LanGuard reports



Supported OVAL Bulletins


More information on 2024 updates



ID:
CVE-2013-6981
Title:
Cisco IOS XE 3.7S(.1) and earlier allows remote attackers to cause a denial of service (Packet Processor crash) via fragmented MPLS IP packets, aka Bug ID CSCul00709.
Type:
Hardware
Bulletins:
CVE-2013-6981
SFBID64514
Severity:
Medium
Description:
Cisco IOS XE 3.7S(.1) and earlier allows remote attackers to cause a denial of service (Packet Processor crash) via fragmented MPLS IP packets, aka Bug ID CSCul00709.
Applies to:
Created:
2013-12-27
Updated:
2024-01-17

ID:
CVE-2013-6979
Title:
The VTY authentication implementation in Cisco IOS XE 03.02.xxSE and 03.03.xxSE incorrectly relies on the Linux-IOS internal-network configuration, which allows remote attackers to bypass authentication by leveraging access to a 192.168.x.2 source...
Type:
Hardware
Bulletins:
CVE-2013-6979
SFBID64502
Severity:
Medium
Description:
The VTY authentication implementation in Cisco IOS XE 03.02.xxSE and 03.03.xxSE incorrectly relies on the Linux-IOS internal-network configuration, which allows remote attackers to bypass authentication by leveraging access to a 192.168.x.2 source IP address, aka Bug ID CSCuj90227.
Applies to:
Created:
2013-12-23
Updated:
2024-01-17

ID:
CVE-2013-6978
Title:
The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug...
Type:
Hardware
Bulletins:
CVE-2013-6978
SFBID64421
Severity:
Medium
Description:
The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug ID CSCuj39249.
Applies to:
Unified Communications Manager
Created:
2013-12-21
Updated:
2024-01-17

ID:
CVE-2012-4131
Title:
Directory traversal vulnerability in tar in Cisco NX-OS allows local users to access arbitrary files via crafted command-line arguments, aka Bug IDs CSCty07157, CSCty07159, CSCty07162, and CSCty07164.
Type:
Hardware
Bulletins:
CVE-2012-4131
Severity:
Medium
Description:
Directory traversal vulnerability in tar in Cisco NX-OS allows local users to access arbitrary files via crafted command-line arguments, aka Bug IDs CSCty07157, CSCty07159, CSCty07162, and CSCty07164.
Applies to:
Created:
2013-12-21
Updated:
2024-01-17

ID:
CVE-2012-4135
Title:
Directory traversal vulnerability in filesys in Cisco NX-OS 6.1(2) and earlier allows local users to access arbitrary files via crafted command-line arguments during a delete action, aka Bug IDs CSCty07270, CSCty07271, CSCty07273, and CSCty07275.
Type:
Hardware
Bulletins:
CVE-2012-4135
Severity:
Medium
Description:
Directory traversal vulnerability in filesys in Cisco NX-OS 6.1(2) and earlier allows local users to access arbitrary files via crafted command-line arguments during a delete action, aka Bug IDs CSCty07270, CSCty07271, CSCty07273, and CSCty07275.
Applies to:
Created:
2013-12-21
Updated:
2024-01-17

ID:
CVE-2013-4775
Title:
NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware 5.3.0.17; and GS752TXS and GS728TXS with firmware...
Type:
Hardware
Bulletins:
CVE-2013-4775
Severity:
High
Description:
NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware 5.3.0.17; and GS752TXS and GS728TXS with firmware 6.1.0.12 allows remote attackers to read encrypted administrator credentials and other startup configurations via a direct request to filesystem/startup-config.
Applies to:
GS716Tv2 Smart Switch
GS724Tv3 Smart Switch
GS728TPS Stack Smart Switch
GS728TS Stack Smart Switch
GS752TPS Stack Smart Switch
Created:
2013-12-18
Updated:
2024-01-17

ID:
CVE-2013-4776
Title:
NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier, GS748Tv4 5.4.1.14, and GS510TP 5.0.4.4 allows remote attackers to cause a denial of service (reboot or crash) via a crafted HTTP request to filesystem/.
Type:
Hardware
Bulletins:
CVE-2013-4776
Severity:
High
Description:
NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier, GS748Tv4 5.4.1.14, and GS510TP 5.0.4.4 allows remote attackers to cause a denial of service (reboot or crash) via a crafted HTTP request to filesystem/.
Applies to:
GS716Tv2 Smart Switch
GS724Tv3 Smart Switch
Created:
2013-12-18
Updated:
2024-01-17

ID:
CVE-2013-6271
Title:
Android 4.0 through 4.3 allows attackers to bypass intended access restrictions and remove device locks via a crafted application that invokes the updateUnlockMethodAndFinish method in the com.android.settings.ChooseLockGeneric class...
Type:
Mobile Devices
Bulletins:
CVE-2013-6271
Severity:
High
Description:
Android 4.0 through 4.3 allows attackers to bypass intended access restrictions and remove device locks via a crafted application that invokes the updateUnlockMethodAndFinish method in the com.android.settings.ChooseLockGeneric class with the PASSWORD_QUALITY_UNSPECIFIED option.
Applies to:
Created:
2013-12-14
Updated:
2024-01-17

ID:
CVE-2013-6958
Title:
Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet.
Type:
Hardware
Bulletins:
CVE-2013-6958
Severity:
High
Description:
Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet.
Applies to:
Created:
2013-12-13
Updated:
2024-01-17

ID:
CVE-2013-6956
Title:
Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web...
Type:
Hardware
Bulletins:
CVE-2013-6956
Severity:
Low
Description:
Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web rewrite is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Applies to:
Created:
2013-12-13
Updated:
2024-01-17

ID:
CVE-2013-2751
Title:
Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to...
Type:
Hardware
Bulletins:
CVE-2013-2751
Severity:
High
Description:
Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to the "forgot password workflow."
Applies to:
Created:
2013-12-12
Updated:
2024-01-17

ID:
CVE-2013-2752
Title:
Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_handler.pl in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to hijack the authentication of users.
Type:
Hardware
Bulletins:
CVE-2013-2752
Severity:
Medium
Description:
Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_handler.pl in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to hijack the authentication of users.
Applies to:
Created:
2013-12-12
Updated:
2024-01-17

ID:
CVE-2013-7030
Title:
** DISPUTED ** The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential...
Type:
Hardware
Bulletins:
CVE-2013-7030
Severity:
Medium
Description:
** DISPUTED ** The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential field in an SPDefault.cnf.xml file. NOTE: the vendor reportedly disputes the significance of this report, stating that this is an expected default behavior, and that the product's documentation describes use of the TFTP Encrypted Config option in addressing this issue.
Applies to:
Unified Communications Manager
Created:
2013-12-12
Updated:
2024-01-17

ID:
CVE-2013-6705
Title:
The IP Device Tracking (IPDT) feature in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (IPDT AVL corruption and device reload) via a crafted sequence of ARP packets, aka Bug ID CSCuh38133.
Type:
Hardware
Bulletins:
CVE-2013-6705
Severity:
Medium
Description:
The IP Device Tracking (IPDT) feature in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (IPDT AVL corruption and device reload) via a crafted sequence of ARP packets, aka Bug ID CSCuh38133.
Applies to:
Created:
2013-12-03
Updated:
2024-01-17

ID:
CVE-2013-6704
Title:
Cisco IOS XE does not properly manage memory for TFTP UDP flows, which allows remote attackers to cause a denial of service (memory consumption) via TFTP (1) client or (2) server traffic, aka Bug IDs CSCuh09324 and CSCty42686.
Type:
Hardware
Bulletins:
CVE-2013-6704
Severity:
High
Description:
Cisco IOS XE does not properly manage memory for TFTP UDP flows, which allows remote attackers to cause a denial of service (memory consumption) via TFTP (1) client or (2) server traffic, aka Bug IDs CSCuh09324 and CSCty42686.
Applies to:
Created:
2013-12-03
Updated:
2024-01-17

ID:
CVE-2013-6696
Title:
Cisco Adaptive Security Appliance (ASA) Software does not properly handle errors during the processing of DNS responses, which allows remote attackers to cause a denial of service (device reload) via a malformed response, aka Bug ID CSCuj28861.
Type:
Hardware
Bulletins:
CVE-2013-6696
Severity:
High
Description:
Cisco Adaptive Security Appliance (ASA) Software does not properly handle errors during the processing of DNS responses, which allows remote attackers to cause a denial of service (device reload) via a malformed response, aka Bug ID CSCuj28861.
Applies to:
Created:
2013-12-02
Updated:
2024-01-17

ID:
CVE-2013-6700
Title:
The SNMP module in Cisco IOS XR allows remote attackers to cause a denial of service (process reload) via a request for an unspecified MIB, aka Bug ID CSCuh43144.
Type:
Hardware
Bulletins:
CVE-2013-6700
Severity:
Medium
Description:
The SNMP module in Cisco IOS XR allows remote attackers to cause a denial of service (process reload) via a request for an unspecified MIB, aka Bug ID CSCuh43144.
Applies to:
Created:
2013-11-28
Updated:
2024-01-17

ID:
CVE-2013-6706
Title:
The Cisco Express Forwarding processing module in Cisco IOS XE allows remote attackers to cause a denial of service (device reload) via crafted MPLS packets that are not properly handled during IP header validation, aka Bug ID CSCuj23992.
Type:
Hardware
Bulletins:
CVE-2013-6706
SFBID63979
Severity:
Medium
Description:
The Cisco Express Forwarding processing module in Cisco IOS XE allows remote attackers to cause a denial of service (device reload) via crafted MPLS packets that are not properly handled during IP header validation, aka Bug ID CSCuj23992.
Applies to:
Created:
2013-11-28
Updated:
2024-01-17

ID:
MITRE:19002
Title:
Unspecified vulnerability in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Type:
Software
Bulletins:
MITRE:19002
CVE-2013-3829
Severity:
Medium
Description:
Unspecified vulnerability in the Java SE, Java SE Embedded component in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.
Applies to:
Java Runtime Environment
Created:
2013-11-26
Updated:
2024-01-17

ID:
MITRE:19020
Title:
Unspecified vulnerability in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Type:
Software
Bulletins:
MITRE:19020
CVE-2013-5778
Severity:
Medium
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D.
Applies to:
Java Runtime Environment
Created:
2013-11-26
Updated:
2024-01-17

ID:
MITRE:19032
Title:
Unspecified vulnerability in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Type:
Software
Bulletins:
MITRE:19032
CVE-2013-5774
Severity:
Medium
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries.
Applies to:
Java Runtime Environment
Created:
2013-11-26
Updated:
2024-01-17

ID:
MITRE:18645
Title:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
Type:
Software
Bulletins:
MITRE:18645
CVE-2013-5782
Severity:
High
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Applies to:
JRockit
Java Runtime Environment
Created:
2013-11-26
Updated:
2024-01-17

ID:
MITRE:19046
Title:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
Type:
Software
Bulletins:
MITRE:19046
CVE-2013-5825
Severity:
Medium
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JAXP.
Applies to:
JRockit
Java Runtime Environment
Created:
2013-11-26
Updated:
2024-01-17

ID:
MITRE:19096
Title:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
Type:
Software
Bulletins:
MITRE:19096
CVE-2013-5830
Severity:
High
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Applies to:
JRockit
Java Runtime Environment
Created:
2013-11-26
Updated:
2024-01-17

ID:
MITRE:19101
Title:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
Type:
Software
Bulletins:
MITRE:19101
CVE-2013-5780
Severity:
Medium
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
Applies to:
JRockit
Java Runtime Environment
Created:
2013-11-26
Updated:
2024-01-17

ID:
MITRE:19207
Title:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
Type:
Software
Bulletins:
MITRE:19207
CVE-2013-5802
Severity:
High
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP.
Applies to:
JRockit
Java Runtime Environment
Created:
2013-11-26
Updated:
2024-01-17

ID:
MITRE:18874
Title:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
Type:
Software
Bulletins:
MITRE:18874
CVE-2013-5803
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JGSS.
Applies to:
JRockit
Java Runtime Environment
Created:
2013-11-26
Updated:
2024-01-17

ID:
MITRE:19188
Title:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, and JRockit R27.7.6 and earlier
Type:
Software
Bulletins:
MITRE:19188
CVE-2013-5804
Severity:
Medium
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, and JRockit R27.7.6 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Javadoc.
Applies to:
JRockit
Java Runtime Environment
Created:
2013-11-26
Updated:
2024-01-17

ID:
MITRE:18504
Title:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Type:
Software
Bulletins:
MITRE:18504
CVE-2013-5809
Severity:
High
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Applies to:
Java Runtime Environment
Created:
2013-11-26
Updated:
2024-01-17

ID:
MITRE:18733
Title:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Type:
Software
Bulletins:
MITRE:18733
CVE-2013-5790
Severity:
Medium
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to BEANS.
Applies to:
Java Runtime Environment
Created:
2013-11-26
Updated:
2024-01-17

ID:
MITRE:18971
Title:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Type:
Software
Bulletins:
MITRE:18971
CVE-2013-5849
Severity:
Medium
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to AWT.
Applies to:
Java Runtime Environment
Created:
2013-11-26
Updated:
2024-01-17

ID:
MITRE:18990
Title:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Type:
Software
Bulletins:
MITRE:18990
CVE-2013-5840
Severity:
Medium
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
Applies to:
Java Runtime Environment
Created:
2013-11-26
Updated:
2024-01-17

ID:
MITRE:19024
Title:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Type:
Software
Bulletins:
MITRE:19024
CVE-2013-5817
Severity:
High
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI.
Applies to:
Java Runtime Environment
Created:
2013-11-26
Updated:
2024-01-17

ID:
MITRE:18436
Title:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Type:
Software
Bulletins:
MITRE:18436
CVE-2013-5842
Severity:
High
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Applies to:
Java Runtime Environment
Created:
2013-11-26
Updated:
2024-01-17

ID:
MITRE:19088
Title:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Type:
Software
Bulletins:
MITRE:19088
CVE-2013-5783
Severity:
Medium
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Swing.
Applies to:
Java Runtime Environment
Created:
2013-11-26
Updated:
2024-01-17

ID:
MITRE:19150
Title:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Type:
Software
Bulletins:
MITRE:19150
CVE-2013-5850
Severity:
High
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Applies to:
Java Runtime Environment
Created:
2013-11-26
Updated:
2024-01-17

ID:
MITRE:19185
Title:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Type:
Software
Bulletins:
MITRE:19185
CVE-2013-5814
Severity:
High
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA.
Applies to:
Java Runtime Environment
Created:
2013-11-26
Updated:
2024-01-17

ID:
MITRE:19189
Title:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Type:
Software
Bulletins:
MITRE:19189
CVE-2013-5829
Severity:
High
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Applies to:
Java Runtime Environment
Created:
2013-11-26
Updated:
2024-01-17

ID:
MITRE:18894
Title:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Type:
Software
Bulletins:
MITRE:18894
CVE-2013-5801
Severity:
Medium
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D.
Applies to:
Java Runtime Environment
Created:
2013-11-26
Updated:
2024-01-17

ID:
MITRE:19039
Title:
OpenSSL vulnerability before 1.0.0c in VisualSVN Server
Type:
Software
Bulletins:
MITRE:19039
CVE-2010-4252
Severity:
High
Description:
OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol.
Applies to:
VisualSVN Server
Created:
2013-11-26
Updated:
2024-01-17

ID:
MITRE:19016
Title:
OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d in VisualSVN Server
Type:
Software
Bulletins:
MITRE:19016
CVE-2013-0169
Severity:
Low
Description:
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Applies to:
VisualSVN Server
Created:
2013-11-26
Updated:
2024-01-17

ID:
MITRE:19081
Title:
OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d in VisualSVN Server
Type:
Software
Bulletins:
MITRE:19081
CVE-2013-0166
Severity:
Medium
Description:
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
Applies to:
VisualSVN Server
Created:
2013-11-26
Updated:
2024-01-17

ID:
MITRE:18910
Title:
OpenSSL vulnerability before 0.9.8q, and 1.0.x before 1.0.0c in VisualSVN Server
Type:
Software
Bulletins:
MITRE:18910
CVE-2010-4180
Severity:
Medium
Description:
OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
Applies to:
VisualSVN Server
Created:
2013-11-26
Updated:
2024-01-17

ID:
MITRE:18868
Title:
OpenSSL vulnerability 1.0.1 before 1.0.1d in VisualSVN Server
Type:
Software
Bulletins:
MITRE:18868
CVE-2012-2686
Severity:
Medium
Description:
crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data.
Applies to:
VisualSVN Server
Created:
2013-11-26
Updated:
2024-01-17

ID:
MITRE:18985
Title:
OpenSSL vulnerability 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c in VisualSVN Server
Type:
Software
Bulletins:
MITRE:18985
CVE-2011-0014
Severity:
Medium
Description:
ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability."
Applies to:
VisualSVN Server
Created:
2013-11-26
Updated:
2024-01-17

ID:
MITRE:19036
Title:
Denial of service vulnerability in Microsoft SharePoint () - MS13-067
Type:
Software
Bulletins:
MITRE:19036
CVE-2013-0081
Severity:
Medium
Description:
Microsoft SharePoint Portal Server 2003 SP3 and SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 do not properly process unassigned workflows, which allows remote attackers to cause a denial of service (W3WP process hang) via a crafted URL, aka "SharePoint Denial of Service Vulnerability."
Applies to:
Microsoft SharePoint Foundation 2010
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2007
Microsoft SharePoint Server 2010
Microsoft SharePoint Server 2013
Microsoft SharePoint Services 2.0
Microsoft SharePoint Services 3.0
Created:
2013-11-26
Updated:
2024-01-17

ID:
MITRE:18750
Title:
Cross-site scripting vulnerability in Microsoft SharePoint () - MS13-067
Type:
Software
Bulletins:
MITRE:18750
CVE-2013-3179
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "SharePoint XSS Vulnerability."
Applies to:
Microsoft SharePoint Foundation 2010
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2007
Microsoft SharePoint Server 2010
Microsoft SharePoint Server 2013
Microsoft SharePoint Services 3.0
Created:
2013-11-26
Updated:
2024-01-17

