MITRE:16035 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect... |
Type: Software |
Bulletins:
MITRE:16035 CVE-2013-0442 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-10 |
Updated: 2023-05-24 |
||
| ID: MITRE:16045 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect... |
Type: Software |
Bulletins:
MITRE:16045 CVE-2013-1480 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-10 |
Updated: 2023-05-24 |
||
| ID: MITRE:16502 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: 2D) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, 1.4.2_37 and earlier, and JavaFX 2.1 and earlier... |
Type: Software |
Bulletins:
MITRE:16502 CVE-2012-1713 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, 1.4.2_37 and earlier, and JavaFX 2.1 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||||
| Applies to: Java Runtime Environment JavaFX |
Created: 2013-06-10 |
Updated: 2023-05-24 |
||
| ID: MITRE:15733 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: 2D) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect... |
Type: Software |
Bulletins:
MITRE:15733 CVE-2013-1478 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" that can trigger an integer overflow and memory corruption. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-10 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-3954 |
Title: The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is... |
Type: Mobile Devices |
Bulletins:
CVE-2013-3954 |
Severity: Medium |
| Description: The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is inconsistent with a header count field, or (2) obtain sensitive information from kernel heap memory via a certain size value in conjunction with a crafted buffer. | ||||
| Applies to: |
Created: 2013-06-05 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-3953 |
Title: The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory... |
Type: Mobile Devices |
Bulletins:
CVE-2013-3953 |
Severity: Medium |
| Description: The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted call. | ||||
| Applies to: |
Created: 2013-06-05 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-3950 |
Title: Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLD_SHARED_CACHE_DIR... |
Type: Mobile Devices |
Bulletins:
CVE-2013-3950 |
Severity: Medium |
| Description: Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLD_SHARED_CACHE_DIR environment variable. | ||||
| Applies to: |
Created: 2013-06-05 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-3948 |
Title: Apple iOS 6.1.3 does not follow redirects during determination of the hostname to display in an iOS Enterprise Deployment installation dialog, which makes it easier for remote attackers to trigger installation of arbitrary... |
Type: Mobile Devices |
Bulletins:
CVE-2013-3948 |
Severity: Medium |
| Description: Apple iOS 6.1.3 does not follow redirects during determination of the hostname to display in an iOS Enterprise Deployment installation dialog, which makes it easier for remote attackers to trigger installation of arbitrary applications via a download-manifest itms-services:// URL that leverages an open redirect vulnerability within a trusted domain. | ||||
| Applies to: |
Created: 2013-06-05 |
Updated: 2023-05-24 |
||
| ID: MITRE:16549 |
Title: Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5 Update 41 and earlier can result in unauthorized update, insert or delete access... |
Type: Software |
Bulletins:
MITRE:16549 CVE-2013-2384 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2383, and CVE-2013-2420. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "font layout" in the International Components for Unicode (ICU) Layout Engine before 51.2. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-03 |
Updated: 2023-05-24 |
||
| ID: MITRE:16564 |
Title: Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5 Update 41 and earlier can result in unauthorized update, insert or delete access... |
Type: Software |
Bulletins:
MITRE:16564 CVE-2013-2383 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2384, and CVE-2013-2420. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "handling of [a] glyph table" in the International Components for Unicode (ICU) Layout Engine before 51.2. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-03 |
Updated: 2023-05-24 |
||
| ID: MITRE:16697 |
Title: Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5 Update 41 and earlier can result in unauthorized update, insert or delete access... |
Type: Software |
Bulletins:
MITRE:16697 CVE-2013-1569 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "checking of [a] glyph table" in the International Components for Unicode (ICU) Layout Engine before 51.2. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-03 |
Updated: 2023-05-24 |
||
| ID: MITRE:16527 |
Title: Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful... |
Type: Software |
Bulletins:
MITRE:16527 CVE-2013-2419 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "font processing errors" in the International Components for Unicode (ICU) Layout Engine before 51.2. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-03 |
Updated: 2023-05-24 |
||
| ID: MITRE:16578 |
Title: Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful... |
Type: Software |
Bulletins:
MITRE:16578 CVE-2013-1537 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the default java.rmi.server.useCodebaseOnly setting of false, which allows remote attackers to perform "dynamic class downloading" and execute arbitrary code. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-03 |
Updated: 2023-05-24 |
||
| ID: MITRE:16314 |
Title: Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful... |
Type: Software |
Bulletins:
MITRE:16314 CVE-2013-2424 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality via vectors related to JMX. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient class access checks" when "creating new instances" using MBeanInstantiator. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-03 |
Updated: 2023-05-24 |
||
| ID: MITRE:16688 |
Title: Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful... |
Type: Software |
Bulletins:
MITRE:16688 CVE-2013-1557 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "missing security restrictions" in the LogStream.setDefaultStream method. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-03 |
Updated: 2023-05-24 |
||
| ID: MITRE:16702 |
Title: Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful... |
Type: Software |
Bulletins:
MITRE:16702 CVE-2013-1518 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "missing security restrictions." | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-03 |
Updated: 2023-05-24 |
||
| ID: MITRE:16446 |
Title: Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful... |
Type: Software |
Bulletins:
MITRE:16446 CVE-2013-2417 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to Networking. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an information leak involving InetAddress serialization. CVE has not investigated the apparent discrepancy between vendor reports regarding the impact of this issue. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-03 |
Updated: 2023-05-24 |
||
| ID: MITRE:16297 |
Title: Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Difficult to exploit vulnerability allows successful... |
Type: Software |
Bulletins:
MITRE:16297 CVE-2013-0401 |
Severity: High |
| Description: The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to execute arbitrary code via vectors related to AWT, as demonstrated by Ben Murphy during a Pwn2Own competition at CanSecWest 2013. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to invocation of the system class loader by the sun.awt.datatransfer.ClassLoaderObjectInputStream class, which allows remote attackers to bypass Java sandbox restrictions. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-03 |