ID:
MITRE:19136
Title:
Cross-site scripting vulnerability in Microsoft SharePoint () - MS13-067
Type:
Software
Bulletins:
MITRE:19136
CVE-2013-3180
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 and SP2 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted POST request, aka "POST XSS Vulnerability."
Applies to:
Microsoft SharePoint Foundation 2010
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2010
Microsoft SharePoint Server 2013
Created:
2013-11-26
Updated:
2024-01-17

ID:
MITRE:18922
Title:
Apache Subversion vulnerability before 1.6.17 in VisualSVN Server
Type:
Software
Bulletins:
MITRE:18922
CVE-2011-1752
Severity:
Medium
Description:
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
Applies to:
VisualSVN Server
Created:
2013-11-26
Updated:
2024-01-17

ID:
MITRE:18967
Title:
Apache Subversion vulnerability before 1.6.16 in VisualSVN Server
Type:
Software
Bulletins:
MITRE:18967
CVE-2011-0715
Severity:
Medium
Description:
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
Applies to:
VisualSVN Server
Created:
2013-11-26
Updated:
2024-01-17

ID:
MITRE:18788
Title:
Apache Subversion vulnerability 1.7.0 through 1.7.8 in VisualSVN Server
Type:
Software
Bulletins:
MITRE:18788
CVE-2013-1884
Severity:
Medium
Description:
The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
Applies to:
VisualSVN Server
Created:
2013-11-26
Updated:
2024-01-17

ID:
MITRE:18973
Title:
Apache Subversion vulnerability 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 in VisualSVN Server
Type:
Software
Bulletins:
MITRE:18973
CVE-2013-1845
Severity:
Low
Description:
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
Applies to:
VisualSVN Server
Created:
2013-11-26
Updated:
2024-01-17

ID:
MITRE:18980
Title:
Apache Subversion vulnerability 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 in VisualSVN Server
Type:
Software
Bulletins:
MITRE:18980
CVE-2013-1849
Severity:
Medium
Description:
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
Applies to:
VisualSVN Server
Created:
2013-11-26
Updated:
2024-01-17

ID:
MITRE:18772
Title:
Apache Subversion vulnerability 1.6.0 before 1.6.23 in VisualSVN Server
Type:
Software
Bulletins:
MITRE:18772
CVE-2013-2088
Severity:
High
Description:
Contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename.
Applies to:
VisualSVN Server
Created:
2013-11-26
Updated:
2024-01-17

ID:
MITRE:18986
Title:
Apache Subversion vulnerability 1.6.0 before 1.6.23 and 1.7.x before 1.7.10 in VisualSVN Server
Type:
Software
Bulletins:
MITRE:18986
CVE-2013-1968
Severity:
Medium
Description:
Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name.
Applies to:
VisualSVN Server
Created:
2013-11-26
Updated:
2024-01-17

ID:
MITRE:19057
Title:
Apache Subversion vulnerability 1.6.0 before 1.6.23 and 1.7.x before 1.7.10 in VisualSVN Server
Type:
Software
Bulletins:
MITRE:19057
CVE-2013-2112
Severity:
High
Description:
The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection.
Applies to:
VisualSVN Server
Created:
2013-11-26
Updated:
2024-01-17

ID:
MITRE:19007
Title:
Apache Subversion vulnerability 1.5.x before 1.5.8 and 1.6.x before 1.6.13 in VisualSVN Server
Type:
Software
Bulletins:
MITRE:19007
CVE-2010-3315
Severity:
Medium
Description:
authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
Applies to:
VisualSVN Server
Created:
2013-11-26
Updated:
2024-01-17

ID:
MITRE:18999
Title:
Apache Subversion vulnerability 1.5.x and 1.6.x before 1.6.17 in VisualSVN Server
Type:
Software
Bulletins:
MITRE:18999
CVE-2011-1921
Severity:
Medium
Description:
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
Applies to:
VisualSVN Server
Created:
2013-11-26
Updated:
2024-01-17

ID:
MITRE:18889
Title:
Apache Subversion vulnerability 1.5.x and 1.6.x before 1.6.17 in VisualSVN Server
Type:
Software
Bulletins:
MITRE:18889
CVE-2011-1783
Severity:
Medium
Description:
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
Applies to:
VisualSVN Server
Created:
2013-11-26
Updated:
2024-01-17

ID:
MITRE:18790
Title:
Apache HTTP vulnerability from 2.2.x before 2.2.25 in VisualSVN Server
Type:
Software
Bulletins:
MITRE:18790
CVE-2013-1862
Severity:
Medium
Description:
mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
Applies to:
VisualSVN Server
Created:
2013-11-26
Updated:
2024-01-17

ID:
MITRE:18835
Title:
Apache HTTP vulnerability before 2.2.25 in VisualSVN Server
Type:
Software
Bulletins:
MITRE:18835
CVE-2013-1896
Severity:
Medium
Description:
mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
Applies to:
VisualSVN Server
Created:
2013-11-26
Updated:
2024-01-17

ID:
MITRE:18827
Title:
Apache HTTP vulnerability 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 in VisualSVN Server
Type:
Software
Bulletins:
MITRE:18827
CVE-2011-3192
Severity:
High
Description:
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
Applies to:
VisualSVN Server
Created:
2013-11-26
Updated:
2024-01-17

ID:
MITRE:18621
Title:
Apache Subversion vulnerability from 1.7.0 through 1.7.10 and from 1.8.x before 1.8.1 in VisualSVN Server
Type:
Software
Bulletins:
MITRE:18621
CVE-2013-4131
Severity:
Medium
Description:
The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
Applies to:
VisualSVN Server
Created:
2013-11-25
Updated:
2024-01-17

ID:
MITRE:18554
Title:
Apache Subversion vulnerability from 1.4.0 through 1.7.12 and from 1.8.0 through 1.8.1 in VisualSVN Server
Type:
Software
Bulletins:
MITRE:18554
CVE-2013-4277
Severity:
Low
Description:
Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option.
Applies to:
VisualSVN Server
Created:
2013-11-25
Updated:
2024-01-17

ID:
MITRE:18087
Title:
Apache Subversion vulnerability 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 in VisualSVN Server
Type:
Software
Bulletins:
MITRE:18087
CVE-2013-1846
Severity:
Medium
Description:
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
Applies to:
VisualSVN Server
Created:
2013-11-25
Updated:
2024-01-17

ID:
MITRE:18538
Title:
Apache Subversion vulnerability 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 in VisualSVN Server
Type:
Software
Bulletins:
MITRE:18538
CVE-2013-1847
Severity:
Medium
Description:
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
Applies to:
VisualSVN Server
Created:
2013-11-25
Updated:
2024-01-17

ID:
MITRE:18154
Title:
Apache HTTP vulnerability before 2.2.21 in VisualSVN Server
Type:
Software
Bulletins:
MITRE:18154
CVE-2011-3348
Severity:
Medium
Description:
The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
Applies to:
VisualSVN Server
Created:
2013-11-25
Updated:
2024-01-17

ID:
CVE-2013-6698
Title:
The web interface on Cisco Wireless LAN Controller (WLC) devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site,...
Type:
Hardware
Bulletins:
CVE-2013-6698
Severity:
Medium
Description:
The web interface on Cisco Wireless LAN Controller (WLC) devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuf77821.
Applies to:
Created:
2013-11-22
Updated:
2024-01-17

ID:
CVE-2013-6694
Title:
The IPSec implementation in Cisco IOS allows remote attackers to cause a denial of service (MTU change and tunnel-session drop) via crafted ICMP packets, aka Bug ID CSCul29918.
Type:
Hardware
Bulletins:
CVE-2013-6694
Severity:
Medium
Description:
The IPSec implementation in Cisco IOS allows remote attackers to cause a denial of service (MTU change and tunnel-session drop) via crafted ICMP packets, aka Bug ID CSCul29918.
Applies to:
Created:
2013-11-22
Updated:
2024-01-17

ID:
CVE-2013-6699
Title:
The Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service via a crafted CAPWAP packet that triggers a buffer over-read,...
Type:
Hardware
Bulletins:
CVE-2013-6699
Severity:
Medium
Description:
The Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service via a crafted CAPWAP packet that triggers a buffer over-read, aka Bug ID CSCuh81880.
Applies to:
Created:
2013-11-22
Updated:
2024-01-17

ID:
CVE-2013-6693
Title:
The MLDP implementation in Cisco IOS 15.3(3)S and earlier on 7600 routers, when many VRFs are configured, allows remote attackers to cause a denial of service (chunk corruption and device reload) by establishing many multicast flows, aka Bug ID...
Type:
Hardware
Bulletins:
CVE-2013-6693
Severity:
Medium
Description:
The MLDP implementation in Cisco IOS 15.3(3)S and earlier on 7600 routers, when many VRFs are configured, allows remote attackers to cause a denial of service (chunk corruption and device reload) by establishing many multicast flows, aka Bug ID CSCue22345.
Applies to:
Cisco 7600 Series Routers
Created:
2013-11-21
Updated:
2024-01-17

ID:
CVE-2013-6692
Title:
Cisco IOS XE 3.8S(.2) and earlier does not properly use a DHCP pool during assignment of an IP address, which allows remote authenticated users to cause a denial of service (device reload) via an AAA packet that triggers an address requirement, aka...
Type:
Hardware
Bulletins:
CVE-2013-6692
Severity:
Medium
Description:
Cisco IOS XE 3.8S(.2) and earlier does not properly use a DHCP pool during assignment of an IP address, which allows remote authenticated users to cause a denial of service (device reload) via an AAA packet that triggers an address requirement, aka Bug ID CSCuh04949.
Applies to:
Created:
2013-11-21
Updated:
2024-01-17

ID:
CVE-2013-6686
Title:
The SSL VPN implementation in Cisco IOS 15.3(1)T2 and earlier allows remote authenticated users to cause a denial of service (interface queue wedge) via crafted DTLS packets in an SSL session, aka Bug IDs CSCuh97409 and CSCud90568.
Type:
Hardware
Bulletins:
CVE-2013-6686
Severity:
Medium
Description:
The SSL VPN implementation in Cisco IOS 15.3(1)T2 and earlier allows remote authenticated users to cause a denial of service (interface queue wedge) via crafted DTLS packets in an SSL session, aka Bug IDs CSCuh97409 and CSCud90568.
Applies to:
Created:
2013-11-17
Updated:
2024-01-17

ID:
CVE-2013-5556
Title:
The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual Security Gateway 4.2(1)VSG1(1) for Nexus 1000V switches...
Type:
Hardware
Bulletins:
CVE-2013-5556
Severity:
Medium
Description:
The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual Security Gateway 4.2(1)VSG1(1) for Nexus 1000V switches allows local users to gain privileges and execute arbitrary commands via crafted "install all iso" arguments, aka Bug ID CSCui21340.
Applies to:
Cisco Nexus 1000V VSM
Created:
2013-11-17
Updated:
2024-01-17

ID:
CVE-2013-5193
Title:
The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App purchase by leveraging previous...
Type:
Mobile Devices
Bulletins:
CVE-2013-5193
Severity:
Medium
Description:
The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App purchase by leveraging previous entry of Apple ID credentials.
Applies to:
Created:
2013-11-17
Updated:
2024-01-17

ID:
CVE-2013-6688
Title:
Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted...
Type:
Hardware
Bulletins:
CVE-2013-6688
Severity:
Medium
Description:
Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted path, aka Bug ID CSCui58222.
Applies to:
Unified Communications Manager
Created:
2013-11-17
Updated:
2024-01-17

ID:
CVE-2013-6689
Title:
Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or create arbitrary files, via an "overload" of the command-line utility, aka Bug ID CSCui58229.
Type:
Hardware
Bulletins:
CVE-2013-6689
Severity:
Medium
Description:
Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or create arbitrary files, via an "overload" of the command-line utility, aka Bug ID CSCui58229.
Applies to:
Unified Communications Manager
Created:
2013-11-17
Updated:
2024-01-17

ID:
CVE-2013-6684
Title:
The web framework on Cisco Wireless LAN Controller (WLC) devices does not properly validate configuration parameters, which allows remote authenticated users to cause a denial of service via a crafted HTTP request, aka Bug ID CSCuh81011.
Type:
Hardware
Bulletins:
CVE-2013-6684
Severity:
Medium
Description:
The web framework on Cisco Wireless LAN Controller (WLC) devices does not properly validate configuration parameters, which allows remote authenticated users to cause a denial of service via a crafted HTTP request, aka Bug ID CSCuh81011.
Applies to:
Created:
2013-11-13
Updated:
2024-01-17

ID:
CVE-2013-6683
Title:
The IPv6 implementation in Cisco NX-OS does not properly handle neighbor-table adjacencies, which allows remote attackers to cause a denial of service (NS processing outage) via a series of malformed packets, aka Bug ID CSCtd15904.
Type:
Hardware
Bulletins:
CVE-2013-6683
Severity:
Medium
Description:
The IPv6 implementation in Cisco NX-OS does not properly handle neighbor-table adjacencies, which allows remote attackers to cause a denial of service (NS processing outage) via a series of malformed packets, aka Bug ID CSCtd15904.
Applies to:
Created:
2013-11-13
Updated:
2024-01-17

ID:
CVE-2013-5552
Title:
Cisco IOS 12.4(24)MDB9 and earlier on Content Services Gateway (CSG) devices does not properly implement the "parse error drop" feature, which allows remote attackers to bypass intended access restrictions via a crafted series of packets, aka Bug ID...
Type:
Hardware
Bulletins:
CVE-2013-5552
Severity:
Medium
Description:
Cisco IOS 12.4(24)MDB9 and earlier on Content Services Gateway (CSG) devices does not properly implement the "parse error drop" feature, which allows remote attackers to bypass intended access restrictions via a crafted series of packets, aka Bug ID CSCug90143.
Applies to:
Created:
2013-11-13
Updated:
2024-01-17

ID:
MITRE:18997
Title:
The iTunes ActiveX control in Apple iTunes before 11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site
Type:
Software
Bulletins:
MITRE:18997
CVE-2013-1035
Severity:
High
Description:
The iTunes ActiveX control in Apple iTunes before 11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
Applies to:
Apple iTunes
Created:
2013-11-11
Updated:
2024-01-17

ID:
CVE-2013-5565
Title:
The OSPFv3 functionality in Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (process crash) via a malformed LSA Type-1 packet, aka Bug ID CSCuj82176.
Type:
Hardware
Bulletins:
CVE-2013-5565
Severity:
Medium
Description:
The OSPFv3 functionality in Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (process crash) via a malformed LSA Type-1 packet, aka Bug ID CSCuj82176.
Applies to:
Created:
2013-11-07
Updated:
2024-01-17

ID:
CVE-2013-5553
Title:
Multiple memory leaks in Cisco IOS 15.1 before 15.1(4)M7 allow remote attackers to cause a denial of service (memory consumption or device reload) by sending a crafted SIP message over (1) IPv4 or (2) IPv6, aka Bug IDs CSCuc42558 and CSCug25383.
Type:
Hardware
Bulletins:
CVE-2013-5553
Severity:
High
Description:
Multiple memory leaks in Cisco IOS 15.1 before 15.1(4)M7 allow remote attackers to cause a denial of service (memory consumption or device reload) by sending a crafted SIP message over (1) IPv4 or (2) IPv6, aka Bug IDs CSCuc42558 and CSCug25383.
Applies to:
Created:
2013-11-07
Updated:
2024-01-17

ID:
CVE-2013-5566
Title:
Cisco NX-OS 5.0 and earlier on MDS 9000 devices allows remote attackers to cause a denial of service (supervisor CPU consumption) via Authentication Header (AH) authentication in a Virtual Router Redundancy Protocol (VRRP) frame, aka Bug ID CSCte27874.
Type:
Hardware
Bulletins:
CVE-2013-5566
Severity:
Medium
Description:
Cisco NX-OS 5.0 and earlier on MDS 9000 devices allows remote attackers to cause a denial of service (supervisor CPU consumption) via Authentication Header (AH) authentication in a Virtual Router Redundancy Protocol (VRRP) frame, aka Bug ID CSCte27874.
Applies to:
Created:
2013-11-07
Updated:
2024-01-17

ID:
CVE-2013-6618
Title:
jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary commands via the rsargs parameter in an exec action.
Type:
Hardware
Bulletins:
CVE-2013-6618
SFBID62305
Severity:
High
Description:
jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary commands via the rsargs parameter in an exec action.
Applies to:
Created:
2013-11-05
Updated:
2024-01-17

ID:
CVE-2013-5546
Title:
The TCP reassembly feature in Cisco IOS XE 3.7 before 3.7.3S and 3.8 before 3.8.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via large TCP packets that are processed by the (1) NAT or (2) ALG component,...
Type:
Hardware
Bulletins:
CVE-2013-5546
Severity:
High
Description:
The TCP reassembly feature in Cisco IOS XE 3.7 before 3.7.3S and 3.8 before 3.8.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via large TCP packets that are processed by the (1) NAT or (2) ALG component, aka Bug ID CSCud72509.
Applies to:
Created:
2013-10-31
Updated:
2024-01-17

ID:
CVE-2013-5545
Title:
The PPTP ALG implementation in Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending many PPTP packets over NAT, aka Bug ID CSCuh19936.
Type:
Hardware
Bulletins:
CVE-2013-5545
Severity:
High
Description:
The PPTP ALG implementation in Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending many PPTP packets over NAT, aka Bug ID CSCuh19936.
Applies to:
Created:
2013-10-31
Updated:
2024-01-17

ID:
CVE-2013-5548
Title:
The IKEv2 implementation in Cisco IOS, when AES-GCM or AES-GMAC is used, allows remote attackers to bypass certain IPsec anti-replay features via IPsec tunnel traffic, aka Bug ID CSCuj47795.
Type:
Hardware
Bulletins:
CVE-2013-5548
Severity:
Medium
Description:
The IKEv2 implementation in Cisco IOS, when AES-GCM or AES-GMAC is used, allows remote attackers to bypass certain IPsec anti-replay features via IPsec tunnel traffic, aka Bug ID CSCuj47795.
Applies to:
Created:
2013-10-31
Updated:
2024-01-17

ID:
CVE-2013-5555
Title:
Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to cause a denial of service (service restart) via a crafted SIP message, aka Bug ID CSCub54349.
Type:
Hardware
Bulletins:
CVE-2013-5555
Severity:
Medium
Description:
Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to cause a denial of service (service restart) via a crafted SIP message, aka Bug ID CSCub54349.
Applies to:
Unified Communications Manager
Created:
2013-10-31
Updated:
2024-01-17

ID:
CVE-2013-5547
Title:
Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending malformed EoGRE packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCuf08269.
Type:
Hardware
Bulletins:
CVE-2013-5547
Severity:
High
Description:
Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending malformed EoGRE packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCuf08269.
Applies to:
Created:
2013-10-31
Updated:
2024-01-17

ID:
CVE-2013-5543
Title:
Cisco IOS XE 3.4 before 3.4.2S and 3.5 before 3.5.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via malformed ICMP error packets associated with a (1) TCP or (2) UDP session that is under inspection by...
Type:
Hardware
Bulletins:
CVE-2013-5543
Severity:
High
Description:
Cisco IOS XE 3.4 before 3.4.2S and 3.5 before 3.5.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via malformed ICMP error packets associated with a (1) TCP or (2) UDP session that is under inspection by the Zone-Based Firewall (ZBFW) component, aka Bug ID CSCtt26470.
Applies to:
Created:
2013-10-31
Updated:
2024-01-17

ID:
CVE-2013-6012
Title:
Juniper Junos 12.1X44 before 12.1.X44-D20 and 12.1X45 before 12.1X45-D15, when the no-validate option is enabled, does not properly handle configuration validation errors during the config commit phase of the boot-up sequence, which allows remote...
Type:
Hardware
Bulletins:
CVE-2013-6012
SFBID63389
Severity:
High
Description:
Juniper Junos 12.1X44 before 12.1.X44-D20 and 12.1X45 before 12.1X45-D15, when the no-validate option is enabled, does not properly handle configuration validation errors during the config commit phase of the boot-up sequence, which allows remote attackers to bypass authentication via unspecified vectors.
Applies to:
Created:
2013-10-28
Updated:
2024-01-17

ID:
CVE-2013-6014
Title:
Juniper Junos 10.4 before 10.4S15, 11.4 before 11.4R9, 11.4X27 before 11.4X27.44, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.2 before 12.2R6, 12.3 before 12.3R3, 13.1 before 13.1R3, and 13.2 before 13.2R1, when...
Type:
Hardware
Bulletins:
CVE-2013-6014
Severity:
Medium
Description:
Juniper Junos 10.4 before 10.4S15, 11.4 before 11.4R9, 11.4X27 before 11.4X27.44, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.2 before 12.2R6, 12.3 before 12.3R3, 13.1 before 13.1R3, and 13.2 before 13.2R1, when Proxy ARP is enabled on an unnumbered interface, allows remote attackers to perform ARP poisoning attacks and possibly obtain sensitive information via a crafted ARP message.
Applies to:
Created:
2013-10-28
Updated:
2024-01-17

ID:
CVE-2013-5549
Title:
Cisco IOS XR 3.8.1 through 4.2.0 does not properly process fragmented packets within the RP-A, RP-B, PRP, and DRP-B route-processor components, which allows remote attackers to cause a denial of service (transmission outage) via (1) IPv4 or (2) IPv6...
Type:
Hardware
Bulletins:
CVE-2013-5549
Severity:
High
Description:
Cisco IOS XR 3.8.1 through 4.2.0 does not properly process fragmented packets within the RP-A, RP-B, PRP, and DRP-B route-processor components, which allows remote attackers to cause a denial of service (transmission outage) via (1) IPv4 or (2) IPv6 traffic, aka Bug ID CSCuh30380.
Applies to:
Created:
2013-10-24
Updated:
2024-01-17

ID:
CVE-2013-5522
Title:
Cisco IOS on Catalyst 3750X switches has default Service Module credentials, which makes it easier for local users to gain privileges via a Service Module login, aka Bug ID CSCue92286.
Type:
Hardware
Bulletins:
CVE-2013-5522
Severity:
Medium
Description:
Cisco IOS on Catalyst 3750X switches has default Service Module credentials, which makes it easier for local users to gain privileges via a Service Module login, aka Bug ID CSCue92286.
Applies to:
Cisco Catalyst 3750X
Created:
2013-10-24
Updated:
2024-01-17

ID:
CVE-2013-5162
Title:
Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcode-entry view after use of the Phone app.
Type:
Mobile Devices
Bulletins:
CVE-2013-5162
Severity:
Low
Description:
Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcode-entry view after use of the Phone app.
Applies to:
Created:
2013-10-23
Updated:
2024-01-17

ID:
CVE-2013-5144
Title:
Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emergency-call button during a certain...
Type:
Mobile Devices
Bulletins:
CVE-2013-5144
Severity:
Low
Description:
Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emergency-call button during a certain notification and camera-pane state to trigger a NULL pointer dereference.
Applies to:
Created:
2013-10-23
Updated:
2024-01-17

ID:
CVE-2013-5164
Title:
Multiple race conditions in the Phone app in Apple iOS before 7.0.3 allow physically proximate attackers to bypass the locked state, and dial the telephone numbers in arbitrary Contacts entries, by visiting the Contacts pane.
Type:
Mobile Devices
Bulletins:
CVE-2013-5164
Severity:
Low
Description:
Multiple race conditions in the Phone app in Apple iOS before 7.0.3 allow physically proximate attackers to bypass the locked state, and dial the telephone numbers in arbitrary Contacts entries, by visiting the Contacts pane.
Applies to:
Created:
2013-10-23
Updated:
2024-01-17

ID:
CVE-2013-6027
Title:
Stack-based buffer overflow in the RuntimeDiagnosticPing function in /bin/webs on D-Link DIR-100 routers might allow remote authenticated administrators to execute arbitrary commands via a long set/runtime/diagnostic/pingIp parameter to...
Type:
Hardware
Bulletins:
CVE-2013-6027
Severity:
High
Description:
Stack-based buffer overflow in the RuntimeDiagnosticPing function in /bin/webs on D-Link DIR-100 routers might allow remote authenticated administrators to execute arbitrary commands via a long set/runtime/diagnostic/pingIp parameter to Tools/tools_misc.xgi.
Applies to:
DIR-100
Created:
2013-10-19
Updated:
2024-01-17

ID:
CVE-2013-6015
Title:
Juniper Junos before 10.4S14, 11.4 before 11.4R5-S2, 12.1R before 12.1R3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D15 on SRX Series services gateways, when a plugin using TCP proxy is configured, allows remote attackers to cause a...
Type:
Hardware
Bulletins:
CVE-2013-6015
Severity:
Medium
Description:
Juniper Junos before 10.4S14, 11.4 before 11.4R5-S2, 12.1R before 12.1R3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D15 on SRX Series services gateways, when a plugin using TCP proxy is configured, allows remote attackers to cause a denial of service (flow daemon crash) via an unspecified sequence of TCP packets.
Applies to:
Created:
2013-10-17
Updated:
2024-01-17

ID:
CVE-2013-6170
Title:
Juniper Junos 10.0 before 10.0S28, 10.4 before 10.4R7, 11.1 before 11.1R5, 11.2 before 11.2R2, and 11.4 before 11.4R1, when in a Next-Generation Multicast VPN (NGEN MVPN) environment, allows remote attackers to cause a denial of service (RPD routing...
Type:
Hardware
Bulletins:
CVE-2013-6170
SFBID62973
Severity:
Medium
Description:
Juniper Junos 10.0 before 10.0S28, 10.4 before 10.4R7, 11.1 before 11.1R5, 11.2 before 11.2R2, and 11.4 before 11.4R1, when in a Next-Generation Multicast VPN (NGEN MVPN) environment, allows remote attackers to cause a denial of service (RPD routing daemon crash) via a large number of crafted PIM (S,G) join requests.
Applies to:
Created:
2013-10-17
Updated:
2024-01-17

ID:
CVE-2013-4689
Title:
J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1R before 12.1R6, 12.1X44 before 12.1X44-D15, 12.1x45 before 12.1X45-D10, 12.2 before 12.2R3, 12.3 before 12.3R2, and 13.1 before 13.1R3 allow remote attackers to bypass the cross-site...
Type:
Hardware
Bulletins:
CVE-2013-4689
SFBID62940
Severity:
Medium
Description:
J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1R before 12.1R6, 12.1X44 before 12.1X44-D15, 12.1x45 before 12.1X45-D10, 12.2 before 12.2R3, 12.3 before 12.3R2, and 13.1 before 13.1R3 allow remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism and hijack the authentication of administrators for requests that (1) create new administrator accounts or (2) have other unspecified impacts.
Applies to:
Created:
2013-10-17
Updated:
2024-01-17

ID:
CVE-2013-6013
Title:
Buffer overflow in the flow daemon (flowd) in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7-S2, 12.1.X44 before 12.1X44-D15, 12.1X45 before 12.1X45-D10 on SRX devices, when using telnet pass-through authentication on the firewall, might...
Type:
Hardware
Bulletins:
CVE-2013-6013
SFBID62962
Severity:
Medium
Description:
Buffer overflow in the flow daemon (flowd) in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7-S2, 12.1.X44 before 12.1X44-D15, 12.1X45 before 12.1X45-D10 on SRX devices, when using telnet pass-through authentication on the firewall, might allow remote attackers to execute arbitrary code via a crafted telnet message.
Applies to:
Created:
2013-10-17
Updated:
2024-01-17

ID:
MITRE:18318
Title:
Vulnerability in Active Directory Federation Services could allow information disclosure - MS13-066
Type:
Software
Bulletins:
MITRE:18318
CVE-2013-3185
Severity:
Medium
Description:
Microsoft Active Directory Federation Services (AD FS) 1.x through 2.1 on Windows Server 2003 R2 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allows remote attackers to obtain sensitive information about the service account, and possibly conduct account-lockout attacks, by connecting to an endpoint, aka "AD FS Information Disclosure Vulnerability."
Applies to:
Microsoft Active Directory Federation Services
Created:
2013-10-14
Updated:
2024-01-17

ID:
CVE-2012-4097
Title:
The BGP implementation in Cisco NX-OS does not properly filter segment types in AS paths, which allows remote attackers to cause a denial of service (BGP service reset) via a malformed UPDATE message, aka Bug ID CSCtn13043.
Type:
Hardware
Bulletins:
CVE-2012-4097
Severity:
Medium
Description:
The BGP implementation in Cisco NX-OS does not properly filter segment types in AS paths, which allows remote attackers to cause a denial of service (BGP service reset) via a malformed UPDATE message, aka Bug ID CSCtn13043.
Applies to:
Created:
2013-10-13
Updated:
2024-01-17

ID:
CVE-2012-4099
Title:
The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13065.
Type:
Hardware
Bulletins:
CVE-2012-4099
Severity:
Medium
Description:
The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13065.
Applies to:
Created:
2013-10-13
Updated:
2024-01-17

ID:
CVE-2012-4121
Title:
Cisco NX-OS allows local users to gain privileges, and read or modify arbitrary files, via the sed (1) r and (2) w commands, aka Bug IDs CSCts56559, CSCts56565, CSCts56570, and CSCts56574.
Type:
Hardware
Bulletins:
CVE-2012-4121
Severity:
Medium
Description:
Cisco NX-OS allows local users to gain privileges, and read or modify arbitrary files, via the sed (1) r and (2) w commands, aka Bug IDs CSCts56559, CSCts56565, CSCts56570, and CSCts56574.
Applies to:
Created:
2013-10-13
Updated:
2024-01-17

ID:
CVE-2012-4077
Title:
Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via the sed e option, aka Bug IDs CSCtf25457 and CSCtf27651.
Type:
Hardware
Bulletins:
CVE-2012-4077
SFBID62849
Severity:
Medium
Description:
Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via the sed e option, aka Bug IDs CSCtf25457 and CSCtf27651.
Applies to:
Created:
2013-10-13
Updated:
2024-01-17

ID:
CVE-2012-4076
Title:
Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in a command that calls the system library function, aka Bug IDs CSCtf23559 and CSCtf27780.
Type:
Hardware
Bulletins:
CVE-2012-4076
SFBID62848
Severity:
Medium
Description:
Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in a command that calls the system library function, aka Bug IDs CSCtf23559 and CSCtf27780.
Applies to:
Created:
2013-10-13
Updated:
2024-01-17

ID:
CVE-2013-5499
Title:
The remember feature in the DHCP server in Cisco IOS allows remote attackers to cause a denial of service (device reload) by acquiring a lease and then sending a DHCPRELEASE message, aka Bug ID CSCuh46822.
Type:
Hardware
Bulletins:
CVE-2013-5499
Severity:
Medium
Description:
The remember feature in the DHCP server in Cisco IOS allows remote attackers to cause a denial of service (device reload) by acquiring a lease and then sending a DHCPRELEASE message, aka Bug ID CSCuh46822.
Applies to:
Created:
2013-10-10
Updated:
2024-01-17

ID:
CVE-2013-5527
Title:
The OSPF functionality in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted options in an LSA type 11 packet, aka Bug ID CSCui21030.
Type:
Hardware
Bulletins:
CVE-2013-5527
SFBID62904
Severity:
Medium
Description:
The OSPF functionality in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted options in an LSA type 11 packet, aka Bug ID CSCui21030.
Applies to:
Created:
2013-10-10
Updated:
2024-01-17

ID:
CVE-2013-5528
Title:
Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug...
Type:
Hardware
Bulletins:
CVE-2013-5528
SFBID62960
Severity:
Medium
Description:
Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815.
Applies to:
Unified Communications Manager
Created:
2013-10-10
Updated:
2024-01-17

ID:
CVE-2012-4091
Title:
The RIP service engine in Cisco NX-OS allows remote attackers to cause a denial of service (engine restart) via a malformed (1) RIPv4 or (2) RIPv6 message, aka Bug ID CSCtj73415.
Type:
Hardware
Bulletins:
CVE-2012-4091
SFBID62838
Severity:
Medium
Description:
The RIP service engine in Cisco NX-OS allows remote attackers to cause a denial of service (engine restart) via a malformed (1) RIPv4 or (2) RIPv6 message, aka Bug ID CSCtj73415.
Applies to:
Created:
2013-10-05
Updated:
2024-01-17

ID:
CVE-2012-4090
Title:
The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089.
Type:
Hardware
Bulletins:
CVE-2012-4090
SFBID62841
Severity:
Medium
Description:
The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089.
Applies to:
Cisco Nexus 7000
Cisco Nexus 7000-9slot
Cisco Nexus 7010
Cisco Nexus 7018
Created:
2013-10-05
Updated:
2024-01-17

ID:
CVE-2012-4122
Title:
The CLI parser in Cisco NX-OS allows local users to bypass intended access restrictions, and overwrite or create arbitrary files, via shell output redirection, aka Bug IDs CSCts56672 and CSCts56669.
Type:
Hardware
Bulletins:
CVE-2012-4122
SFBID62843
Severity:
Medium
Description:
The CLI parser in Cisco NX-OS allows local users to bypass intended access restrictions, and overwrite or create arbitrary files, via shell output redirection, aka Bug IDs CSCts56672 and CSCts56669.
Applies to:
Created:
2013-10-05
Updated:
2024-01-17

ID:
CVE-2012-4098
Title:
The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13055.
Type:
Hardware
Bulletins:
CVE-2012-4098
Severity:
Medium
Description:
The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13055.
Applies to:
Created:
2013-10-05
Updated:
2024-01-17

ID:
CVE-2012-4141
Title:
Directory traversal vulnerability in the CLI parser in Cisco NX-OS allows local users to create arbitrary script files via a relative pathname in the "file name" parameter, aka Bug IDs CSCua71557 and CSCua71551.
Type:
Hardware
Bulletins:
CVE-2012-4141
SFBID62839
Severity:
Medium
Description:
Directory traversal vulnerability in the CLI parser in Cisco NX-OS allows local users to create arbitrary script files via a relative pathname in the "file name" parameter, aka Bug IDs CSCua71557 and CSCua71551.
Applies to:
Created:
2013-10-05
Updated:
2024-01-17

ID:
CVE-2012-4075
Title:
Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in unspecified command parameters, aka Bug IDs CSCtf19827 and CSCtf27788.
Type:
Hardware
Bulletins:
CVE-2012-4075
SFBID62837
Severity:
High
Description:
Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in unspecified command parameters, aka Bug IDs CSCtf19827 and CSCtf27788.
Applies to:
Created:
2013-10-05
Updated:
2024-01-17

ID:
CVE-2013-5519
Title:
Cross-site scripting (XSS) vulnerability in the management interface on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuf77810.
Type:
Hardware
Bulletins:
CVE-2013-5519
SFBID62787
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in the management interface on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuf77810.
Applies to:
Created:
2013-10-03
Updated:
2024-01-17

ID:
CVE-2013-5503
Title:
The UDP process in Cisco IOS XR 4.3.1 does not free packet memory upon detecting full packet queues, which allows remote attackers to cause a denial of service (memory consumption) via UDP packets to listening ports, aka Bug ID CSCue69413.
Type:
Hardware
Bulletins:
CVE-2013-5503
Severity:
High
Description:
The UDP process in Cisco IOS XR 4.3.1 does not free packet memory upon detecting full packet queues, which allows remote attackers to cause a denial of service (memory consumption) via UDP packets to listening ports, aka Bug ID CSCue69413.
Applies to:
Created:
2013-10-02
Updated:
2024-01-17