Updated: 2023-05-24 |
||
| ID: MITRE:16597 |
Title: Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before and 5.0 Update 41 and before. Easily exploitable vulnerability allows successful... |
Type: Software |
Bulletins:
MITRE:16597 CVE-2013-2420 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient "validation of images" in share/native/sun/awt/image/awt_ImageRep.c, possibly involving offsets. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-03 |
Updated: 2023-05-24 |
||
| ID: MITRE:16684 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, related to JMX. |
Type: Software |
Bulletins:
MITRE:16684 CVE-2012-5075 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, related to JMX. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-03 |
Updated: 2023-05-24 |
||
| ID: MITRE:16686 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and... |
Type: Software |
Bulletins:
MITRE:16686 CVE-2012-3143 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-03 |
Updated: 2023-05-24 |
||
| ID: MITRE:16506 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and... |
Type: Software |
Bulletins:
MITRE:16506 CVE-2012-5089 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-03 |
Updated: 2023-05-24 |
||
| ID: MITRE:16685 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity... |
Type: Software |
Bulletins:
MITRE:16685 CVE-2012-5069 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Concurrency. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-03 |
Updated: 2023-05-24 |
||
| ID: MITRE:16227 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity,... |
Type: Software |
Bulletins:
MITRE:16227 CVE-2012-5071 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity, related to JMX. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-03 |
Updated: 2023-05-24 |
||
| ID: MITRE:16546 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier; and JavaFX 2.2 and... |
Type: Software |
Bulletins:
MITRE:16546 CVE-2012-1531 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier; and JavaFX 2.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||||
| Applies to: Java Runtime Environment JavaFX |
Created: 2013-06-03 |
Updated: 2023-05-24 |
||
| ID: MITRE:16553 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote... |
Type: Software |
Bulletins:
MITRE:16553 CVE-2012-5084 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-03 |
Updated: 2023-05-24 |
||
| ID: MITRE:16538 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote... |
Type: Software |
Bulletins:
MITRE:16538 CVE-2012-3216 |
Severity: Low |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-03 |
Updated: 2023-05-24 |
||
| ID: MITRE:16585 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote... |
Type: Software |
Bulletins:
MITRE:16585 CVE-2012-5077 |
Severity: Low |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Security. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-03 |
Updated: 2023-05-24 |
||
| ID: MITRE:16602 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote... |
Type: Software |
Bulletins:
MITRE:16602 CVE-2012-5079 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-03 |
Updated: 2023-05-24 |
||
| ID: MITRE:16654 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote... |
Type: Software |
Bulletins:
MITRE:16654 CVE-2012-5085 |
Severity: Low |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote authenticated users to have an unspecified impact via unknown vectors related to Networking. NOTE: the Oracle CPU states that this issue has a 0.0 CVSS score. If so, then this is not a vulnerability and this issue should not be included in CVE. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-03 |
Updated: 2018-09-11 |
||
| ID: MITRE:16043 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote... |
Type: Software |
Bulletins:
MITRE:16043 CVE-2012-5081 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect availability, related to JSSE. | ||||
| Applies to: Java Runtime Environment |
Created: 2013-06-03 |
Updated: 2023-05-24 |
||
| ID: MITRE:16466 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote... |
Type: Software |
Bulletins:
MITRE:16466 CVE-2012-5073 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries. | ||||
| Applies to: Java Runtime Environment JavaFX |
Created: 2013-06-03 |
Updated: 2023-05-24 |
||
| ID: MITRE:16544 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, 1.4.2_38 and earlier, and JavaFX 2.2 and... |
Type: Software |
Bulletins:
MITRE:16544 CVE-2012-5083 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, 1.4.2_38 and earlier, and JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||||
| Applies to: Java Runtime Environment JavaFX |
Created: 2013-06-03 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1212 |
Title: The SSL functionality in Cisco NX-OS on the Nexus 1000V does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof servers, and intercept or modify Virtual Supervisor Module (VSM) to VMware vCenter communication,... |
Type: Hardware |
Bulletins:
CVE-2013-1212 |
Severity: Medium |
| Description: The SSL functionality in Cisco NX-OS on the Nexus 1000V does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof servers, and intercept or modify Virtual Supervisor Module (VSM) to VMware vCenter communication, via a crafted certificate, aka Bug ID CSCud14837. | ||||
| Applies to: Cisco Nexus 1000V VSM |
Created: 2013-05-29 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1209 |
Title: The encryption functionality in the Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication component in Cisco NX-OS on the Nexus 1000V does not properly authenticate VSM/VEM packets, which allows remote attackers to disable... |
Type: Hardware |
Bulletins:
CVE-2013-1209 |
Severity: Medium |
| Description: The encryption functionality in the Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication component in Cisco NX-OS on the Nexus 1000V does not properly authenticate VSM/VEM packets, which allows remote attackers to disable packet-level encryption and integrity protection via crafted packets, aka Bug ID CSCud14710. | ||||
| Applies to: |
Created: 2013-05-29 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1208 |
Title: The encryption functionality in Cisco NX-OS on the Nexus 1000V does not properly handle Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication, which allows remote attackers to intercept or modify network traffic by... |
Type: Hardware |
Bulletins:
CVE-2013-1208 |
Severity: Medium |
| Description: The encryption functionality in Cisco NX-OS on the Nexus 1000V does not properly handle Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication, which allows remote attackers to intercept or modify network traffic by leveraging certain Layer 2 or Layer 3 access, aka Bug ID CSCud14691. | ||||
| Applies to: |
Created: 2013-05-29 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1211 |
Title: Cisco NX-OS on the Nexus 1000V does not properly handle authentication for Virtual Ethernet Module (VEM) to Virtual Supervisor Module (VSM) communication, which allows remote attackers to obtain VEM access via (1) spoofed STUN packets or (2) a... |
Type: Hardware |
Bulletins:
CVE-2013-1211 |
Severity: Medium |
| Description: Cisco NX-OS on the Nexus 1000V does not properly handle authentication for Virtual Ethernet Module (VEM) to Virtual Supervisor Module (VSM) communication, which allows remote attackers to obtain VEM access via (1) spoofed STUN packets or (2) a crafted VMware ESXi instance, aka Bug ID CSCud14832. | ||||
| Applies to: |
Created: 2013-05-29 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1213 |
Title: Cisco NX-OS on the Nexus 1000V does not assign the proper priority to heartbeat messages from a Virtual Ethernet Module (VEM) to a Virtual Supervisor Module (VSM), which allows remote attackers to cause a denial of service (false VEM unavailability... |
Type: Hardware |
Bulletins:
CVE-2013-1213 |