ID:
CVE-2013-5516
Title:
The Media Snapshot implementation on Cisco TelePresence Multipoint Switch (CTMS) devices allows remote authenticated users to cause a denial of service (device reload) by sending many Media Snapshot requests at the time of a meeting termination, aka...
Type:
Hardware
Bulletins:
CVE-2013-5516
Severity:
Medium
Description:
The Media Snapshot implementation on Cisco TelePresence Multipoint Switch (CTMS) devices allows remote authenticated users to cause a denial of service (device reload) by sending many Media Snapshot requests at the time of a meeting termination, aka Bug ID CSCuh44796.
Applies to:
Cisco Telepresence Multipoint Switch
Created:
2013-09-30
Updated:
2024-01-17

ID:
CVE-2013-5476
Title:
The Zone-Based Firewall (ZFW) feature in Cisco IOS 15.1 through 15.2, when content filtering or HTTP ALG inspection is enabled, allows remote attackers to cause a denial of service (device reload or hang) via crafted IPv4 HTTP traffic, aka Bug ID...
Type:
Hardware
Bulletins:
CVE-2013-5476
Severity:
High
Description:
The Zone-Based Firewall (ZFW) feature in Cisco IOS 15.1 through 15.2, when content filtering or HTTP ALG inspection is enabled, allows remote attackers to cause a denial of service (device reload or hang) via crafted IPv4 HTTP traffic, aka Bug ID CSCtx56174.
Applies to:
Created:
2013-09-27
Updated:
2024-01-17

ID:
CVE-2013-5477
Title:
The T1/E1 driver-queue functionality in Cisco IOS 12.2 and 15.0 through 15.3, when an HDLC32 driver is used, allows remote attackers to cause a denial of service (interface queue wedge) via bursty network traffic, aka Bug ID CSCub67465.
Type:
Hardware
Bulletins:
CVE-2013-5477
Severity:
High
Description:
The T1/E1 driver-queue functionality in Cisco IOS 12.2 and 15.0 through 15.3, when an HDLC32 driver is used, allows remote attackers to cause a denial of service (interface queue wedge) via bursty network traffic, aka Bug ID CSCub67465.
Applies to:
Created:
2013-09-27
Updated:
2024-01-17

ID:
CVE-2013-5498
Title:
The PPTP-ALG component in CRS Carrier Grade Services Engine (CGSE) and ASR 9000 Integrated Service Module (ISM) in Cisco IOS XR allows remote attackers to cause a denial of service (module reset) via crafted packet streams, aka Bug ID CSCue91963.
Type:
Hardware
Bulletins:
CVE-2013-5498
SFBID62651
Severity:
Medium
Description:
The PPTP-ALG component in CRS Carrier Grade Services Engine (CGSE) and ASR 9000 Integrated Service Module (ISM) in Cisco IOS XR allows remote attackers to cause a denial of service (module reset) via crafted packet streams, aka Bug ID CSCue91963.
Applies to:
Created:
2013-09-27
Updated:
2024-01-17

ID:
CVE-2013-5481
Title:
The PPTP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted TCP port-1723 packets, aka Bug ID CSCtq14817.
Type:
Hardware
Bulletins:
CVE-2013-5481
Severity:
High
Description:
The PPTP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted TCP port-1723 packets, aka Bug ID CSCtq14817.
Applies to:
Created:
2013-09-27
Updated:
2024-01-17

ID:
CVE-2013-5472
Title:
The NTP implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.1, and IOS XE 2.1 through 3.3, does not properly handle encapsulation of multicast NTP packets within MSDP SA messages, which allows remote attackers to cause a denial of...
Type:
Hardware
Bulletins:
CVE-2013-5472
Severity:
High
Description:
The NTP implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.1, and IOS XE 2.1 through 3.3, does not properly handle encapsulation of multicast NTP packets within MSDP SA messages, which allows remote attackers to cause a denial of service (device reload) by leveraging an MSDP peer relationship, aka Bug ID CSCuc81226.
Applies to:
Created:
2013-09-27
Updated:
2024-01-17

ID:
CVE-2013-5480
Title:
The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCuf28733.
Type:
Hardware
Bulletins:
CVE-2013-5480
Severity:
High
Description:
The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCuf28733.
Applies to:
Created:
2013-09-27
Updated:
2024-01-17

ID:
CVE-2013-5479
Title:
The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCtn53730.
Type:
Hardware
Bulletins:
CVE-2013-5479
Severity:
High
Description:
The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCtn53730.
Applies to:
Created:
2013-09-27
Updated:
2024-01-17

ID:
CVE-2013-5474
Title:
Race condition in the IPv6 virtual fragmentation reassembly (VFR) implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.3 allows remote attackers to cause a denial of service (device reload or hang) via fragmented IPv6 packets, aka Bug...
Type:
Hardware
Bulletins:
CVE-2013-5474
Severity:
High
Description:
Race condition in the IPv6 virtual fragmentation reassembly (VFR) implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.3 allows remote attackers to cause a denial of service (device reload or hang) via fragmented IPv6 packets, aka Bug ID CSCud64812.
Applies to:
Created:
2013-09-27
Updated:
2024-01-17

ID:
CVE-2013-5160
Title:
Passcode Lock in Apple iOS before 7.0.2 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by making a series of taps of the emergency-call button...
Type:
Mobile Devices
Bulletins:
CVE-2013-5160
Severity:
Low
Description:
Passcode Lock in Apple iOS before 7.0.2 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by making a series of taps of the emergency-call button to trigger a NULL pointer dereference.
Applies to:
Created:
2013-09-27
Updated:
2024-01-17

ID:
CVE-2013-5161
Title:
Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened...
Type:
Mobile Devices
Bulletins:
CVE-2013-5161
Severity:
Medium
Description:
Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened apps, by leveraging unspecified transition errors.
Applies to:
Created:
2013-09-27
Updated:
2024-01-17

ID:
CVE-2013-5473
Title:
Memory leak in Cisco IOS 12.2, 15.1, and 15.2; IOS XE 3.4.2S through 3.4.5S; and IOS XE 3.6.xS before 3.6.1S allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed IKEv1 packets, aka Bug ID CSCtx66011.
Type:
Hardware
Bulletins:
CVE-2013-5473
Severity:
High
Description:
Memory leak in Cisco IOS 12.2, 15.1, and 15.2; IOS XE 3.4.2S through 3.4.5S; and IOS XE 3.6.xS before 3.6.1S allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed IKEv1 packets, aka Bug ID CSCtx66011.
Applies to:
Created:
2013-09-27
Updated:
2024-01-17

ID:
CVE-2013-5478
Title:
Cisco IOS 15.0 through 15.3 and IOS XE 3.2 through 3.8, when a VRF interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via crafted UDP RSVP packets, aka Bug ID CSCuf17023.
Type:
Hardware
Bulletins:
CVE-2013-5478
Severity:
High
Description:
Cisco IOS 15.0 through 15.3 and IOS XE 3.2 through 3.8, when a VRF interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via crafted UDP RSVP packets, aka Bug ID CSCuf17023.
Applies to:
Created:
2013-09-27
Updated:
2024-01-17

ID:
CVE-2013-5475
Title:
Cisco IOS 12.2 through 12.4 and 15.0 through 15.3, and IOS XE 2.1 through 3.9, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets that are processed locally by a (1) server or (2) relay agent, aka Bug ID...
Type:
Hardware
Bulletins:
CVE-2013-5475
Severity:
High
Description:
Cisco IOS 12.2 through 12.4 and 15.0 through 15.3, and IOS XE 2.1 through 3.9, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets that are processed locally by a (1) server or (2) relay agent, aka Bug ID CSCug31561.
Applies to:
Created:
2013-09-27
Updated:
2024-01-17

ID:
CVE-2013-1038
Title:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2013-1038
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Applies to:
Created:
2013-09-19
Updated:
2024-01-17

ID:
CVE-2013-1039
Title:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2013-1039
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Applies to:
Created:
2013-09-19
Updated:
2024-01-17

ID:
CVE-2013-1040
Title:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2013-1040
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Applies to:
Created:
2013-09-19
Updated:
2024-01-17

ID:
CVE-2013-1037
Title:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2013-1037
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Applies to:
Created:
2013-09-19
Updated:
2024-01-17

ID:
CVE-2013-1041
Title:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2013-1041
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Applies to:
Created:
2013-09-19
Updated:
2024-01-17

ID:
CVE-2013-1042
Title:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2013-1042
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Applies to:
Created:
2013-09-19
Updated:
2024-01-17

ID:
CVE-2013-1043
Title:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2013-1043
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Applies to:
Created:
2013-09-19
Updated:
2024-01-17

ID:
CVE-2013-1044
Title:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2013-1044
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Applies to:
Created:
2013-09-19
Updated:
2024-01-17

ID:
CVE-2013-1045
Title:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2013-1045
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Applies to:
Created:
2013-09-19
Updated:
2024-01-17

ID:
CVE-2013-1046
Title:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2013-1046
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Applies to:
Created:
2013-09-19
Updated:
2024-01-17

ID:
CVE-2013-1047
Title:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2013-1047
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Applies to:
Created:
2013-09-19
Updated:
2024-01-17

ID:
CVE-2013-5125
Title:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2013-5125
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Applies to:
Created:
2013-09-19
Updated:
2024-01-17

ID:
CVE-2013-5126
Title:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2013-5126
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Applies to:
Created:
2013-09-19
Updated:
2024-01-17

ID:
CVE-2013-5127
Title:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2013-5127
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Applies to:
Created:
2013-09-19
Updated:
2024-01-17

ID:
CVE-2013-5128
Title:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2013-5128
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Applies to:
Created:
2013-09-19
Updated:
2024-01-17

ID:
CVE-2013-5159
Title:
WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element.
Type:
Mobile Devices
Bulletins:
CVE-2013-5159
Severity:
Medium
Description:
WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element.
Applies to:
Created:
2013-09-19
Updated:
2024-01-17

ID:
CVE-2013-5157
Title:
The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests to the daemon.
Type:
Mobile Devices
Bulletins:
CVE-2013-5157
Severity:
Medium
Description:
The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests to the daemon.
Applies to:
Created:
2013-09-19
Updated:
2024-01-17

ID:
CVE-2013-5156
Title:
The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct...
Type:
Mobile Devices
Bulletins:
CVE-2013-5156
Severity:
Medium
Description:
The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct requests to the daemon.
Applies to:
Created:
2013-09-19
Updated:
2024-01-17

ID:
CVE-2013-5158
Title:
The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Twitter interaction via unspecified...
Type:
Mobile Devices
Bulletins:
CVE-2013-5158
Severity:
Low
Description:
The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Twitter interaction via unspecified vectors.
Applies to:
Created:
2013-09-19
Updated:
2024-01-17

ID:
CVE-2013-5154
Title:
The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a...
Type:
Mobile Devices
Bulletins:
CVE-2013-5154
Severity:
Medium
Description:
The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a crafted application.
Applies to:
Created:
2013-09-19
Updated:
2024-01-17

ID:
CVE-2013-5155
Title:
The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random.
Type:
Mobile Devices
Bulletins:
CVE-2013-5155
Severity:
High
Description:
The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random.
Applies to:
Created:
2013-09-19
Updated:
2024-01-17

ID:
CVE-2013-1121
Title:
The regex engine in the BGP implementation in Cisco NX-OS, when a complex regular expression is configured for inbound routes, allows remote attackers to cause a denial of service (device reload) via a crafted AS path set, aka Bug ID CSCuf49554.
Type:
Hardware
Bulletins:
CVE-2013-1121
Severity:
Medium
Description:
The regex engine in the BGP implementation in Cisco NX-OS, when a complex regular expression is configured for inbound routes, allows remote attackers to cause a denial of service (device reload) via a crafted AS path set, aka Bug ID CSCuf49554.
Applies to:
Created:
2013-09-19
Updated:
2024-01-17

ID:
CVE-2013-5149
Title:
The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that employs a crafted push-notification...
Type:
Mobile Devices
Bulletins:
CVE-2013-5149
Severity:
Medium
Description:
The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that employs a crafted push-notification registration process.
Applies to:
Created:
2013-09-19
Updated:
2024-01-17

ID:
CVE-2013-5141
Title:
The kernel in Apple iOS before 7 uses an incorrect data size for a certain integer variable, which allows attackers to cause a denial of service (infinite loop and device hang) via a crafted application, related to an "integer...
Type:
Mobile Devices
Bulletins:
CVE-2013-5141
Severity:
High
Description:
The kernel in Apple iOS before 7 uses an incorrect data size for a certain integer variable, which allows attackers to cause a denial of service (infinite loop and device hang) via a crafted application, related to an "integer truncation vulnerability."
Applies to:
Created:
2013-09-19
Updated:
2024-01-17

ID:
CVE-2013-5142
Title:
The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2) segctl API.
Type:
Mobile Devices
Bulletins:
CVE-2013-5142
Severity:
Medium
Description:
The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2) segctl API.
Applies to:
Created:
2013-09-19
Updated:
2024-01-17

ID:
CVE-2013-5140
Title:
The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment.
Type:
Mobile Devices
Bulletins:
CVE-2013-5140
Severity:
High
Description:
The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment.
Applies to:
Created:
2013-09-19
Updated:
2024-01-17

ID:
CVE-2011-2391
Title:
The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets.
Type:
Mobile Devices
Bulletins:
CVE-2011-2391
Severity:
Medium
Description:
The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets.
Applies to:
Created:
2013-09-19
Updated:
2024-01-17

ID:
CVE-2013-5139
Title:
The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds array access) via a crafted application.
Type:
Mobile Devices
Bulletins:
CVE-2013-5139
Severity:
High
Description:
The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds array access) via a crafted application.
Applies to:
Created:
2013-09-19
Updated:
2024-01-17

ID:
CVE-2013-5150
Title:
The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation.
Type:
Mobile Devices
Bulletins:
CVE-2013-5150
Severity:
Low
Description:
The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation.
Applies to:
Created:
2013-09-19
Updated:
2024-01-17

ID:
CVE-2013-5153
Title:
Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors.
Type:
Mobile Devices
Bulletins:
CVE-2013-5153
Severity:
Low
Description:
Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors.
Applies to:
Created:
2013-09-19
Updated:
2024-01-17

ID:
CVE-2013-1036
Title:
Safari in Apple iOS before 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
Type:
Mobile Devices
Bulletins:
CVE-2013-1036
Severity:
Medium
Description:
Safari in Apple iOS before 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
Applies to:
Created:
2013-09-19
Updated:
2024-01-17

ID:
CVE-2013-5147
Title:
Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of...
Type:
Mobile Devices
Bulletins:
CVE-2013-5147
Severity:
Low
Description:
Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of a SIM card.
Applies to:
Created:
2013-09-19
Updated:
2024-01-17

ID:
CVE-2013-5129
Title:
Multiple cross-site scripting (XSS) vulnerabilities in WebKit in Apple iOS before 7 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation.
Type:
Mobile Devices
Bulletins:
CVE-2013-5129
Severity:
Medium
Description:
Multiple cross-site scripting (XSS) vulnerabilities in WebKit in Apple iOS before 7 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation.
Applies to:
Created:
2013-09-19
Updated:
2024-01-17

ID:
CVE-2013-5151
Title:
Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file.
Type:
Mobile Devices
Bulletins:
CVE-2013-5151
Severity:
Medium
Description:
Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file.
Applies to:
Created:
2013-09-19
Updated:
2024-01-17

ID:
CVE-2013-5152
Title:
Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site.
Type:
Mobile Devices
Bulletins:
CVE-2013-5152
Severity:
Medium
Description:
Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site.
Applies to:
Created:
2013-09-19
Updated:
2024-01-17

ID:
CVE-2013-5145
Title:
kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message.
Type:
Mobile Devices
Bulletins:
CVE-2013-5145
Severity:
Medium
Description:
kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message.
Applies to:
Created:
2013-09-19
Updated:
2024-01-17

ID:
CVE-2013-5137
Title:
IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API.
Type:
Mobile Devices
Bulletins:
CVE-2013-5137
Severity:
Low
Description:
IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API.
Applies to:
Created:
2013-09-19
Updated:
2024-01-17

ID:
CVE-2013-5138
Title:
IOCatalogue in IOKitUser in Apple iOS before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted application.
Type:
Mobile Devices
Bulletins:
CVE-2013-5138
Severity:
Medium
Description:
IOCatalogue in IOKitUser in Apple iOS before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted application.
Applies to:
Created:
2013-09-19
Updated:
2024-01-17

ID:
CVE-2013-0957
Title:
Data Protection in Apple iOS before 7 allows attackers to bypass intended limits on incorrect passcode entry, and consequently avoid a configured Erase Data setting, by leveraging the presence of an app in the third-party sandbox.
Type:
Mobile Devices
Bulletins:
CVE-2013-0957
Severity:
Medium
Description:
Data Protection in Apple iOS before 7 allows attackers to bypass intended limits on incorrect passcode entry, and consequently avoid a configured Erase Data setting, by leveraging the presence of an app in the third-party sandbox.
Applies to:
Created:
2013-09-19
Updated:
2024-01-17

ID:
CVE-2013-5131
Title:
Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Type:
Mobile Devices
Bulletins:
CVE-2013-5131
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Applies to:
Created:
2013-09-19
Updated:
2024-01-17

ID:
CVE-2013-1028
Title:
The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive...
Type:
Mobile Devices
Bulletins:
CVE-2013-1028
Severity:
Medium
Description:
The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive information via a crafted certificate.
Applies to:
Created:
2013-09-16
Updated:
2024-01-17

ID:
CVE-2013-5496
Title:
Open Network Environment Platform (ONEP) in Cisco NX-OS allows remote authenticated users to cause a denial of service (network-element reload) via a crafted packet, aka Bug ID CSCui51551.
Type:
Hardware
Bulletins:
CVE-2013-5496
Severity:
Medium
Description:
Open Network Environment Platform (ONEP) in Cisco NX-OS allows remote authenticated users to cause a denial of service (network-element reload) via a crafted packet, aka Bug ID CSCui51551.
Applies to:
Created:
2013-09-16
Updated:
2024-01-17

ID:
CVE-2013-1026
Title:
Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document.
Type:
Mobile Devices
Bulletins:
CVE-2013-1026
Severity:
Medium
Description:
Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document.
Applies to:
Created:
2013-09-16
Updated:
2024-01-17

ID:
CVE-2013-1025
Title:
Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document.
Type:
Mobile Devices
Bulletins:
CVE-2013-1025
Severity:
Medium
Description:
Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document.
Applies to:
Created:
2013-09-16
Updated:
2024-01-17

ID:
CVE-2013-5649
Title:
Multiple cross-site scripting (XSS) vulnerabilities in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.1 before 7.1r15, 7.2 before 7.2r11, 7.3 before 7.3r6, and 7.4 before 7.4r3 allow (1) remote attackers to inject arbitrary...
Type:
Hardware
Bulletins:
CVE-2013-5649
Severity:
Medium
Description:
Multiple cross-site scripting (XSS) vulnerabilities in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.1 before 7.1r15, 7.2 before 7.2r11, 7.3 before 7.3r6, and 7.4 before 7.4r3 allow (1) remote attackers to inject arbitrary web script or HTML via vectors involving login pages, and allow (2) remote authenticated users to inject arbitrary web script or HTML via vectors involving a support page.
Applies to:
Created:
2013-09-13
Updated:
2024-01-17

ID:
MITRE:16762
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:16762
CVE-2013-0999
Severity:
High
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17187
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17187
CVE-2013-1002
Severity:
High
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17252
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17252
CVE-2013-1003
Severity:
High
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17298
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17298
CVE-2013-0996
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17300
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17300
CVE-2013-0998
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17009
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17009
CVE-2013-0993
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17561
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17561
CVE-2013-0995
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17572
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17572
CVE-2013-1001
Severity:
High
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17601
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17601
CVE-2013-1005
Severity:
High
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17604
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17604
CVE-2013-1004
Severity:
High
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17621
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17621
CVE-2013-0992
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17123
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17123
CVE-2013-1010
Severity:
High
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17143
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17143
CVE-2013-1006
Severity:
High
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17407
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17407
CVE-2013-1011
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:16907
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:16907
CVE-2013-0991
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17359
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17359
CVE-2013-1008
Severity:
High
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17396
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17396
CVE-2013-1000
Severity:
High
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17400
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17400
CVE-2013-0994
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17441
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17441
CVE-2013-1007
Severity:
High
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17466
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17466
CVE-2013-0997
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:16768
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:16768
CVE-2012-3632
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:16780
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:16780
CVE-2012-3660
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17184
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17184
CVE-2012-3617
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17199
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17199
CVE-2012-3616
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17224
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17224
CVE-2012-3613
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17237
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17237
CVE-2012-3673
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17246
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17246
CVE-2012-3648
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17264
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17264
CVE-2012-3652
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17269
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17269
CVE-2012-3607
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17272
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17272
CVE-2012-3649
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17288
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17288
CVE-2012-3699
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:16986
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:16986
CVE-2012-3700
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17559
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17559
CVE-2012-3710
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17562
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17562
CVE-2012-3659
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17575
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17575
CVE-2012-3672
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17582
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17582
CVE-2012-3704
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:16532
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:16532
CVE-2012-3602
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:16588
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:16588
CVE-2012-3624
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:16983
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:16983
CVE-2012-3614
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17507
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17507
CVE-2012-3623
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17516
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17516
CVE-2012-3647
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17518
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17518
CVE-2012-3706
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17523
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17523
CVE-2012-3621
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17524
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17524
CVE-2012-3685
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17530
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17530
CVE-2012-3643
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17539
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17539
CVE-2012-3712
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17544
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17544
CVE-2012-3654
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17546
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17546
CVE-2012-3705
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17548
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17548
CVE-2012-3687
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:16626
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:16626
CVE-2012-3671
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:16638
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:16638
CVE-2012-3711
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17064
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17064
CVE-2012-3707
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17081
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17081
CVE-2012-3598
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17144
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17144
CVE-2012-3675
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17163
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17163
CVE-2012-3651
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:16874
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:16874
CVE-2012-3606
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:16891
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:16891
CVE-2012-3657
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17336
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17336
CVE-2012-3601
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17342
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17342
CVE-2012-3677
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17352
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17352
CVE-2012-3676
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17357
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17357
CVE-2012-3622
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17377
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17377
CVE-2012-3708
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17384
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17384
CVE-2012-3688
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17393
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17393
CVE-2012-3684
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17433
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17433
CVE-2012-3702
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17437
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17437
CVE-2012-3612
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17445
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17445
CVE-2012-3701
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17463
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17463
CVE-2012-3692
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17467
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17467
CVE-2012-3658
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17478
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17478
CVE-2012-3703
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17481
Title:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17481
CVE-2012-3709
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17263
Title:
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17263
CVE-2012-0639
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17068
Title:
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17068
CVE-2012-0636
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17138
Title:
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17138
CVE-2012-0638
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17365
Title:
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17365
CVE-2012-0634
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17368
Title:
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17368
CVE-2011-2866
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17469
Title:
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17469
CVE-2012-0637
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17475
Title:
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17475
CVE-2012-0648
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17212
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17212
CVE-2011-3238
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17203
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17203
CVE-2011-3233
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17207
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17207
CVE-2011-3237
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17208
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17208
CVE-2011-2817
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17211
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17211
CVE-2011-2820
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17317
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17317
CVE-2011-2831
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17020
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17020
CVE-2011-2339
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17051
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17051
CVE-2011-2811
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17483
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17483
CVE-2011-3239
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:16714
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:16714
CVE-2011-3236
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:16724
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:16724
CVE-2011-2809
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17076
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17076
CVE-2011-2816
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17084
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17084
CVE-2011-2341
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17133
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17133
CVE-2011-2352
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17170
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17170
CVE-2011-3235
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:16865
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:16865
CVE-2011-2354
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17340
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17340
CVE-2011-2356
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17355
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17355
CVE-2011-3244
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17362
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17362
CVE-2011-2338
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17370
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17370
CVE-2011-2815
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17383
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17383
CVE-2011-2814
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17401
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17401
CVE-2011-3241
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17444
Title:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17444
CVE-2011-2813
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17241
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly parse HTML elements associated with document namespaces, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory...
Type:
Software
Bulletins:
MITRE:17241
CVE-2011-0149
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly parse HTML elements associated with document namespaces, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to a "dangling pointer" and iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17072
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly access glyph data during layout actions for floating blocks associated with pseudo-elements, which allows man-in-the-middle attackers to execute arbitrary code or...
Type:
Software
Bulletins:
MITRE:17072
CVE-2011-0133
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly access glyph data during layout actions for floating blocks associated with pseudo-elements, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:16788
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:16788
CVE-2011-0126
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17218
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17218
CVE-2011-0153
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17222
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17222
CVE-2011-0136
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:16730
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:16730
CVE-2011-0141
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17191
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17191
CVE-2011-0156
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17247
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17247
CVE-2011-0127
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17250
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17250
CVE-2011-0117
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17254
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17254
CVE-2011-0119
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17280
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17280
CVE-2011-0124
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17299
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17299
CVE-2011-0155
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17312
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17312
CVE-2011-0144
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:16568
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:16568
CVE-2011-0130
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:16959
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:16959
CVE-2011-0112
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17018
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17018
CVE-2011-0123
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17104
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17104
CVE-2011-0142
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17127
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17127
CVE-2011-0145
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17059
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17059
CVE-2011-0134
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17070
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17070
CVE-2011-0113
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17092
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17092
CVE-2011-0125
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17094
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17094
CVE-2011-0131
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17161
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17161
CVE-2011-0129
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17167
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17167
CVE-2011-0135
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17172
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17172
CVE-2011-0111
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17413
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17413
CVE-2011-0143
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:16457
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:16457
CVE-2011-0137
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:16488
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:16488
CVE-2011-0147
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:16843
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:16843
CVE-2011-0146
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:16871
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:16871
CVE-2011-0165
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:16903
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:16903
CVE-2011-0114
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:16916
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:16916
CVE-2011-0148
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:16938
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:16938
CVE-2011-0168
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17327
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17327
CVE-2011-0118
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17339
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17339
CVE-2011-0150
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17372
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17372
CVE-2011-0122
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17373
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17373
CVE-2011-0120
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17374
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17374
CVE-2011-0121
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17378
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17378
CVE-2011-0140
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17394
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17394
CVE-2011-0128
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17397
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17397
CVE-2011-0151
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17446
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17446
CVE-2011-0139
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17452
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17452
CVE-2011-0138
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17482
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17482
CVE-2011-0164
Severity:
High
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17308
Title:
WebKit, as used in Apple iTunes before 10.2 on Windows and Apple iOS, does not properly implement the .sort function for JavaScript arrays, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service...
Type:
Software
Bulletins:
MITRE:17308
CVE-2011-0154
Severity:
Medium
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows and Apple iOS, does not properly implement the .sort function for JavaScript arrays, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:16756
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:16756
CVE-2012-0614
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:16795
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:16795
CVE-2011-2869
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:16826
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:16826
CVE-2012-0631
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17185
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17185
CVE-2012-0615
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17204
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17204
CVE-2012-0599
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17271
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17271
CVE-2012-0620
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17276
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17276
CVE-2011-2833
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17282
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17282
CVE-2012-0622
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17287
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17287
CVE-2012-0602
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17297
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17297
CVE-2011-2871
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17302
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17302
CVE-2012-0619
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17319
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17319
CVE-2012-0624
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:16994
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:16994
CVE-2011-2867
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:16941
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:16941
CVE-2012-0594
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:16974
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:16974
CVE-2012-0596
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:16980
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:16980
CVE-2012-0633
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17048
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17048
CVE-2012-0617
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17486
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17486
CVE-2012-0604
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17488
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17488
CVE-2012-0592
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:16678
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:16678
CVE-2012-0632
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:16726
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:16726
CVE-2012-0608
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17057
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17057
CVE-2012-0595
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17060
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17060
CVE-2012-0605
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17082
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17082
CVE-2012-0630
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17128
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17128
CVE-2012-0618
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17152
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17152
CVE-2012-0610
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17156
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17156
CVE-2012-0612
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17158
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17158
CVE-2012-0591
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17168
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17168
CVE-2012-0606
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17169
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17169
CVE-2012-0635
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17174
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17174
CVE-2012-0607
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17419
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17419
CVE-2012-0629
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17427
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17427
CVE-2012-0593
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17429
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17429
CVE-2012-0627
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17431
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17431
CVE-2012-0623
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:16862
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:16862
CVE-2012-0626
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:16879
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:16879
CVE-2012-0597
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17326
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17326
CVE-2011-2873
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17331
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17331
CVE-2012-0616
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17334
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17334
CVE-2011-2870
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17364
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17364
CVE-2012-0625
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17366
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17366
CVE-2012-0611
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17375
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17375
CVE-2012-0598
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17387
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17387
CVE-2012-0603
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17432
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17432
CVE-2012-0621
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17434
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17434
CVE-2012-0609
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17435
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17435
CVE-2011-2868
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17438
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17438
CVE-2011-2872
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17458
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17458
CVE-2012-0628
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17464
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17464
CVE-2012-0601
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17471
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17471
CVE-2012-0600
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17473
Title:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17473
CVE-2012-0613
Severity:
High
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17220
Title:
Use-after-free vulnerability in the setOuterText method in the htmlelement library in WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service...
Type:
Software
Bulletins:
MITRE:17220
CVE-2011-0116
Severity:
High
Description:
Use-after-free vulnerability in the setOuterText method in the htmlelement library in WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to DOM manipulations during iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17099
Title:
Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an itms: URL with a long URL component after a colon
Type:
Software
Bulletins:
MITRE:17099
CVE-2009-0950
Severity:
High
Description:
Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an itms: URL with a long URL component after a colon.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17367
Title:
Heap-based buffer overflow in ImageIO in CoreGraphics in Apple iTunes before 10.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted International Color Consortium...
Type:
Software
Bulletins:
MITRE:17367
CVE-2011-0170
Severity:
High
Description:
Heap-based buffer overflow in ImageIO in CoreGraphics in Apple iTunes before 10.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted International Color Consortium (ICC) profile in a JPEG image.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17303
Title:
Heap-based buffer overflow in Apple iTunes before 7.4 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted album cover art in the covr atom of an MP4/AAC file
Type:
Software
Bulletins:
MITRE:17303
CVE-2007-3752
Severity:
High
Description:
Heap-based buffer overflow in Apple iTunes before 7.4 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted album cover art in the covr atom of an MP4/AAC file.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17016
Title:
Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist
Type:
Software
Bulletins:
MITRE:17016
CVE-2012-0677
Severity:
High
Description:
Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:16919
Title:
CoreFoundation, as used in Apple iTunes before 10.5, does not properly perform string tokenization, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash)...
Type:
Software
Bulletins:
MITRE:16919
CVE-2011-0259
Severity:
High
Description:
CoreFoundation, as used in Apple iTunes before 10.5, does not properly perform string tokenization, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17228
Title:
Buffer overflow in CoreMedia, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding
Type:
Software
Bulletins:
MITRE:17228
CVE-2011-3219
Severity:
High
Description:
Buffer overflow in CoreMedia, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:16784
Title:
Buffer overflow in CoreAudio, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Advanced Audio Coding (AAC) stream
Type:
Software
Bulletins:
MITRE:16784
CVE-2011-3252
Severity:
High
Description:
Buffer overflow in CoreAudio, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Advanced Audio Coding (AAC) stream.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17304
Title:
Buffer overflow in Apple iTunes before 4.8 allows remote attackers to execute arbitrary code via a crafted MPEG4 file
Type:
Software
Bulletins:
MITRE:17304
CVE-2005-1248
Severity:
High
Description:
Buffer overflow in Apple iTunes before 4.8 allows remote attackers to execute arbitrary code via a crafted MPEG4 file.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17605
Title:
Apple iTunes before 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate
Type:
Software
Bulletins:
MITRE:17605
CVE-2013-1014
Severity:
Medium
Description:
Apple iTunes before 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:17136
Title:
Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning
Type:
Software
Bulletins:
MITRE:17136
CVE-2008-3434
Severity:
High
Description:
Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
MITRE:16978
Title:
Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a...
Type:
Software
Bulletins:
MITRE:16978
CVE-2007-1008
Severity:
Low
Description:
Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requires an attacker to perform DNS spoofing or man-in-the-middle attacks for exploitation.
Applies to:
Apple iTunes
Created:
2013-09-09
Updated:
2024-01-17

ID:
CVE-2013-3458
Title:
Cisco Adaptive Security Appliances (ASA) devices, when SMP is used, do not properly process X.509 certificates, which allows remote attackers to cause a denial of service (device crash) via a large volume of (1) SSL or (2) TLS traffic, aka Bug ID...
Type:
Hardware
Bulletins:
CVE-2013-3458
Severity:
High
Description:
Cisco Adaptive Security Appliances (ASA) devices, when SMP is used, do not properly process X.509 certificates, which allows remote attackers to cause a denial of service (device crash) via a large volume of (1) SSL or (2) TLS traffic, aka Bug ID CSCuh19462.
Applies to:
Created:
2013-09-07
Updated:
2024-01-17

ID:
CVE-2013-3474
Title:
The Web Administrator Interface on Cisco Wireless LAN Controller (WLC) devices allows remote authenticated users to cause a denial of service (device crash) by leveraging membership in the Full Manager managers group, Read Only managers group, or...
Type:
Hardware
Bulletins:
CVE-2013-3474
SFBID62084
Severity:
Medium
Description:
The Web Administrator Interface on Cisco Wireless LAN Controller (WLC) devices allows remote authenticated users to cause a denial of service (device crash) by leveraging membership in the Full Manager managers group, Read Only managers group, or Lobby Ambassador managers group, and sending a request that (1) lacks a parameter value or (2) contains a malformed parameter value, aka Bug IDs CSCuh14313, CSCuh14159, CSCuh14368, and CSCuh14436.
Applies to:
Created:
2013-08-30
Updated:
2024-01-17

ID:
CVE-2013-5469
Title:
The TCP implementation in Cisco IOS does not properly implement the transitions from the ESTABLISHED state to the CLOSED state, which allows remote attackers to cause a denial of service (flood of ACK packets) via a crafted series of ACK and FIN...
Type:
Hardware
Bulletins:
CVE-2013-5469
SFBID62083
Severity:
High
Description:
The TCP implementation in Cisco IOS does not properly implement the transitions from the ESTABLISHED state to the CLOSED state, which allows remote attackers to cause a denial of service (flood of ACK packets) via a crafted series of ACK and FIN packets, aka Bug ID CSCtz14399.
Applies to:
Created:
2013-08-30
Updated:
2024-01-17

ID:
CVE-2013-3470
Title:
The RIP process in Cisco IOS XR allows remote attackers to cause a denial of service (process crash) via a crafted version-2 RIP packet, aka Bug ID CSCue46731.
Type:
Hardware
Bulletins:
CVE-2013-3470
SFBID62066
Severity:
Medium
Description:
The RIP process in Cisco IOS XR allows remote attackers to cause a denial of service (process crash) via a crafted version-2 RIP packet, aka Bug ID CSCue46731.
Applies to:
Created:
2013-08-29
Updated:
2024-01-17

ID:
CVE-2013-3463
Title:
The protocol-inspection feature on Cisco Adaptive Security Appliances (ASA) devices does not properly implement the idle timeout, which allows remote attackers to cause a denial of service (connection-table exhaustion) via crafted requests that use...
Type:
Hardware
Bulletins:
CVE-2013-3463
SFBID62068
Severity:
Medium
Description:
The protocol-inspection feature on Cisco Adaptive Security Appliances (ASA) devices does not properly implement the idle timeout, which allows remote attackers to cause a denial of service (connection-table exhaustion) via crafted requests that use an inspected protocol, aka Bug ID CSCuh13899.
Applies to:
Created:
2013-08-29
Updated:
2024-01-17