Severity: Medium |
| Description: Cisco NX-OS on the Nexus 1000V does not assign the proper priority to heartbeat messages from a Virtual Ethernet Module (VEM) to a Virtual Supervisor Module (VSM), which allows remote attackers to cause a denial of service (false VEM unavailability report) via a flood of UDP packets, aka Bug ID CSCud14840. | ||||
| Applies to: Cisco Nexus 1000V VSM |
Created: 2013-05-29 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1210 |
Title: Array index error in the Virtual Ethernet Module (VEM) kernel driver for VMware ESXi in Cisco NX-OS on the Nexus 1000V, when STUN debugging is enabled, allows remote attackers to cause a denial of service (ESXi crash and purple screen of death) by... |
Type: Hardware |
Bulletins:
CVE-2013-1210 |
Severity: Medium |
| Description: Array index error in the Virtual Ethernet Module (VEM) kernel driver for VMware ESXi in Cisco NX-OS on the Nexus 1000V, when STUN debugging is enabled, allows remote attackers to cause a denial of service (ESXi crash and purple screen of death) by sending crafted STUN packets to a VEM, aka Bug ID CSCud14825. | ||||
| Applies to: |
Created: 2013-05-29 |
Updated: 2023-05-24 |
||
| ID: MITRE:16598 |
Title: Microsoft Windows Remote Desktop Client remote code execution vulnerability - MS13-029 |
Type: Software |
Bulletins:
MITRE:16598 CVE-2013-1296 |
Severity: High |
| Description: The Remote Desktop ActiveX control in mstscax.dll in Microsoft Remote Desktop Connection Client 6.1 and 7.0 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a web page that triggers access to a deleted object, and allows remote RDP servers to execute arbitrary code via unspecified vectors that trigger access to a deleted object, aka "RDP ActiveX Control Remote Code Execution Vulnerability." | ||||
| Applies to: Remote Desktop Client |
Created: 2013-05-27 |
Updated: 2023-05-24 |
||
| ID: MITRE:16293 |
Title: Elevation of privilege vulnerability in Windows Defender - MS13-034 |
Type: Software |
Bulletins:
MITRE:16293 CVE-2013-0078 |
Severity: High |
| Description: The Microsoft Antimalware Client in Windows Defender on Windows 8 and Windows RT uses an incorrect pathname for MsMpEng.exe, which allows local users to gain privileges via a crafted application, aka "Microsoft Antimalware Improper Pathname Vulnerability." | ||||
| Applies to: |
Created: 2013-05-27 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1019 |
Title: Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. |
Type: Mobile Devices |
Bulletins:
CVE-2013-1019 |
Severity: High |
| Description: Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. | ||||
| Applies to: |
Created: 2013-05-24 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1204 |
Title: Memory leak in the SNMP process in Cisco IOS XR allows remote attackers to cause a denial of service (memory consumption or process reload) by sending many port-162 UDP packets, aka Bug ID CSCug80345. |
Type: Hardware |
Bulletins:
CVE-2013-1204 |
Severity: Medium |
| Description: Memory leak in the SNMP process in Cisco IOS XR allows remote attackers to cause a denial of service (memory consumption or process reload) by sending many port-162 UDP packets, aka Bug ID CSCug80345. | ||||
| Applies to: |
Created: 2013-05-23 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-2842 |
Title: Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets. |
Type: Mobile Devices |
Bulletins:
CVE-2013-2842 |
Severity: High |
| Description: Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets. | ||||
| Applies to: |
Created: 2013-05-22 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-0999 |
Title: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2013-0999 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | ||||
| Applies to: |
Created: 2013-05-20 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1000 |
Title: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2013-1000 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | ||||
| Applies to: |
Created: 2013-05-20 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1001 |
Title: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2013-1001 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | ||||
| Applies to: |
Created: 2013-05-20 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1002 |
Title: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2013-1002 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | ||||
| Applies to: |
Created: 2013-05-20 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1003 |
Title: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2013-1003 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | ||||
| Applies to: |
Created: 2013-05-20 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1004 |
Title: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2013-1004 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | ||||
| Applies to: |
Created: 2013-05-20 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1005 |
Title: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2013-1005 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | ||||
| Applies to: |
Created: 2013-05-20 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1006 |
Title: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2013-1006 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | ||||
| Applies to: |
Created: 2013-05-20 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1007 |
Title: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2013-1007 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | ||||
| Applies to: |
Created: 2013-05-20 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1008 |
Title: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2013-1008 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | ||||
| Applies to: |
Created: 2013-05-20 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1010 |
Title: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2013-1010 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | ||||
| Applies to: |
Created: 2013-05-20 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1188 |
Title: Cisco Unified Communications Manager (CUCM) does not properly limit the rate of authentication attempts, which allows remote attackers to cause a denial of service (application slowdown) via a series of requests, aka Bug ID CSCud39515. |
Type: Hardware |
Bulletins:
CVE-2013-1188 |
Severity: Medium |
| Description: Cisco Unified Communications Manager (CUCM) does not properly limit the rate of authentication attempts, which allows remote attackers to cause a denial of service (application slowdown) via a series of requests, aka Bug ID CSCud39515. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-05-15 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1136 |
Title: The crypto engine process in Cisco IOS on Aggregation Services Router (ASR) Route Processor 2 does not properly manage memory, which allows local users to cause a denial of service (route processor crash) by creating multiple tunnels and then... |
Type: Hardware |
Bulletins:
CVE-2013-1136 |
Severity: Medium |
| Description: The crypto engine process in Cisco IOS on Aggregation Services Router (ASR) Route Processor 2 does not properly manage memory, which allows local users to cause a denial of service (route processor crash) by creating multiple tunnels and then examining encryption statistics, aka Bug ID CSCuc52193. | ||||
| Applies to: |
Created: 2013-05-13 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1234 |
Title: The SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (process restart) via crafted SNMP packets, aka Bug ID CSCue69472. |
Type: Hardware |
Bulletins:
CVE-2013-1234 |
Severity: Medium |
| Description: The SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (process restart) via crafted SNMP packets, aka Bug ID CSCue69472. | ||||
| Applies to: |