ID:
CVE-2013-3472
Title:
Cross-site request forgery (CSRF) vulnerability in the Enterprise License Manager (ELM) in Cisco Unified Communications Manager (CM) allows remote attackers to hijack the authentication of arbitrary users for requests that make ELM modifications,...
Type:
Hardware
Bulletins:
CVE-2013-3472
Severity:
Medium
Description:
Cross-site request forgery (CSRF) vulnerability in the Enterprise License Manager (ELM) in Cisco Unified Communications Manager (CM) allows remote attackers to hijack the authentication of arbitrary users for requests that make ELM modifications, aka Bug ID CSCui58210.
Applies to:
Unified Communications Manager
Created:
2013-08-29
Updated:
2024-01-17

ID:
MITRE:17341
Title:
TrueType Font Parsing Vulnerability
Type:
Software
Bulletins:
MITRE:17341
CVE-2013-3129
Severity:
High
Description:
Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight 5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and GDI+, DirectWrite, and Journal, in Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT; GDI+ in Office 2003 SP3, 2007 SP3, and 2010 SP1; GDI+ in Visual Studio .NET 2003 SP1; and GDI+ in Lync 2010, 2010 Attendee, 2013, and Basic 2013 allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."
Applies to:
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.0
Microsoft .NET Framework 4.5
Microsoft Office 2003
Microsoft Office 2007
Microsoft Office 2010
Microsoft Silverlight 5
Created:
2013-08-26
Updated:
2024-01-17

ID:
CVE-2013-3460
Title:
Memory leak in Cisco Unified Communications Manager (Unified CM) 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(1) allows remote attackers to cause a denial of service (service disruption) via a high rate of UDP packets, aka...
Type:
Hardware
Bulletins:
CVE-2013-3460
Severity:
High
Description:
Memory leak in Cisco Unified Communications Manager (Unified CM) 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(1) allows remote attackers to cause a denial of service (service disruption) via a high rate of UDP packets, aka Bug ID CSCub85597.
Applies to:
Unified Communications Manager
Created:
2013-08-24
Updated:
2024-01-17

ID:
CVE-2013-3461
Title:
Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption,...
Type:
Hardware
Bulletins:
CVE-2013-3461
Severity:
High
Description:
Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption, and service disruption) via a flood of UDP packets to port 5060, aka Bug ID CSCub35869.
Applies to:
Unified Communications Manager
Created:
2013-08-24
Updated:
2024-01-17

ID:
CVE-2013-3459
Title:
Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6a does not properly handle errors, which allows remote attackers to cause a denial of service (service disruption) via malformed registration messages, aka Bug ID CSCuf93466.
Type:
Hardware
Bulletins:
CVE-2013-3459
Severity:
High
Description:
Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6a does not properly handle errors, which allows remote attackers to cause a denial of service (service disruption) via malformed registration messages, aka Bug ID CSCuf93466.
Applies to:
Unified Communications Manager
Created:
2013-08-24
Updated:
2024-01-17

ID:
CVE-2013-3462
Title:
Buffer overflow in Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6, 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(2) allows remote authenticated users to execute arbitrary code via unspecified...
Type:
Hardware
Bulletins:
CVE-2013-3462
Severity:
High
Description:
Buffer overflow in Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6, 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(2) allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Bug ID CSCud54358.
Applies to:
Unified Communications Manager
Created:
2013-08-24
Updated:
2024-01-17

ID:
CVE-2013-3453
Title:
Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (memory and CPU consumption) by making many TCP...
Type:
Hardware
Bulletins:
CVE-2013-3453
Severity:
High
Description:
Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (memory and CPU consumption) by making many TCP connections to port (1) 5060 or (2) 5061, aka Bug ID CSCud84959.
Applies to:
Unified Communications Manager
Created:
2013-08-22
Updated:
2024-01-17

ID:
MITRE:16998
Title:
WMV Video Decoder remote code execution vulnerability - MS13-057
Type:
Miscellaneous
Bulletins:
MITRE:16998
CVE-2013-3127
Severity:
High
Description:
The Microsoft WMV video codec in wmv9vcm.dll, wmvdmod.dll in Windows Media Format Runtime 9 and 9.5, and wmvdecod.dll in Windows Media Format Runtime 11 and Windows Media Player 11 and 12 allows remote attackers to execute arbitrary code via a crafted media file, aka "WMV Video Decoder Remote Code Execution Vulnerability."
Applies to:
Windows Media Format Runtime 11
Windows Media Format Runtime 9.0
Windows Media Format Runtime 9.5
Windows Media Player 12
Created:
2013-08-19
Updated:
2024-01-17

ID:
MITRE:17253
Title:
Microsoft Windows Defender Improper Pathname Vulnerability - MS13-058
Type:
Software
Bulletins:
MITRE:17253
CVE-2013-3154
Severity:
Medium
Description:
The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory, aka "Microsoft Windows 7 Defender Improper Pathname Vulnerability."
Applies to:
Created:
2013-08-19
Updated:
2024-01-17

ID:
CVE-2013-3464
Title:
Cisco IOS XR allows local users to cause a denial of service (Silicon Packet Processor memory corruption, improper mutex handling, and device reload) by starting an outbound flood of large ICMP Echo Request packets and stopping this with a CTRL-C...
Type:
Hardware
Bulletins:
CVE-2013-3464
Severity:
Medium
Description:
Cisco IOS XR allows local users to cause a denial of service (Silicon Packet Processor memory corruption, improper mutex handling, and device reload) by starting an outbound flood of large ICMP Echo Request packets and stopping this with a CTRL-C sequence, aka Bug ID CSCui60347.
Applies to:
Created:
2013-08-13
Updated:
2024-01-17

ID:
CVE-2013-4806
Title:
The OSPF implementation on HP JD9##A routers; HP J4###A, J484#B, J8###A, JD3##A, JE###A, and JF55#A switches; HP 3COM routers and switches; and HP H3C routers and switches does not consider the possibility of duplicate Link State ID values in Link...
Type:
Hardware
Bulletins:
CVE-2013-4806
Severity:
High
Description:
The OSPF implementation on HP JD9##A routers; HP J4###A, J484#B, J8###A, JD3##A, JE###A, and JF55#A switches; HP 3COM routers and switches; and HP H3C routers and switches does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote authenticated users to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.
Applies to:
...
3Com Router 3012
3Com Router 3013
3Com Router 5012
3Com Router 5232
3Com Router 5642
3Com Router 5682
3Com Switch 5500-SI 24-Port
3Com Switch 5500G-48P-SI
3Com Switch 5500G-EI 24-Port
3Com Switch 5500G-EI 48-Port
hh3c-s5600-26C
Created:
2013-08-12
Updated:
2024-01-17

ID:
CVE-2013-3454
Title:
Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices, has a default password for the pwrecovery account, which makes it easier for remote attackers to modify the...
Type:
Hardware
Bulletins:
CVE-2013-3454
Severity:
High
Description:
Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices, has a default password for the pwrecovery account, which makes it easier for remote attackers to modify the configuration or perform arbitrary actions via HTTPS requests, aka Bug ID CSCui43128.
Applies to:
Cisco TX 9000
Cisco TX 9200
Cisco TelePresence System 1300
Cisco TelePresence System 3000
Cisco TelePresence System 3010
Cisco TelePresence System 3200
Cisco TelePresence System 3210
Created:
2013-08-08
Updated:
2024-01-17

ID:
MITRE:17256
Title:
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect integrity...
Type:
Software
Bulletins:
MITRE:17256
CVE-2013-2457
Severity:
Medium
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect implementation of "certain class checks" that allows remote attackers to bypass intended class restrictions.
Applies to:
Java Runtime Environment
Created:
2013-08-05
Updated:
2024-01-17

ID:
MITRE:16770
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:16770
CVE-2013-2447
Severity:
Medium
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to obtain a socket's local address via vectors involving inconsistencies between Socket.getLocalAddress and InetAddress.getLocalHost.
Applies to:
Java Runtime Environment
Created:
2013-08-05
Updated:
2024-01-17

ID:
MITRE:17214
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:17214
CVE-2013-2455
Severity:
Medium
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and CVE-2013-2452. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect access checks by the (1) getEnclosingClass, (2) getEnclosingMethod, and (3) getEnclosingConstructor methods.
Applies to:
Java Runtime Environment
Created:
2013-08-05
Updated:
2024-01-17

ID:
MITRE:16389
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:16389
CVE-2013-2464
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2463, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, and CVE-2013-2473.
Applies to:
Java Runtime Environment
Created:
2013-08-05
Updated:
2024-01-17

ID:
MITRE:16806
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:16806
CVE-2013-2470
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "ImagingLib byte lookup processing."
Applies to:
Java Runtime Environment
Created:
2013-08-05
Updated:
2024-01-17

ID:
MITRE:17181
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:17181
CVE-2013-2459
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "integer overflow checks."
Applies to:
Java Runtime Environment
Created:
2013-08-05
Updated:
2024-01-17

ID:
MITRE:17189
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:17189
CVE-2013-2473
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ByteBandedRaster size checks" in 2D.
Applies to:
Java Runtime Environment
Created:
2013-08-05
Updated:
2024-01-17

ID:
MITRE:17230
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:17230
CVE-2013-2443
Severity:
Medium
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2452 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect "checking order" within the AccessControlContext class.
Applies to:
Java Runtime Environment
Created:
2013-08-05
Updated:
2024-01-17

ID:
MITRE:17236
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:17236
CVE-2013-2454
Severity:
Medium
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via vectors related to JDBC. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly restrict access to certain class packages in the SerialJavaObject class, which allows remote attackers to bypass the Java sandbox.
Applies to:
Java Runtime Environment
Created:
2013-08-05
Updated:
2024-01-17

ID:
MITRE:17294
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:17294
CVE-2013-2456
Severity:
Medium
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper access checks for subclasses in the ObjectOutputStream class.
Applies to:
Java Runtime Environment
Created:
2013-08-05
Updated:
2024-01-17

ID:
MITRE:16580
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:16580
CVE-2013-2452
Severity:
Medium
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "network address handling in virtual machine identifiers" and the lack of "unique and unpredictable IDs" in the java.rmi.dgc.VMID class.
Applies to:
Java Runtime Environment
Created:
2013-08-05
Updated:
2024-01-17

ID:
MITRE:17042
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:17042
CVE-2013-2469
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image layout verification" in 2D.
Applies to:
Java Runtime Environment
Created:
2013-08-05
Updated:
2024-01-17

ID:
MITRE:16311
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:16311
CVE-2013-2446
Severity:
Medium
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via vectors related to CORBA. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly enforce access restrictions for CORBA output streams.
Applies to:
Java Runtime Environment
Created:
2013-08-05
Updated:
2024-01-17

ID:
MITRE:17106
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:17106
CVE-2013-2465
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D.
Applies to:
Java Runtime Environment
Created:
2013-08-05
Updated:
2024-01-17

ID:
MITRE:16712
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:16712
CVE-2013-2472
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ShortBandedRaster size checks" in 2D.
Applies to:
Java Runtime Environment
Created:
2013-08-05
Updated:
2024-01-17

ID:
MITRE:17052
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:17052
CVE-2013-2448
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to insufficient "access restrictions" and "robustness of sound classes."
Applies to:
Java Runtime Environment
Created:
2013-08-05
Updated:
2024-01-17

ID:
MITRE:17090
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:17090
CVE-2013-2445
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vectors related to Hotspot. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "handling of memory allocation errors."
Applies to:
Java Runtime Environment
Created:
2013-08-05
Updated:
2024-01-17

ID:
MITRE:17149
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:17149
CVE-2013-2463
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image attribute verification" in 2D.
Applies to:
Java Runtime Environment
Created:
2013-08-05
Updated:
2024-01-17

ID:
MITRE:17176
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:17176
CVE-2013-2450
Severity:
Medium
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper handling of circular references in ObjectStreamClass.
Applies to:
Java Runtime Environment
Created:
2013-08-05
Updated:
2024-01-17

ID:
MITRE:16840
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:16840
CVE-2013-2471
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect IntegerComponentRaster size checks."
Applies to:
Java Runtime Environment
Created:
2013-08-05
Updated:
2024-01-17

ID:
MITRE:17221
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows local users to affect...
Type:
Software
Bulletins:
MITRE:17221
CVE-2013-1500
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality and integrity via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to weak permissions for shared memory.
Applies to:
Java Runtime Environment
Created:
2013-08-05
Updated:
2024-01-17

ID:
MITRE:16545
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect integrity via vectors related to...
Type:
Software
Bulletins:
MITRE:16545
CVE-2013-2453
Severity:
Medium
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to a missing check for "package access" by the MBeanServer Introspector.
Applies to:
Java Runtime Environment
Created:
2013-08-05
Updated:
2024-01-17

ID:
MITRE:16803
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and...
Type:
Software
Bulletins:
MITRE:16803
CVE-2013-2442
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2466 and CVE-2013-2468.
Applies to:
Java Runtime Environment
Created:
2013-08-05
Updated:
2024-01-17

ID:
MITRE:17206
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and...
Type:
Software
Bulletins:
MITRE:17206
CVE-2013-2468
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2442 and CVE-2013-2466.
Applies to:
Java Runtime Environment
Created:
2013-08-05
Updated:
2024-01-17

ID:
MITRE:16982
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and...
Type:
Software
Bulletins:
MITRE:16982
CVE-2013-2466
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2442 and CVE-2013-2468.
Applies to:
Java Runtime Environment
Created:
2013-08-05
Updated:
2024-01-17

ID:
MITRE:16887
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and...
Type:
Software
Bulletins:
MITRE:16887
CVE-2013-2461
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June and July 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass verification of XML signatures via vectors related to a "Missing check for [a] valid DOMCanonicalizationMethod canonicalization algorithm."
Applies to:
Java Runtime Environment
Created:
2013-08-05
Updated:
2024-01-17

ID:
MITRE:16617
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality via unknown vectors...
Type:
Software
Bulletins:
MITRE:16617
CVE-2013-2437
Severity:
Medium
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
Applies to:
Java Runtime Environment
Created:
2013-08-05
Updated:
2024-01-17

ID:
MITRE:17098
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality via unknown vectors...
Type:
Software
Bulletins:
MITRE:17098
CVE-2013-2412
Severity:
Medium
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serviceability. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient indication of an SSL connection failure by JConsole, related to RMI connection dialog box.
Applies to:
Java Runtime Environment
Created:
2013-08-05
Updated:
2024-01-17

ID:
MITRE:17195
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality and availability...
Type:
Software
Bulletins:
MITRE:17195
CVE-2013-2407
Severity:
Medium
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "XML security and the class loader."
Applies to:
Java Runtime Environment
Created:
2013-08-05
Updated:
2024-01-17

ID:
MITRE:17265
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows local users to affect confidentiality, integrity, and...
Type:
Software
Bulletins:
MITRE:17265
CVE-2013-2451
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper enforcement of exclusive port binds when running on Windows, which allows attackers to bind to ports that are already in use.
Applies to:
Java Runtime Environment
Created:
2013-08-05
Updated:
2024-01-17

ID:
MITRE:17180
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.
Type:
Software
Bulletins:
MITRE:17180
CVE-2013-3744
Severity:
Medium
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2400.
Applies to:
Java Runtime Environment
Created:
2013-08-05
Updated:
2024-01-17

ID:
MITRE:16899
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.
Type:
Software
Bulletins:
MITRE:16899
CVE-2013-2400
Severity:
Medium
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-3744.
Applies to:
Java Runtime Environment
Created:
2013-08-05
Updated:
2024-01-17

ID:
MITRE:17257
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown...
Type:
Software
Bulletins:
MITRE:17257
CVE-2013-2462
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Applies to:
Java Runtime Environment
Created:
2013-08-05
Updated:
2024-01-17

ID:
MITRE:17116
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown...
Type:
Software
Bulletins:
MITRE:17116
CVE-2013-2460
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "insufficient access checks" in the tracing component.
Applies to:
Java Runtime Environment
Created:
2013-08-05
Updated:
2024-01-17

ID:
MITRE:17192
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
Type:
Software
Bulletins:
MITRE:17192
CVE-2013-2449
Severity:
Medium
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to GnomeFileTypeDetector and a missing check for read permissions for a path.
Applies to:
Java Runtime Environment
Created:
2013-08-05
Updated:
2024-01-17

ID:
MITRE:17069
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to...
Type:
Software
Bulletins:
MITRE:17069
CVE-2013-2458
Severity:
Medium
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via "an error related to method handles."
Applies to:
Java Runtime Environment
Created:
2013-08-05
Updated:
2024-01-17

ID:
MITRE:17202
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 45 and earlier and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and...
Type:
Software
Bulletins:
MITRE:17202
CVE-2013-3743
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 45 and earlier and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.
Applies to:
Java Runtime Environment
Created:
2013-08-05
Updated:
2024-01-17

ID:
MITRE:17014
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 5.0 Update 45 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors...
Type:
Software
Bulletins:
MITRE:17014
CVE-2013-2467
Severity:
Medium
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 5.0 Update 45 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Java installer.
Applies to:
Java Runtime Environment
Created:
2013-08-05
Updated:
2024-01-17

ID:
CVE-2013-3442
Title:
The web portal in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854.
Type:
Hardware
Bulletins:
CVE-2013-3442
Severity:
Medium
Description:
The web portal in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854.
Applies to:
Unified Communications Manager
Created:
2013-08-05
Updated:
2024-01-17

ID:
CVE-2013-3451
Title:
Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Unified Communications Manager (Unified CM) allow remote attackers to hijack the authentication of arbitrary users for requests that perform arbitrary Unified CM operations, aka Bug...
Type:
Hardware
Bulletins:
CVE-2013-3451
Severity:
Medium
Description:
Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Unified Communications Manager (Unified CM) allow remote attackers to hijack the authentication of arbitrary users for requests that perform arbitrary Unified CM operations, aka Bug ID CSCui13033.
Applies to:
Unified Communications Manager
Created:
2013-08-05
Updated:
2024-01-17