Created: 2013-05-03 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1240 |
Title: The command-line interface in Cisco Unified Communications Manager (CUCM) does not properly validate input, which allows local users to read arbitrary files via unspecified vectors, aka Bug ID CSCue25770. |
Type: Hardware |
Bulletins:
CVE-2013-1240 |
Severity: Medium |
| Description: The command-line interface in Cisco Unified Communications Manager (CUCM) does not properly validate input, which allows local users to read arbitrary files via unspecified vectors, aka Bug ID CSCue25770. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-05-03 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1235 |
Title: Cisco Wireless LAN Controller (WLC) devices do not properly address the resource consumption of terminated TELNET sessions, which allows remote attackers to cause a denial of service (TELNET outage) by making many TELNET connections and improperly... |
Type: Hardware |
Bulletins:
CVE-2013-1235 |
Severity: Medium |
| Description: Cisco Wireless LAN Controller (WLC) devices do not properly address the resource consumption of terminated TELNET sessions, which allows remote attackers to cause a denial of service (TELNET outage) by making many TELNET connections and improperly ending these connections, aka Bug ID CSCug35507. | ||||
| Applies to: Cisco WLC 2000 Cisco WLC 2100 Cisco WLC 4100 Cisco WLC 4400 |
Created: 2013-05-03 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1226 |
Title: The Ethernet frame-forwarding implementation in Cisco NX-OS on Nexus 7000 devices allows remote attackers to cause a denial of service (forwarding loop and service outage) via a crafted frame, aka Bug ID CSCug47098. |
Type: Hardware |
Bulletins:
CVE-2013-1226 |
Severity: Medium |
| Description: The Ethernet frame-forwarding implementation in Cisco NX-OS on Nexus 7000 devices allows remote attackers to cause a denial of service (forwarding loop and service outage) via a crafted frame, aka Bug ID CSCug47098. | ||||
| Applies to: Cisco Nexus 7000 Cisco Nexus 7000-9slot Cisco Nexus 7010 Cisco Nexus 7018 |
Created: 2013-04-29 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1216 |
Title: Memory leak in the SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (memory consumption and process restart) via crafted SNMP packets, aka Bug ID CSCue31546. |
Type: Hardware |
Bulletins:
CVE-2013-1216 |
Severity: Medium |
| Description: Memory leak in the SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (memory consumption and process restart) via crafted SNMP packets, aka Bug ID CSCue31546. | ||||
| Applies to: |
Created: 2013-04-29 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1215 |
Title: The vpnclient program in the Easy VPN component on Cisco Adaptive Security Appliances (ASA) 5505 devices allows local users to gain privileges via unspecified vectors, aka Bug ID CSCuf85295. |
Type: Hardware |
Bulletins:
CVE-2013-1215 |
Severity: Medium |
| Description: The vpnclient program in the Easy VPN component on Cisco Adaptive Security Appliances (ASA) 5505 devices allows local users to gain privileges via unspecified vectors, aka Bug ID CSCuf85295. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance |
Created: 2013-04-25 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1192 |
Title: The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5.2.8, and Cisco Device Manager for Cisco Nexus 5000 devices, allow remote attackers to execute arbitrary commands on Windows client machines via a crafted element-manager.jnlp... |
Type: Hardware |
Bulletins:
CVE-2013-1192 |
Severity: High |
| Description: The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5.2.8, and Cisco Device Manager for Cisco Nexus 5000 devices, allow remote attackers to execute arbitrary commands on Windows client machines via a crafted element-manager.jnlp file, aka Bug IDs CSCty17417 and CSCty10802. | ||||
| Applies to: Cisco Nexus 5000 Series Cisco Nexus 5010 Cisco Nexus 5020 Cisco Nexus 5020p Cisco Nexus 5548p Cisco Nexus 5548up Cisco Nexus 5596UP Cisco Nexus C5010P-BF |
Created: 2013-04-25 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1178 |
Title: Multiple buffer overflows in the Cisco Discovery Protocol (CDP) implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(4) and 6.x before 6.1(1), Nexus 5000 and 5500 devices 4.x and 5.x before 5.1(3)N1(1), Nexus 4000 devices... |
Type: Hardware |
Bulletins:
CVE-2013-1178 |
Severity: High |
| Description: Multiple buffer overflows in the Cisco Discovery Protocol (CDP) implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(4) and 6.x before 6.1(1), Nexus 5000 and 5500 devices 4.x and 5.x before 5.1(3)N1(1), Nexus 4000 devices before 4.1(2)E1(1h), Nexus 3000 devices 5.x before 5.0(3)U3(1), Nexus 1000V devices 4.x before 4.2(1)SV1(5.1), MDS 9000 devices 4.x and 5.x before 5.2(4), Unified Computing System (UCS) 6100 and 6200 devices before 2.0(2m), and Connected Grid Router (CGR) 1000 devices before CG4(1) allow remote attackers to execute arbitrary code via malformed CDP packets, aka Bug IDs CSCtu10630, CSCtu10551, CSCtu10550, CSCtw56581, CSCtu10548, CSCtu10544, and CSCuf61275. | ||||
| Applies to: Cisco Nexus 1000V VSM Cisco Nexus 5000 Series Cisco Nexus 5010 Cisco Nexus 5020 Cisco Nexus 5548p Cisco Nexus 5548up Cisco Nexus 5596UP Cisco Nexus 7000 Cisco Nexus 7000-9slot Cisco Nexus 7010 Cisco Nexus 7018 |
Created: 2013-04-25 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1179 |
Title: Multiple buffer overflows in the (1) SNMP and (2) License Manager implementations in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(5) and 6.x before 6.1(1) and MDS 9000 devices 4.x and 5.x before 5.2(5) allow remote authenticated users to... |
Type: Hardware |
Bulletins:
CVE-2013-1179 |
Severity: High |
| Description: Multiple buffer overflows in the (1) SNMP and (2) License Manager implementations in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(5) and 6.x before 6.1(1) and MDS 9000 devices 4.x and 5.x before 5.2(5) allow remote authenticated users to execute arbitrary code via a crafted SNMP request, aka Bug ID CSCtx54830. | ||||
| Applies to: Cisco Nexus 7000 Cisco Nexus 7000-9slot Cisco Nexus 7010 Cisco Nexus 7018 |
Created: 2013-04-25 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1181 |
Title: Cisco NX-OS on Nexus 5500 devices 4.x and 5.x before 5.0(3)N2(2), Nexus 3000 devices 5.x before 5.0(3)U3(2), and Unified Computing System (UCS) 6200 devices before 2.0(1w) allows remote attackers to cause a denial of service (device reload) by... |
Type: Hardware |
Bulletins:
CVE-2013-1181 |
Severity: High |
| Description: Cisco NX-OS on Nexus 5500 devices 4.x and 5.x before 5.0(3)N2(2), Nexus 3000 devices 5.x before 5.0(3)U3(2), and Unified Computing System (UCS) 6200 devices before 2.0(1w) allows remote attackers to cause a denial of service (device reload) by sending a jumbo packet to the management interface, aka Bug IDs CSCtx17544, CSCts10593, and CSCtx95389. | ||||
| Applies to: Cisco Nexus 5548p Cisco Nexus 5548up Cisco Nexus 5596UP |
Created: 2013-04-25 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1180 |
Title: Buffer overflow in the SNMP implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(5) and 6.x before 6.1(1) and MDS 9000 devices 4.x and 5.x before 5.2(5) allows remote authenticated users to execute arbitrary code via a crafted... |
Type: Hardware |
Bulletins:
CVE-2013-1180 |
Severity: High |
| Description: Buffer overflow in the SNMP implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(5) and 6.x before 6.1(1) and MDS 9000 devices 4.x and 5.x before 5.2(5) allows remote authenticated users to execute arbitrary code via a crafted SNMP request, aka Bug ID CSCtx54822. | ||||
| Applies to: Cisco Nexus 7000 Cisco Nexus 7000-9slot Cisco Nexus 7010 Cisco Nexus 7018 |
Created: 2013-04-25 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1217 |