ID:
CVE-2013-3450
Title:
Cross-site request forgery (CSRF) vulnerability in the User WebDialer page in Cisco Unified Communications Manager (Unified CM) allows remote attackers to hijack the authentication of arbitrary users for requests that dial calls, aka Bug ID CSCui13028.
Type:
Hardware
Bulletins:
CVE-2013-3450
Severity:
Medium
Description:
Cross-site request forgery (CSRF) vulnerability in the User WebDialer page in Cisco Unified Communications Manager (Unified CM) allows remote attackers to hijack the authentication of arbitrary users for requests that dial calls, aka Bug ID CSCui13028.
Applies to:
Unified Communications Manager
Created:
2013-08-05
Updated:
2024-01-17

ID:
CVE-2012-5460
Title:
Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText...
Type:
Hardware
Bulletins:
CVE-2012-5460
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter.
Applies to:
Created:
2013-08-01
Updated:
2024-01-17

ID:
MITRE:16835
Title:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks...
Type:
Software
Bulletins:
MITRE:16835
CVE-2013-0386
Severity:
Medium
Description:
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.
Applies to:
MySQL Server 5.5
Created:
2013-07-29
Updated:
2024-01-17

ID:
MITRE:17186
Title:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful unauthenticated...
Type:
Services
Bulletins:
MITRE:17186
CVE-2012-1702
Severity:
Medium
Description:
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.
Applies to:
MySQL Server 5.1
MySQL Server 5.5
Created:
2013-07-29
Updated:
2024-01-17

ID:
MITRE:17266
Title:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated...
Type:
Services
Bulletins:
MITRE:17266
CVE-2012-0574
Severity:
Medium
Description:
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors.
Applies to:
MySQL Server 5.1
MySQL Server 5.5
Created:
2013-07-29
Updated:
2024-01-17

ID:
MITRE:16267
Title:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Replication). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability requiring logon to...
Type:
Services
Bulletins:
MITRE:16267
CVE-2013-0385
Severity:
Medium
Description:
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.
Applies to:
MySQL Server 5.1
MySQL Server 5.5
Created:
2013-07-29
Updated:
2024-01-17

ID:
MITRE:17175
Title:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Replication). Supported versions that are affected are 5.1.66 and earlier and 5.1.28 and earlier. Easily exploitable vulnerability allows successful...
Type:
Services
Bulletins:
MITRE:17175
CVE-2013-0375
Severity:
Medium
Description:
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.
Applies to:
MySQL Server 5.1
MySQL Server 5.5
Created:
2013-07-29
Updated:
2024-01-17

ID:
MITRE:16877
Title:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Privileges). Supported versions that are affected are 5.5.28 and earlier. Difficult to exploit vulnerability allows successful authenticated network...
Type:
Software
Bulletins:
MITRE:16877
CVE-2012-5096
Severity:
Low
Description:
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors.
Applies to:
MySQL Server 5.5
Created:
2013-07-29
Updated:
2024-01-17

ID:
MITRE:16395
Title:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Privileges). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful...
Type:
Services
Bulletins:
MITRE:16395
CVE-2012-5611
Severity:
Medium
Description:
Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.
Applies to:
MySQL Server 5.1
MySQL Server 5.5
Created:
2013-07-29
Updated:
2024-01-17

ID:
MITRE:17077
Title:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Partition). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks...
Type:
Software
Bulletins:
MITRE:17077
CVE-2013-0367
Severity:
Medium
Description:
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition.
Applies to:
MySQL Server 5.5
Created:
2013-07-29
Updated:
2024-01-17

ID:
MITRE:16960
Title:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Parser). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via...
Type:
Software
Bulletins:
MITRE:16960
CVE-2012-5612
Severity:
Medium
Description:
Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands.
Applies to:
MySQL Server 5.5
Created:
2013-07-29
Updated:
2024-01-17

ID:
MITRE:16947
Title:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks...
Type:
Software
Bulletins:
MITRE:16947
CVE-2012-0578
Severity:
Medium
Description:
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Applies to:
MySQL Server 5.5
Created:
2013-07-29
Updated:
2024-01-17

ID:
MITRE:16825
Title:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful...
Type:
Services
Bulletins:
MITRE:16825
CVE-2013-0389
Severity:
Medium
Description:
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Applies to:
MySQL Server 5.1
MySQL Server 5.5
Created:
2013-07-29
Updated:
2024-01-17

ID:
MITRE:17268
Title:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful...
Type:
Services
Bulletins:
MITRE:17268
CVE-2012-1705
Severity:
Medium
Description:
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Applies to:
MySQL Server 5.1
MySQL Server 5.5
Created:
2013-07-29
Updated:
2024-01-17

ID:
MITRE:16758
Title:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Locking). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Difficult to exploit vulnerability allows successful...
Type:
Services
Bulletins:
MITRE:16758
CVE-2013-0383
Severity:
Medium
Description:
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking.
Applies to:
MySQL Server 5.1
MySQL Server 5.5
Created:
2013-07-29
Updated:
2024-01-17

ID:
MITRE:16451
Title:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via...
Type:
Software
Bulletins:
MITRE:16451
CVE-2013-0371
Severity:
Medium
Description:
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability, related to MyISAM.
Applies to:
MySQL Server 5.5
Created:
2013-07-29
Updated:
2024-01-17

ID:
MITRE:17255
Title:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via...
Type:
Software
Bulletins:
MITRE:17255
CVE-2013-0368
Severity:
Medium
Description:
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
Applies to:
MySQL Server 5.5
Created:
2013-07-29
Updated:
2024-01-17

ID:
MITRE:16792
Title:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated...
Type:
Services
Bulletins:
MITRE:16792
CVE-2012-0572
Severity:
Medium
Description:
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
Applies to:
MySQL Server 5.1
MySQL Server 5.5
Created:
2013-07-29
Updated:
2024-01-17

ID:
MITRE:16632
Title:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Information Schema). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful...
Type:
Services
Bulletins:
MITRE:16632
CVE-2013-0384
Severity:
Medium
Description:
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Information Schema.
Applies to:
MySQL Server 5.1
MySQL Server 5.5
Created:
2013-07-29
Updated:
2024-01-17

ID:
CVE-2013-3414
Title:
Cross-site scripting (XSS) vulnerability in the WebVPN portal login page on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCug83080.
Type:
Hardware
Bulletins:
CVE-2013-3414
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in the WebVPN portal login page on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCug83080.
Applies to:
Created:
2013-07-25
Updated:
2024-01-17

ID:
MITRE:16375
Title:
The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to...
Type:
Software
Bulletins:
MITRE:16375
CVE-2013-4083
Severity:
Medium
Description:
The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Applies to:
Wireshark
Created:
2013-07-22
Updated:
2024-01-17

ID:
CVE-2013-3436
Title:
The default configuration of the Group Encrypted Transport VPN (GET VPN) feature on Cisco IOS uses an improper mechanism for enabling Group Domain of Interpretation (GDOI) traffic flow, which allows remote attackers to bypass the encryption policy...
Type:
Hardware
Bulletins:
CVE-2013-3436
SFBID61362
Severity:
Medium
Description:
The default configuration of the Group Encrypted Transport VPN (GET VPN) feature on Cisco IOS uses an improper mechanism for enabling Group Domain of Interpretation (GDOI) traffic flow, which allows remote attackers to bypass the encryption policy via certain uses of UDP port 848, aka Bug ID CSCui07698.
Applies to:
Created:
2013-07-19
Updated:
2024-01-17

ID:
CVE-2013-3433
Title:
Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka...
Type:
Hardware
Bulletins:
CVE-2013-3433
SFBID61297
Severity:
Medium
Description:
Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02276.
Applies to:
Unified Communications Manager
Created:
2013-07-18
Updated:
2024-01-17

ID:
CVE-2013-3434
Title:
Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka...
Type:
Hardware
Bulletins:
CVE-2013-3434
SFBID61296
Severity:
Medium
Description:
Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02242.
Applies to:
Unified Communications Manager
Created:
2013-07-18
Updated:
2024-01-17

ID:
CVE-2013-3412
Title:
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuh81766.
Type:
Hardware
Bulletins:
CVE-2013-3412
Severity:
Medium
Description:
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuh81766.
Applies to:
Unified Communications Manager
Created:
2013-07-18
Updated:
2024-01-17

ID:
CVE-2013-3404
Title:
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging...
Type:
Hardware
Bulletins:
CVE-2013-3404
Severity:
High
Description:
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051.
Applies to:
Unified Communications Manager
Created:
2013-07-18
Updated:
2024-01-17

ID:
CVE-2013-3403
Title:
Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allow local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged...
Type:
Hardware
Bulletins:
CVE-2013-3403
Severity:
Medium
Description:
Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allow local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCuh73454.
Applies to:
Unified Communications Manager
Created:
2013-07-18
Updated:
2024-01-17

ID:
CVE-2013-3402
Title:
An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440.
Type:
Hardware
Bulletins:
CVE-2013-3402
Severity:
Medium
Description:
An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440.
Applies to:
Unified Communications Manager
Created:
2013-07-18
Updated:
2024-01-17

ID:
CVE-2013-4686
Title:
The kernel in Juniper Junos 10.4 before 10.4R14, 11.4 before 11.4R8, 11.4X27 before 11.4X27.43, 12.1 before 12.1R6, 12.1X44 before 12.1X44-D20, 12.2 before 12.2R4, and 12.3 before 12.3R2, in certain VLAN configurations with unrestricted arp-resp and...
Type:
Hardware
Bulletins:
CVE-2013-4686
SFBID61126
Severity:
High
Description:
The kernel in Juniper Junos 10.4 before 10.4R14, 11.4 before 11.4R8, 11.4X27 before 11.4X27.43, 12.1 before 12.1R6, 12.1X44 before 12.1X44-D20, 12.2 before 12.2R4, and 12.3 before 12.3R2, in certain VLAN configurations with unrestricted arp-resp and proxy-arp settings, allows remote attackers to cause a denial of service (device crash) via a crafted ARP request, aka PR 842091.
Applies to:
Created:
2013-07-11
Updated:
2024-01-17

ID:
CVE-2013-4690
Title:
Juniper Junos 10.4 before 10.4S13, 11.4 before 11.4R7-S1, 12.1 before 12.1R5-S3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on the SRX1400, SRX3400, and SRX3600 does not properly initialize memory locations used during padding of...
Type:
Hardware
Bulletins:
CVE-2013-4690
SFBID61123
Severity:
Medium
Description:
Juniper Junos 10.4 before 10.4S13, 11.4 before 11.4R7-S1, 12.1 before 12.1R5-S3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on the SRX1400, SRX3400, and SRX3600 does not properly initialize memory locations used during padding of Ethernet packets, which allows remote attackers to obtain sensitive information by reading packet data, aka PR 829536, a related issue to CVE-2003-0001.
Applies to:
Juniper SRX1400
Juniper SRX3400
Juniper SRX3600
Created:
2013-07-11
Updated:
2024-01-17

ID:
CVE-2013-4684
Title:
flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R8, 12.1 before 12.1R7, and 12.1X44 before 12.1X44-D15 on SRX devices, when PIM and NAT are enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted PIM...
Type:
Hardware
Bulletins:
CVE-2013-4684
SFBID61127
Severity:
High
Description:
flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R8, 12.1 before 12.1R7, and 12.1X44 before 12.1X44-D15 on SRX devices, when PIM and NAT are enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted PIM packets, aka PR 842253.
Applies to:
Juniper SRX100
Juniper SRX110
Juniper SRX1400
Juniper SRX210
Juniper SRX220
Juniper SRX240
Juniper SRX3400
Juniper SRX3600
Juniper SRX550
Juniper SRX5600
Juniper SRX5800
Juniper SRX650
Created:
2013-07-11
Updated:
2024-01-17

ID:
CVE-2013-4687
Title:
flowd in Juniper Junos 10.4 before 10.4S14, 11.2 and 11.4 before 11.4R6-S2, and 12.1 before 12.1R6 on SRX devices, when certain Application Layer Gateways (ALGs) are enabled, allows remote attackers to cause a denial of service (daemon crash) via...
Type:
Hardware
Bulletins:
CVE-2013-4687
SFBID61122
Severity:
High
Description:
flowd in Juniper Junos 10.4 before 10.4S14, 11.2 and 11.4 before 11.4R6-S2, and 12.1 before 12.1R6 on SRX devices, when certain Application Layer Gateways (ALGs) are enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted TCP packets, aka PRs 727980, 806269, and 835593.
Applies to:
Juniper SRX100
Juniper SRX110
Juniper SRX1400
Juniper SRX210
Juniper SRX220
Juniper SRX240
Juniper SRX3400
Juniper SRX3600
Juniper SRX550
Juniper SRX5600
Juniper SRX5800
Juniper SRX650
Created:
2013-07-11
Updated:
2024-01-17

ID:
CVE-2013-4688
Title:
flowd in Juniper Junos 10.4 before 10.4R11 on SRX devices, when the MSRPC Application Layer Gateway (ALG) is enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted MSRPC requests, aka PR 772834.
Type:
Hardware
Bulletins:
CVE-2013-4688
SFBID61124
Severity:
High
Description:
flowd in Juniper Junos 10.4 before 10.4R11 on SRX devices, when the MSRPC Application Layer Gateway (ALG) is enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted MSRPC requests, aka PR 772834.
Applies to:
Juniper SRX100
Juniper SRX110
Juniper SRX1400
Juniper SRX210
Juniper SRX220
Juniper SRX240
Juniper SRX3400
Juniper SRX3600
Juniper SRX550
Juniper SRX5600
Juniper SRX5800
Juniper SRX650
Created:
2013-07-11
Updated:
2024-01-17

ID:
CVE-2013-4685
Title:
Buffer overflow in flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7, 12.1 before 12.1R6, and 12.1X44 before 12.1X44-D15 on SRX devices, when Captive Portal is enabled with the UAC enforcer role, allows remote attackers to execute...
Type:
Hardware
Bulletins:
CVE-2013-4685
SFBID61125
Severity:
High
Description:
Buffer overflow in flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7, 12.1 before 12.1R6, and 12.1X44 before 12.1X44-D15 on SRX devices, when Captive Portal is enabled with the UAC enforcer role, allows remote attackers to execute arbitrary code via crafted HTTP requests, aka PR 849100.
Applies to:
Juniper SRX100
Juniper SRX110
Juniper SRX1400
Juniper SRX210
Juniper SRX220
Juniper SRX240
Juniper SRX3400
Juniper SRX3600
Juniper SRX550
Juniper SRX5600
Juniper SRX5800
Juniper SRX650
Created:
2013-07-11
Updated:
2024-01-17

ID:
CVE-2013-3400
Title:
The license-installation module in Cisco NX-OS on Nexus 1000V devices allows local users to execute arbitrary commands via crafted "install license" arguments, aka Bug ID CSCuh30824.
Type:
Hardware
Bulletins:
CVE-2013-3400
Severity:
Medium
Description:
The license-installation module in Cisco NX-OS on Nexus 1000V devices allows local users to execute arbitrary commands via crafted "install license" arguments, aka Bug ID CSCuh30824.
Applies to:
Cisco Nexus 1000V VSM
Created:
2013-07-10
Updated:
2024-01-17

ID:
CVE-2013-4787
Title:
Android 1.6 Donut through 4.2 Jelly Bean does not properly check cryptographic signatures for applications, which allows attackers to execute arbitrary code via an application package file (APK) that is modified in a way that does...
Type:
Mobile Devices
Bulletins:
CVE-2013-4787
SFBID60952
Severity:
High
Description:
Android 1.6 Donut through 4.2 Jelly Bean does not properly check cryptographic signatures for applications, which allows attackers to execute arbitrary code via an application package file (APK) that is modified in a way that does not violate the cryptographic signature, probably involving multiple entries in a Zip file with the same name in which one entry is validated but the other entry is installed, aka Android security bug 8219321 and the "Master Key" vulnerability.
Applies to:
Created:
2013-07-09
Updated:
2024-01-17

ID:
CVE-2013-2341
Title:
Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and switches allows remote authenticated users to...
Type:
Hardware
Bulletins:
CVE-2013-2341
Severity:
High
Description:
Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and switches allows remote authenticated users to execute arbitrary code or obtain sensitive information via unknown vectors.
Applies to:
3Com Router 3012
3Com Router 3013
3Com Router 3016
3Com Router 3036
3Com Router 3040
3Com Router 3041
3Com Router 5009
3Com Router 5012
3Com Router 5231
3Com Router 5232
3Com Router 5640
3Com Router 5642
3Com Router...
Created:
2013-07-06
Updated:
2024-01-17

ID:
CVE-2013-2340
Title:
Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and switches allows remote attackers to execute...
Type:
Hardware
Bulletins:
CVE-2013-2340
Severity:
High
Description:
Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and switches allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors.
Applies to:
3Com Router 3012
3Com Router 3013
3Com Router 3016
3Com Router 3036
3Com Router 3040
3Com Router 3041
3Com Router 5009
3Com Router 5012
3Com Router 5231
3Com Router 5232
3Com Router 5640
3Com Router 5642
3Com Router...
Created:
2013-07-06
Updated:
2024-01-17

ID:
CVE-2013-3382
Title:
The Next-Generation Firewall (aka NGFW, formerly CX Context-Aware Security) module 9.x before 9.1.1.9 and 9.1.2.x before 9.1.2.12 for Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (device...
Type:
Hardware
Bulletins:
CVE-2013-3382
Severity:
High
Description:
The Next-Generation Firewall (aka NGFW, formerly CX Context-Aware Security) module 9.x before 9.1.1.9 and 9.1.2.x before 9.1.2.12 for Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (device reload or traffic-processing outage) via fragmented (1) IPv4 or (2) IPv6 traffic, aka Bug ID CSCue88387.
Applies to:
Created:
2013-06-26
Updated:
2024-01-17

ID:
CVE-2013-3397
Title:
Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability component in Cisco Unified Communications Manager (CUCM) allows remote attackers to hijack the authentication of arbitrary users for requests that perform Unified...
Type:
Hardware
Bulletins:
CVE-2013-3397
Severity:
Medium
Description:
Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability component in Cisco Unified Communications Manager (CUCM) allows remote attackers to hijack the authentication of arbitrary users for requests that perform Unified Serviceability actions, aka Bug ID CSCuh10298.
Applies to:
Unified Communications Manager
Created:
2013-06-26
Updated:
2024-01-17