Title: The generic input/output control implementation in Cisco IOS does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) by sending many SNMP requests at the same time, aka Bug ID CSCub41105. |
Type: Hardware |
Bulletins:
CVE-2013-1217 |
Severity: Medium |
| Description: The generic input/output control implementation in Cisco IOS does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) by sending many SNMP requests at the same time, aka Bug ID CSCub41105. | ||||
| Applies to: |
Created: 2013-04-24 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1194 |
Title: The ISAKMP implementation on Cisco Adaptive Security Appliances (ASA) devices generates different responses for IKE aggressive-mode messages depending on whether invalid VPN groups are specified, which allows remote attackers to enumerate groups via... |
Type: Hardware |
Bulletins:
CVE-2013-1194 |
Severity: Medium |
| Description: The ISAKMP implementation on Cisco Adaptive Security Appliances (ASA) devices generates different responses for IKE aggressive-mode messages depending on whether invalid VPN groups are specified, which allows remote attackers to enumerate groups via a series of messages, aka Bug ID CSCue73708. | ||||
| Applies to: |
Created: 2013-04-18 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1199 |
Title: Race condition in the CIFS implementation in the rewriter module in the Clientless SSL VPN component on Cisco Adaptive Security Appliances (ASA) devices allows remote authenticated users to cause a denial of service (device reload) by accessing... |
Type: Hardware |
Bulletins:
CVE-2013-1199 |
Severity: Medium |
| Description: Race condition in the CIFS implementation in the rewriter module in the Clientless SSL VPN component on Cisco Adaptive Security Appliances (ASA) devices allows remote authenticated users to cause a denial of service (device reload) by accessing resources within multiple sessions, aka Bug ID CSCub58996. | ||||
| Applies to: |
Created: 2013-04-18 |
Updated: 2023-05-24 |
||
| ID: CVE-2012-5415 |
Title: Race condition on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (CPU consumption or device reload) by establishing multiple connections, leading to improper handling of hash lookups for... |
Type: Hardware |
Bulletins:
CVE-2012-5415 |
Severity: Medium |
| Description: Race condition on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (CPU consumption or device reload) by establishing multiple connections, leading to improper handling of hash lookups for secondary flows, aka Bug IDs CSCue31622 and CSCuc71272. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance |
Created: 2013-04-16 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1150 |
Title: The authentication-proxy implementation on Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.31), 8.1 and 8.2 before 8.2(5.38), 8.3 before 8.3(2.37), 8.4 before 8.4(5.3), 8.5 and 8.6 before... |
Type: Hardware |
Bulletins:
CVE-2013-1150 |
Severity: High |
| Description: The authentication-proxy implementation on Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.31), 8.1 and 8.2 before 8.2(5.38), 8.3 before 8.3(2.37), 8.4 before 8.4(5.3), 8.5 and 8.6 before 8.6(1.10), 8.7 before 8.7(1.4), 9.0 before 9.0(1.1), and 9.1 before 9.1(1.2) allows remote attackers to cause a denial of service (device reload) via a crafted URL, aka Bug ID CSCud16590. | ||||
| Applies to: |
Created: 2013-04-11 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-2779 |
Title: Cisco IOS XE 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) feature, which allows remote attackers to cause a... |
Type: Hardware |
Bulletins:
CVE-2013-2779 |
Severity: High |
| Description: Cisco IOS XE 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) feature, which allows remote attackers to cause a denial of service (card reload) via fragmented IPv6 MVPN (aka MVPNv6) packets, aka Bug ID CSCub34945, a different vulnerability than CVE-2013-1164. | ||||
| Applies to: |
Created: 2013-04-11 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1164 |
Title: Cisco IOS XE 3.4 before 3.4.4S, 3.5, and 3.6 on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) feature, which allows remote attackers to cause a denial of service (card... |
Type: Hardware |
Bulletins:
CVE-2013-1164 |
Severity: High |
| Description: Cisco IOS XE 3.4 before 3.4.4S, 3.5, and 3.6 on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) feature, which allows remote attackers to cause a denial of service (card reload) via fragmented IPv6 multicast packets, aka Bug ID CSCtz97563. | ||||
| Applies to: |
Created: 2013-04-11 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1166 |
Title: Cisco IOS XE 3.2 through 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR), when VRF-aware NAT and SIP ALG are enabled, allows remote attackers to cause a denial of service (card reload) by... |
Type: Hardware |
Bulletins:
CVE-2013-1166 |
Severity: High |
| Description: Cisco IOS XE 3.2 through 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR), when VRF-aware NAT and SIP ALG are enabled, allows remote attackers to cause a denial of service (card reload) by sending many SIP packets, aka Bug ID CSCuc65609. | ||||
| Applies to: |
Created: 2013-04-11 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1167 |
Title: Cisco IOS XE 3.2 through 3.4 before 3.4.2S, and 3.5, on 1000 series Aggregation Services Routers (ASR), when bridge domain interface (BDI) is enabled, allows remote attackers to cause a denial of service (card reload) via packets that are not... |
Type: Hardware |
Bulletins:
CVE-2013-1167 |
Severity: High |
| Description: Cisco IOS XE 3.2 through 3.4 before 3.4.2S, and 3.5, on 1000 series Aggregation Services Routers (ASR), when bridge domain interface (BDI) is enabled, allows remote attackers to cause a denial of service (card reload) via packets that are not properly handled during the processing of encapsulation, aka Bug ID CSCtt11558. | ||||
| Applies to: |
Created: 2013-04-11 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1165 |
Title: Cisco IOS XE 2.x and 3.x before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR) allows remote attackers to cause a denial of service (card reload) by sending many crafted L2TP packets, aka Bug ID CSCtz23293. |
Type: Hardware |
Bulletins:
CVE-2013-1165 |
Severity: High |
| Description: Cisco IOS XE 2.x and 3.x before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR) allows remote attackers to cause a denial of service (card reload) by sending many crafted L2TP packets, aka Bug ID CSCtz23293. | ||||
| Applies to: |
Created: 2013-04-11 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1152 |
Title: Cisco Adaptive Security Appliances (ASA) devices with software 9.0 before 9.0(1.2) allow remote attackers to cause a denial of service (device reload) via a crafted field in a DNS message, aka Bug ID CSCuc80080. |
Type: Hardware |
Bulletins:
CVE-2013-1152 |
Severity: High |
| Description: Cisco Adaptive Security Appliances (ASA) devices with software 9.0 before 9.0(1.2) allow remote attackers to cause a denial of service (device reload) via a crafted field in a DNS message, aka Bug ID CSCuc80080. | ||||
| Applies to: |
Created: 2013-04-11 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1149 |
Title: Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.28), 8.1 and 8.2 before 8.2(5.35), 8.3 before 8.3(2.34), 8.4 before 8.4(4.11), 8.6 before 8.6(1.10), and 8.7 before 8.7(1.3), and Cisco Firewall... |
Type: Hardware |
Bulletins:
CVE-2013-1149 |
Severity: High |
| Description: Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.28), 8.1 and 8.2 before 8.2(5.35), 8.3 before 8.3(2.34), 8.4 before 8.4(4.11), 8.6 before 8.6(1.10), and 8.7 before 8.7(1.3), and Cisco Firewall Services Module (FWSM) software 3.1 and 3.2 before 3.2(24.1) and 4.0 and 4.1 before 4.1(11.1), allow remote attackers to cause a denial of service (device reload) via a crafted IKEv1 message, aka Bug IDs CSCub85692 and CSCud20267. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance |
Created: 2013-04-11 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1146 |
Title: The Smart Install client functionality in Cisco IOS 12.2 and 15.0 through 15.3 on Catalyst switches allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in Smart Install packets, aka Bug ID CSCub55790. |
Type: Hardware |
Bulletins:
CVE-2013-1146 |
Severity: High |
| Description: The Smart Install client functionality in Cisco IOS 12.2 and 15.0 through 15.3 on Catalyst switches allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in Smart Install packets, aka Bug ID CSCub55790. | ||||
| Applies to: |
Created: 2013-03-28 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1143 |
Title: The RSVP protocol implementation in Cisco IOS 12.2 and 15.0 through 15.2 and IOS XE 3.1.xS through 3.4.xS before 3.4.5S and 3.5.xS through 3.7.xS before 3.7.2S, when MPLS-TE is enabled, allows remote attackers to cause a denial of service (incorrect... |
Type: Hardware |
Bulletins:
CVE-2013-1143 |
Severity: High |
| Description: The RSVP protocol implementation in Cisco IOS 12.2 and 15.0 through 15.2 and IOS XE 3.1.xS through 3.4.xS before 3.4.5S and 3.5.xS through 3.7.xS before 3.7.2S, when MPLS-TE is enabled, allows remote attackers to cause a denial of service (incorrect memory access and device reload) via a traffic engineering PATH message in an RSVP packet, aka Bug ID CSCtg39957. | ||||
| Applies to: |
Created: 2013-03-28 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1147 |
Title: The Protocol Translation (PT) functionality in Cisco IOS 12.3 through 12.4 and 15.0 through 15.3, when one-step port-23 translation or a Telnet-to-PAD ruleset is configured, does not properly validate TCP connection information, which allows remote... |
Type: Hardware |
Bulletins:
CVE-2013-1147 |
Severity: High |
| Description: The Protocol Translation (PT) functionality in Cisco IOS 12.3 through 12.4 and 15.0 through 15.3, when one-step port-23 translation or a Telnet-to-PAD ruleset is configured, does not properly validate TCP connection information, which allows remote attackers to cause a denial of service (device reload) via an attempted connection to a PT resource, aka Bug ID CSCtz35999. | ||||
| Applies to: |
Created: 2013-03-28 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1148 |
Title: The General Responder implementation in the IP Service Level Agreement (SLA) feature in Cisco IOS 15.2 and IOS XE 3.1.xS through 3.4.xS before 3.4.5S and 3.5.xS through 3.7.xS before 3.7.2S allows remote attackers to cause a denial of service... |
Type: Hardware |
Bulletins:
CVE-2013-1148 |
Severity: High |
| Description: The General Responder implementation in the IP Service Level Agreement (SLA) feature in Cisco IOS 15.2 and IOS XE 3.1.xS through 3.4.xS before 3.4.5S and 3.5.xS through 3.7.xS before 3.7.2S allows remote attackers to cause a denial of service (device reload) via crafted (1) IPv4 or (2) IPv6 IP SLA packets on UDP port 1167, aka Bug ID CSCuc72594. | ||||
| Applies to: |
Created: 2013-03-28 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1142 |
Title: Race condition in the VRF-aware NAT feature in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 allows remote attackers to cause a denial of service (memory consumption) via IPv4 packets, aka Bug IDs CSCtg47129 and CSCtz96745. |
Type: Hardware |
Bulletins:
CVE-2013-1142 |
Severity: High |
| Description: Race condition in the VRF-aware NAT feature in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 allows remote attackers to cause a denial of service (memory consumption) via IPv4 packets, aka Bug IDs CSCtg47129 and CSCtz96745. | ||||
| Applies to: |
Created: 2013-03-28 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1144 |
Title: Memory leak in the IKEv1 implementation in Cisco IOS 15.1 allows remote attackers to cause a denial of service (memory consumption) via unspecified (1) IPv4 or (2) IPv6 IKE packets, aka Bug ID CSCth81055. |
Type: Hardware |
Bulletins:
CVE-2013-1144 |
Severity: High |
| Description: Memory leak in the IKEv1 implementation in Cisco IOS 15.1 allows remote attackers to cause a denial of service (memory consumption) via unspecified (1) IPv4 or (2) IPv6 IKE packets, aka Bug ID CSCth81055. | ||||
| Applies to: |
Created: 2013-03-28 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1145 |
Title: Memory leak in Cisco IOS 12.2, 12.4, 15.0, and 15.1, when Zone-Based Policy Firewall SIP application layer gateway inspection is enabled, allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed SIP... |
Type: Hardware |
Bulletins:
CVE-2013-1145 |
Severity: High |
| Description: Memory leak in Cisco IOS 12.2, 12.4, 15.0, and 15.1, when Zone-Based Policy Firewall SIP application layer gateway inspection is enabled, allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed SIP messages, aka Bug ID CSCtl99174. | ||||
| Applies to: |
Created: 2013-03-28 |
Updated: 2023-05-24 |
||
| ID: CVE-2012-5216 |
Title: Cross-site request forgery (CSRF) vulnerability on HP ProCurve 1700-8 (aka J9079A) switches with software before VA.02.09 and 1700-24 (aka J9080A) switches with software before VB.02.09 allows remote attackers to hijack the authentication of... |
Type: Hardware |
Bulletins:
CVE-2012-5216 |
Severity: Medium |
| Description: Cross-site request forgery (CSRF) vulnerability on HP ProCurve 1700-8 (aka J9079A) switches with software before VA.02.09 and 1700-24 (aka J9080A) switches with software before VB.02.09 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| Applies to: |
Created: 2013-03-28 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1162 |
Title: The traffic engineering (TE) processing subsystem in Cisco IOS XR allows remote attackers to cause a denial of service (process restart) via crafted TE packets, aka Bug ID CSCue04000. |
Type: Hardware |
Bulletins:
CVE-2013-1162 |
Severity: Medium |
| Description: The traffic engineering (TE) processing subsystem in Cisco IOS XR allows remote attackers to cause a denial of service (process restart) via crafted TE packets, aka Bug ID CSCue04000. | ||||
| Applies to: |
Created: 2013-03-25 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-0980 |
Title: The Passcode Lock implementation in Apple iOS before 6.1.3 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging an error in the emergency-call... |
Type: Mobile Devices |
Bulletins:
CVE-2013-0980 |
Severity: Low |
| Description: The Passcode Lock implementation in Apple iOS before 6.1.3 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging an error in the emergency-call feature. | ||||
| Applies to: |
Created: 2013-03-20 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-0979 |
Title: lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of arbitrary files via a backup that... |
Type: Mobile Devices |
Bulletins:
CVE-2013-0979 |
Severity: Low |
| Description: lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of arbitrary files via a backup that contains a pathname with a symlink. | ||||
| Applies to: |
Created: 2013-03-20 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1141 |
Title: The mDNS snooping functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.4.1.54 and earlier does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) via crafted mDNS... |
Type: Hardware |
Bulletins:
CVE-2013-1141 |
Severity: Medium |
| Description: The mDNS snooping functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.4.1.54 and earlier does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) via crafted mDNS packets, aka Bug ID CSCue04153. | ||||
| Applies to: |
Created: 2013-02-28 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1134 |
Title: The Location Bandwidth Manager (LBM) Intracluster-communication feature in Cisco Unified Communications Manager (CUCM) 9.x before 9.1(1) does not require authentication from the remote LBM Hub node, which allows remote attackers to conduct... |
Type: Hardware |
Bulletins:
CVE-2013-1134 |
Severity: High |
| Description: The Location Bandwidth Manager (LBM) Intracluster-communication feature in Cisco Unified Communications Manager (CUCM) 9.x before 9.1(1) does not require authentication from the remote LBM Hub node, which allows remote attackers to conduct cache-poisoning attacks against transaction records, and cause a denial of service (bandwidth-pool consumption and call outage), via unspecified vectors, aka Bug ID CSCub28920. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-02-27 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1133 |
Title: Cisco Unified Communications Manager (CUCM) 8.6 before 8.6(2a)su2, 8.6 BE3k before 8.6(4) BE3k, and 9.x before 9.0(1) allows remote attackers to cause a denial of service (CPU consumption and GUI and voice outages) via malformed packets to unused... |
Type: Hardware |
Bulletins:
CVE-2013-1133 |
Severity: High |
| Description: Cisco Unified Communications Manager (CUCM) 8.6 before 8.6(2a)su2, 8.6 BE3k before 8.6(4) BE3k, and 9.x before 9.0(1) allows remote attackers to cause a denial of service (CPU consumption and GUI and voice outages) via malformed packets to unused UDP ports, aka Bug ID CSCtx43337. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-02-27 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1138 |
Title: The NAT process on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (connections-table memory consumption) via crafted packets, aka Bug ID CSCue46386. |
Type: Hardware |
Bulletins:
CVE-2013-1138 |
Severity: Medium |
| Description: The NAT process on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (connections-table memory consumption) via crafted packets, aka Bug ID CSCue46386. | ||||
| Applies to: |
Created: 2013-02-25 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-0120 |
Title: The web interface on Dell PowerConnect 6248P switches allows remote attackers to cause a denial of service (device crash) via a malformed request. |
Type: Hardware |
Bulletins:
CVE-2013-0120 |
Severity: High |
| Description: The web interface on Dell PowerConnect 6248P switches allows remote attackers to cause a denial of service (device crash) via a malformed request. | ||||
| Applies to: PowerConnect 6248P |
Created: 2013-02-24 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-0879 |
Title: Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly implement web audio nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have... |
Type: Mobile Devices |
Bulletins:
CVE-2013-0879 |
Severity: High |
| Description: Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly implement web audio nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | ||||
| Applies to: |
Created: 2013-02-23 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1100 |
Title: The HTTP server in Cisco IOS on Catalyst switches does not properly handle TCP socket events, which allows remote attackers to cause a denial of service (device crash) via crafted packets on TCP port (1) 80 or (2) 443, aka Bug ID CSCuc53853. |
Type: Hardware |
Bulletins:
CVE-2013-1100 |
Severity: Medium |
| Description: The HTTP server in Cisco IOS on Catalyst switches does not properly handle TCP socket events, which allows remote attackers to cause a denial of service (device crash) via crafted packets on TCP port (1) 80 or (2) 443, aka Bug ID CSCuc53853. | ||||
| Applies to: |
Created: 2013-02-13 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1122 |
Title: Cisco NX-OS on the Nexus 7000, when a certain Overlay Transport Virtualization (OTV) configuration is used, allows remote attackers to cause a denial of service (M1-Series module reload) via crafted packets, aka Bug ID CSCud15673. |
Type: Hardware |
Bulletins:
CVE-2013-1122 |
Severity: Medium |
| Description: Cisco NX-OS on the Nexus 7000, when a certain Overlay Transport Virtualization (OTV) configuration is used, allows remote attackers to cause a denial of service (M1-Series module reload) via crafted packets, aka Bug ID CSCud15673. | ||||
| Applies to: Cisco Nexus 7000 |
Created: 2013-02-13 |
Updated: 2023-05-24 |
||
| ID: CVE-2011-5262 |
Title: SQL injection vulnerability in prodpage.cfm in SonicWALL Aventail allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter. |
Type: Hardware |
Bulletins:
CVE-2011-5262 SFBID50702 |
Severity: High |
| Description: SQL injection vulnerability in prodpage.cfm in SonicWALL Aventail allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter. | ||||
| Applies to: SonicWall SSL-VPN 6000 SonicWall SSL-VPN 7000 SonicWall SSL-VPN 9000 |
Created: 2013-02-12 |
Updated: 2023-05-24 |
||
| ID: CVE-2011-1350 |
Title: The PowerVR SGX driver in Android before 2.3.6 allows attackers to obtain potentially sensitive information from kernel stack memory via an application that uses a crafted length parameter in a request to the pvrsrvkm device. |
Type: Mobile Devices |
Bulletins:
CVE-2011-1350 |
Severity: High |
| Description: The PowerVR SGX driver in Android before 2.3.6 allows attackers to obtain potentially sensitive information from kernel stack memory via an application that uses a crafted length parameter in a request to the pvrsrvkm device. | ||||
| Applies to: |
Created: 2013-02-05 |
Updated: 2023-05-24 |
||
| ID: CVE-2011-1352 |
Title: The PowerVR SGX driver in Android before 2.3.6 allows attackers to gain root privileges via an application that triggers kernel memory corruption using crafted user data to the pvrsrvkm device. |
Type: Mobile Devices |
Bulletins:
CVE-2011-1352 |
Severity: Medium |
| Description: The PowerVR SGX driver in Android before 2.3.6 allows attackers to gain root privileges via an application that triggers kernel memory corruption using crafted user data to the pvrsrvkm device. | ||||
| Applies to: |
Created: 2013-02-05 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-0949 |
Title: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Mobile Devices |
Bulletins:
CVE-2013-0949 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. | ||||
| Applies to: |
Created: 2013-01-29 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-0950 |
Title: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Mobile Devices |
Bulletins:
CVE-2013-0950 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. | ||||
| Applies to: |
Created: 2013-01-29 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-0951 |
Title: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Mobile Devices |
Bulletins:
CVE-2013-0951 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. | ||||
| Applies to: |
Created: 2013-01-29 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-0952 |
Title: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Mobile Devices |
Bulletins:
CVE-2013-0952 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. | ||||
| Applies to: |
Created: 2013-01-29 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-0953 |
Title: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Mobile Devices |
Bulletins:
CVE-2013-0953 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. | ||||
| Applies to: |
Created: 2013-01-29 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-0954 |
Title: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Mobile Devices |
Bulletins:
CVE-2013-0954 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. | ||||
| Applies to: |
Created: 2013-01-29 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-0955 |
Title: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Mobile Devices |
Bulletins:
CVE-2013-0955 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. | ||||
| Applies to: |
Created: 2013-01-29 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-0948 |
Title: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Mobile Devices |
Bulletins:
CVE-2013-0948 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. | ||||
| Applies to: |
Created: 2013-01-29 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-0956 |
Title: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Mobile Devices |
Bulletins:
CVE-2013-0956 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. | ||||
| Applies to: |
Created: 2013-01-29 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-0958 |
Title: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Mobile Devices |
Bulletins:
CVE-2013-0958 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. | ||||
| Applies to: |
Created: 2013-01-29 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-0959 |
Title: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Mobile Devices |
Bulletins:
CVE-2013-0959 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. | ||||
| Applies to: |
Created: 2013-01-29 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-0968 |
Title: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Mobile Devices |
Bulletins:
CVE-2013-0968 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. | ||||
| Applies to: |
Created: 2013-01-29 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-0974 |
Title: StoreKit in Apple iOS before 6.1 does not properly handle the disabling of JavaScript within the preferences configuration of Mobile Safari, which allows remote attackers to bypass intended access restrictions and execute JavaScript... |
Type: Mobile Devices |
Bulletins:
CVE-2013-0974 |
Severity: Medium |
| Description: StoreKit in Apple iOS before 6.1 does not properly handle the disabling of JavaScript within the preferences configuration of Mobile Safari, which allows remote attackers to bypass intended access restrictions and execute JavaScript code via a web site with a Smart App Banner. | ||||
| Applies to: |
Created: 2013-01-29 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-0963 |
Title: Identity Services in Apple iOS before 6.1 does not properly handle validation failures of AppleID certificates, which might allow physically proximate attackers to bypass authentication by leveraging an incorrect assignment of an... |
Type: Mobile Devices |
Bulletins:
CVE-2013-0963 |
Severity: Low |
| Description: Identity Services in Apple iOS before 6.1 does not properly handle validation failures of AppleID certificates, which might allow physically proximate attackers to bypass authentication by leveraging an incorrect assignment of an empty string value to an AppleID. | ||||
| Applies to: |
Created: 2013-01-29 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-0962 |
Title: Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 6.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted content that is not properly handled during a copy-and-paste operation. |
Type: Mobile Devices |
Bulletins:
CVE-2013-0962 |
Severity: Low |
| Description: Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 6.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted content that is not properly handled during a copy-and-paste operation. | ||||
| Applies to: |
Created: 2013-01-29 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1102 |
Title: The Wireless Intrusion Prevention System (wIPS) component on Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.0, 7.1 and 7.2 before 7.2.110.0, and 7.3 before 7.3.101.0 allows remote attackers to cause a denial of service... |
Type: Hardware |
Bulletins:
CVE-2013-1102 SFBID57524 |
Severity: High |
| Description: The Wireless Intrusion Prevention System (wIPS) component on Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.0, 7.1 and 7.2 before 7.2.110.0, and 7.3 before 7.3.101.0 allows remote attackers to cause a denial of service (device reload) via crafted IP packets, aka Bug ID CSCtx80743. | ||||
| Applies to: Cisco WLC 2000 Cisco WLC 2100 Cisco WLC 4100 Cisco WLC 4400 |
Created: 2013-01-24 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1104 |
Title: The HTTP Profiling functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.3.101.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP User-Agent header, aka Bug ID CSCuc15636. |
Type: Hardware |
Bulletins:
CVE-2013-1104 SFBID57524 |
Severity: High |
| Description: The HTTP Profiling functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.3.101.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP User-Agent header, aka Bug ID CSCuc15636. | ||||
| Applies to: Cisco WLC 2000 Cisco WLC 2100 Cisco WLC 4100 Cisco WLC 4400 |
Created: 2013-01-24 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1105 |
Title: Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.3, 7.1 and 7.2 before 7.2.111.3, and 7.3 before 7.3.101.0 allow remote authenticated users to bypass wireless-management settings and read or modify the device... |
Type: Hardware |
Bulletins:
CVE-2013-1105 SFBID57524 |
Severity: High |
| Description: Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.3, 7.1 and 7.2 before 7.2.111.3, and 7.3 before 7.3.101.0 allow remote authenticated users to bypass wireless-management settings and read or modify the device configuration via an SNMP request, aka Bug ID CSCua60653. | ||||
| Applies to: Cisco WLC 2000 Cisco WLC 2100 |
Created: 2013-01-24 |
Updated: 2023-05-24 |
||
| ID: CVE-2013-1103 |
Title: Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (Access Point reload) via crafted SIP packets, aka Bug ID CSCts87659. |
Type: Hardware |
Bulletins:
CVE-2013-1103 SFBID57524 |
Severity: High |
| Description: Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (Access Point reload) via crafted SIP packets, aka Bug ID CSCts87659. | ||||
| Applies to: Cisco WLC 2000 Cisco WLC 2100 Cisco WLC 4100 Cisco WLC 4400 |
Created: 2013-01-24 |
Updated: 2023-05-24 |
||
| ID: CVE-2012-6396 |
Title: Cisco NX-OS on Nexus 7000 series switches does not properly handle certain line-card replacements, which might allow remote authenticated users to cause a denial of service (memory consumption) via a crafted configuration that references interfaces... |
Type: Hardware |
Bulletins:
CVE-2012-6396 |
Severity: Medium |
| Description: Cisco NX-OS on Nexus 7000 series switches does not properly handle certain line-card replacements, which might allow remote authenticated users to cause a denial of service (memory consumption) via a crafted configuration that references interfaces that do not exist on the new card, aka Bug ID CSCud44300. | ||||
| Applies to: Cisco Nexus 7000 Cisco Nexus 7000-9slot Cisco Nexus 7010 Cisco Nexus 7018 |
Created: 2013-01-19 |
Updated: 2023-05-24 |
||
| ID: CVE-2012-5717 |
Title: Cisco Adaptive Security Appliances (ASA) devices with firmware 8.x through 8.4(1) do not properly manage SSH sessions, which allows remote authenticated users to cause a denial of service (device crash) by establishing multiple sessions, aka Bug ID... |
Type: Hardware |
Bulletins:
CVE-2012-5717 |
Severity: Medium |
| Description: Cisco Adaptive Security Appliances (ASA) devices with firmware 8.x through 8.4(1) do not properly manage SSH sessions, which allows remote authenticated users to cause a denial of service (device crash) by establishing multiple sessions, aka Bug ID CSCtc59462. | ||||
| Applies to: |
Created: 2013-01-18 |
Updated: 2023-05-24 |
||
| ID: CVE-2012-6395 |
Title: Cisco Adaptive Security Appliances (ASA) devices with firmware 8.4 do not properly validate unspecified input related to UNC share pathnames, which allows remote authenticated users to cause a denial of service (device crash) via unknown vectors,... |
Type: Hardware |
Bulletins:
CVE-2012-6395 |
Severity: Medium |
| Description: Cisco Adaptive Security Appliances (ASA) devices with firmware 8.4 do not properly validate unspecified input related to UNC share pathnames, which allows remote authenticated users to cause a denial of service (device crash) via unknown vectors, aka Bug ID CSCuc65775. | ||||
| Applies to: |
Created: 2013-01-18 |
Updated: 2023-05-24 |
||