ID:
CVE-2013-3377
Title:
Cisco TelePresence TC Software before 5.1.7 and TE Software before 4.1.3 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCue01743.
Type:
Hardware
Bulletins:
CVE-2013-3377
Severity:
High
Description:
Cisco TelePresence TC Software before 5.1.7 and TE Software before 4.1.3 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCue01743.
Applies to:
Cisco Codec C40
Cisco Codec C60
Cisco Codec C90
Cisco Codec EX60
Cisco Codec EX90
Created:
2013-06-21
Updated:
2024-01-17

ID:
CVE-2013-4616
Title:
The WifiPasswordController generateDefaultPassword method in Preferences in Apple iOS 6 and earlier relies on the UITextChecker suggestWordInLanguage method for selection of Wi-Fi hotspot WPA2 PSK passphrases, which makes it easier...
Type:
Mobile Devices
Bulletins:
CVE-2013-4616
Severity:
Medium
Description:
The WifiPasswordController generateDefaultPassword method in Preferences in Apple iOS 6 and earlier relies on the UITextChecker suggestWordInLanguage method for selection of Wi-Fi hotspot WPA2 PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack that leverages the insufficient number of possible passphrases.
Applies to:
Created:
2013-06-18
Updated:
2024-01-17

ID:
MITRE:16168
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Swing) 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:16168
CVE-2012-1716
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing.
Applies to:
Java Runtime Environment
Created:
2013-06-10
Updated:
2024-01-17

ID:
MITRE:16430
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Sound) 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality,...
Type:
Software
Bulletins:
MITRE:16430
CVE-2013-1481
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.
Applies to:
Java Runtime Environment
Created:
2013-06-10
Updated:
2024-01-17

ID:
MITRE:15923
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Security) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote...
Type:
Software
Bulletins:
MITRE:15923
CVE-2012-1718
Severity:
Medium
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect availability via unknown vectors related to Security.
Applies to:
Java Runtime Environment
Created:
2013-06-10
Updated:
2024-01-17

ID:
MITRE:16519
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: RMI) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:16519
CVE-2013-0424
Severity:
Medium
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to cross-site scripting (XSS) in the sun.rmi.transport.proxy CGIHandler class that does not properly handle error messages in a (1) command or (2) port number.
Applies to:
Java Runtime Environment
Created:
2013-06-10
Updated:
2024-01-17

ID:
MITRE:16581
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Networking) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier, when running on...
Type:
Software
Bulletins:
MITRE:16581
CVE-2012-1720
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier, when running on Solaris, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking.
Applies to:
Java Runtime Environment
Created:
2013-06-10
Updated:
2024-01-17

ID:
MITRE:16537
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Networking) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect integrity via...
Type:
Software
Bulletins:
MITRE:16537
CVE-2013-0433
Severity:
Medium
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to avoid triggering an exception during the deserialization of invalid InetSocketAddress data.
Applies to:
Java Runtime Environment
Created:
2013-06-10
Updated:
2024-01-17

ID:
MITRE:16013
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect integrity via...
Type:
Software
Bulletins:
MITRE:16013
CVE-2013-0427
Severity:
Medium
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Libraries. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to interrupt certain threads that should not be interrupted.
Applies to:
Java Runtime Environment
Created:
2013-06-10
Updated:
2024-01-17

ID:
MITRE:15888
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to...
Type:
Software
Bulletins:
MITRE:15888
CVE-2013-0426
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions.
Applies to:
Java Runtime Environment
Created:
2013-06-10
Updated:
2024-01-17

ID:
MITRE:16058
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to...
Type:
Software
Bulletins:
MITRE:16058
CVE-2013-0425
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions.
Applies to:
Java Runtime Environment
Created:
2013-06-10
Updated:
2024-01-17

ID:
MITRE:16496
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to...
Type:
Software
Bulletins:
MITRE:16496
CVE-2013-0428
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "incorrect checks for proxy classes" in the Reflection API.
Applies to:
Java Runtime Environment
Created:
2013-06-10
Updated:
2024-01-17

ID:
MITRE:16558
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JSSE) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:16558
CVE-2013-0440
Severity:
Medium
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the the SSL/TLS implementation via a large number of ClientHello packets that are not properly handled by (1) ClientHandshaker.java and (2) ServerHandshaker.java.
Applies to:
Java Runtime Environment
Created:
2013-06-10
Updated:
2024-01-17

ID:
MITRE:15832
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JSSE) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:15832
CVE-2013-0443
Severity:
Medium
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a "small subgroup attack" to force the use of weak session keys or obtain sensitive information about the private key.
Applies to:
Java Runtime Environment
Created:
2013-06-10
Updated:
2024-01-17

ID:
MITRE:16550
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JMX) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect confidentiality,...
Type:
Software
Bulletins:
MITRE:16550
CVE-2013-0450
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper checks of "access control context" in the JMX RequiredModelMBean class.
Applies to:
Java Runtime Environment
Created:
2013-06-10
Updated:
2024-01-17

ID:
MITRE:16530
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JMX) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality via...
Type:
Software
Bulletins:
MITRE:16530
CVE-2013-0409
Severity:
Medium
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality via vectors related to JMX.
Applies to:
Java Runtime Environment
Created:
2013-06-10
Updated:
2024-01-17

ID:
MITRE:16528
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JAXP) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:16528
CVE-2013-0434
Severity:
Medium
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information.
Applies to:
Java Runtime Environment
Created:
2013-06-10
Updated:
2024-01-17

ID:
MITRE:16513
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Hotspot) 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:16513
CVE-2012-1725
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Applies to:
Java Runtime Environment
Created:
2013-06-10
Updated:
2024-01-17

ID:
MITRE:16259
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Hotspot) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote...
Type:
Software
Bulletins:
MITRE:16259
CVE-2012-1723
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Applies to:
Java Runtime Environment
Created:
2013-06-10
Updated:
2024-01-17

ID:
MITRE:15996
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers...
Type:
Software
Bulletins:
MITRE:15996
CVE-2012-1711
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to CORBA.
Applies to:
Java Runtime Environment
Created:
2013-06-10
Updated:
2024-01-17

ID:
MITRE:16312
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers...
Type:
Software
Bulletins:
MITRE:16312
CVE-2012-1719
Severity:
Medium
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect integrity, related to CORBA.
Applies to:
Java Runtime Environment
Created:
2013-06-10
Updated:
2024-01-17

ID:
MITRE:16649
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect confidentiality,...
Type:
Software
Bulletins:
MITRE:16649
CVE-2013-0429
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue involves the creation of a single PresentationManager that is shared across multiple thread groups, which allows remote attackers to bypass Java sandbox restrictions.
Applies to:
Java Runtime Environment
Created:
2013-06-10
Updated:
2024-01-17

ID:
MITRE:16566
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to...
Type:
Software
Bulletins:
MITRE:16566
CVE-2013-0441
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-1476 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via certain methods that should not be serialized, aka "missing serialization restriction."
Applies to:
Java Runtime Environment
Created:
2013-06-10
Updated:
2024-01-17

ID:
MITRE:16613
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to...
Type:
Software
Bulletins:
MITRE:16613
CVE-2013-1475
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java.
Applies to:
Java Runtime Environment
Created:
2013-06-10
Updated:
2024-01-17

ID:
MITRE:16652
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to...
Type:
Software
Bulletins:
MITRE:16652
CVE-2013-1476
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-0441 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via "certain value handler constructors."
Applies to:
Java Runtime Environment
Created:
2013-06-10
Updated:
2024-01-17

ID:
MITRE:16680
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect confidentiality,...
Type:
Software
Bulletins:
MITRE:16680
CVE-2013-0445
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox.
Applies to:
Java Runtime Environment
Created:
2013-06-10
Updated:
2024-01-17

ID:
MITRE:16567
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:16567
CVE-2013-0432
Severity:
Medium
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient clipboard access premission checks."
Applies to:
Java Runtime Environment
Created:
2013-06-10
Updated:
2024-01-17

ID:
MITRE:16035
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:16035
CVE-2013-0442
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox.
Applies to:
Java Runtime Environment
Created:
2013-06-10
Updated:
2024-01-17

ID:
MITRE:16045
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:16045
CVE-2013-1480
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption.
Applies to:
Java Runtime Environment
Created:
2013-06-10
Updated:
2024-01-17

ID:
MITRE:16502
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: 2D) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, 1.4.2_37 and earlier, and JavaFX 2.1 and earlier...
Type:
Software
Bulletins:
MITRE:16502
CVE-2012-1713
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, 1.4.2_37 and earlier, and JavaFX 2.1 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Applies to:
Java Runtime Environment
JavaFX
Created:
2013-06-10
Updated:
2024-01-17

ID:
MITRE:15733
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: 2D) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:15733
CVE-2013-1478
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" that can trigger an integer overflow and memory corruption.
Applies to:
Java Runtime Environment
Created:
2013-06-10
Updated:
2024-01-17

ID:
CVE-2013-3954
Title:
The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is...
Type:
Mobile Devices
Bulletins:
CVE-2013-3954
Severity:
Medium
Description:
The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is inconsistent with a header count field, or (2) obtain sensitive information from kernel heap memory via a certain size value in conjunction with a crafted buffer.
Applies to:
Created:
2013-06-05
Updated:
2024-01-17

ID:
CVE-2013-3953
Title:
The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory...
Type:
Mobile Devices
Bulletins:
CVE-2013-3953
Severity:
Medium
Description:
The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted call.
Applies to:
Created:
2013-06-05
Updated:
2024-01-17

ID:
CVE-2013-3950
Title:
Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLD_SHARED_CACHE_DIR...
Type:
Mobile Devices
Bulletins:
CVE-2013-3950
Severity:
Medium
Description:
Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLD_SHARED_CACHE_DIR environment variable.
Applies to:
Created:
2013-06-05
Updated:
2024-01-17

ID:
CVE-2013-3948
Title:
Apple iOS 6.1.3 does not follow redirects during determination of the hostname to display in an iOS Enterprise Deployment installation dialog, which makes it easier for remote attackers to trigger installation of arbitrary...
Type:
Mobile Devices
Bulletins:
CVE-2013-3948
Severity:
Medium
Description:
Apple iOS 6.1.3 does not follow redirects during determination of the hostname to display in an iOS Enterprise Deployment installation dialog, which makes it easier for remote attackers to trigger installation of arbitrary applications via a download-manifest itms-services:// URL that leverages an open redirect vulnerability within a trusted domain.
Applies to:
Created:
2013-06-05
Updated:
2024-01-17

ID:
MITRE:16549
Title:
Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5 Update 41 and earlier can result in unauthorized update, insert or delete access...
Type:
Software
Bulletins:
MITRE:16549
CVE-2013-2384
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2383, and CVE-2013-2420. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "font layout" in the International Components for Unicode (ICU) Layout Engine before 51.2.
Applies to:
Java Runtime Environment
Created:
2013-06-03
Updated:
2024-01-17

ID:
MITRE:16564
Title:
Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5 Update 41 and earlier can result in unauthorized update, insert or delete access...
Type:
Software
Bulletins:
MITRE:16564
CVE-2013-2383
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2384, and CVE-2013-2420. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "handling of [a] glyph table" in the International Components for Unicode (ICU) Layout Engine before 51.2.
Applies to:
Java Runtime Environment
Created:
2013-06-03
Updated:
2024-01-17

ID:
MITRE:16697
Title:
Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5 Update 41 and earlier can result in unauthorized update, insert or delete access...
Type:
Software
Bulletins:
MITRE:16697
CVE-2013-1569
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "checking of [a] glyph table" in the International Components for Unicode (ICU) Layout Engine before 51.2.
Applies to:
Java Runtime Environment
Created:
2013-06-03
Updated:
2024-01-17

ID:
MITRE:16527
Title:
Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful...
Type:
Software
Bulletins:
MITRE:16527
CVE-2013-2419
Severity:
Medium
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "font processing errors" in the International Components for Unicode (ICU) Layout Engine before 51.2.
Applies to:
Java Runtime Environment
Created:
2013-06-03
Updated:
2024-01-17

ID:
MITRE:16578
Title:
Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful...
Type:
Software
Bulletins:
MITRE:16578
CVE-2013-1537
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the default java.rmi.server.useCodebaseOnly setting of false, which allows remote attackers to perform "dynamic class downloading" and execute arbitrary code.
Applies to:
Java Runtime Environment
Created:
2013-06-03
Updated:
2024-01-17

ID:
MITRE:16314
Title:
Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful...
Type:
Software
Bulletins:
MITRE:16314
CVE-2013-2424
Severity:
Medium
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality via vectors related to JMX. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient class access checks" when "creating new instances" using MBeanInstantiator.
Applies to:
Java Runtime Environment
Created:
2013-06-03
Updated:
2024-01-17

ID:
MITRE:16688
Title:
Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful...
Type:
Software
Bulletins:
MITRE:16688
CVE-2013-1557
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "missing security restrictions" in the LogStream.setDefaultStream method.
Applies to:
Java Runtime Environment
Created:
2013-06-03
Updated:
2024-01-17

ID:
MITRE:16702
Title:
Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful...
Type:
Software
Bulletins:
MITRE:16702
CVE-2013-1518
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "missing security restrictions."
Applies to:
Java Runtime Environment
Created:
2013-06-03
Updated:
2024-01-17

ID:
MITRE:16446
Title:
Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful...
Type:
Software
Bulletins:
MITRE:16446
CVE-2013-2417
Severity:
Medium
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to Networking. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an information leak involving InetAddress serialization. CVE has not investigated the apparent discrepancy between vendor reports regarding the impact of this issue.
Applies to:
Java Runtime Environment
Created:
2013-06-03
Updated:
2024-01-17

ID:
MITRE:16297
Title:
Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Difficult to exploit vulnerability allows successful...
Type:
Software
Bulletins:
MITRE:16297
CVE-2013-0401
Severity:
High
Description:
The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to execute arbitrary code via vectors related to AWT, as demonstrated by Ben Murphy during a Pwn2Own competition at CanSecWest 2013. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to invocation of the system class loader by the sun.awt.datatransfer.ClassLoaderObjectInputStream class, which allows remote attackers to bypass Java sandbox restrictions.
Applies to:
Java Runtime Environment
Created:
2013-06-03
Updated:
2024-01-17

ID:
MITRE:16597
Title:
Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before and 5.0 Update 41 and before. Easily exploitable vulnerability allows successful...
Type:
Software
Bulletins:
MITRE:16597
CVE-2013-2420
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient "validation of images" in share/native/sun/awt/image/awt_ImageRep.c, possibly involving offsets.
Applies to:
Java Runtime Environment
Created:
2013-06-03
Updated:
2024-01-17

ID:
MITRE:16684
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, related to JMX.
Type:
Software
Bulletins:
MITRE:16684
CVE-2012-5075
Severity:
Medium
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, related to JMX.
Applies to:
Java Runtime Environment
Created:
2013-06-03
Updated:
2024-01-17

ID:
MITRE:16686
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and...
Type:
Software
Bulletins:
MITRE:16686
CVE-2012-3143
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX.
Applies to:
Java Runtime Environment
Created:
2013-06-03
Updated:
2024-01-17

ID:
MITRE:16506
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and...
Type:
Software
Bulletins:
MITRE:16506
CVE-2012-5089
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX.
Applies to:
Java Runtime Environment
Created:
2013-06-03
Updated:
2024-01-17

ID:
MITRE:16685
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity...
Type:
Software
Bulletins:
MITRE:16685
CVE-2012-5069
Severity:
Medium
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Concurrency.
Applies to:
Java Runtime Environment
Created:
2013-06-03
Updated:
2024-01-17

ID:
MITRE:16227
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity,...
Type:
Software
Bulletins:
MITRE:16227
CVE-2012-5071
Severity:
Medium
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity, related to JMX.
Applies to:
Java Runtime Environment
Created:
2013-06-03
Updated:
2024-01-17

ID:
MITRE:16546
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier; and JavaFX 2.2 and...
Type:
Software
Bulletins:
MITRE:16546
CVE-2012-1531
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier; and JavaFX 2.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Applies to:
Java Runtime Environment
JavaFX
Created:
2013-06-03
Updated:
2024-01-17

ID:
MITRE:16553
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote...
Type:
Software
Bulletins:
MITRE:16553
CVE-2012-5084
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing.
Applies to:
Java Runtime Environment
Created:
2013-06-03
Updated:
2024-01-17

ID:
MITRE:16538
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote...
Type:
Software
Bulletins:
MITRE:16538
CVE-2012-3216
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
Applies to:
Java Runtime Environment
Created:
2013-06-03
Updated:
2024-01-17

ID:
MITRE:16585
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote...
Type:
Software
Bulletins:
MITRE:16585
CVE-2012-5077
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Security.
Applies to:
Java Runtime Environment
Created:
2013-06-03
Updated:
2024-01-17

ID:
MITRE:16602
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote...
Type:
Software
Bulletins:
MITRE:16602
CVE-2012-5079
Severity:
Medium
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries.
Applies to:
Java Runtime Environment
Created:
2013-06-03
Updated:
2024-01-17

ID:
MITRE:16654
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote...
Type:
Software
Bulletins:
MITRE:16654
CVE-2012-5085
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote authenticated users to have an unspecified impact via unknown vectors related to Networking. NOTE: the Oracle CPU states that this issue has a 0.0 CVSS score. If so, then this is not a vulnerability and this issue should not be included in CVE.
Applies to:
Java Runtime Environment
Created:
2013-06-03
Updated:
2018-09-11

ID:
MITRE:16043
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote...
Type:
Software
Bulletins:
MITRE:16043
CVE-2012-5081
Severity:
Medium
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect availability, related to JSSE.
Applies to:
Java Runtime Environment
Created:
2013-06-03
Updated:
2024-01-17

ID:
MITRE:16466
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote...
Type:
Software
Bulletins:
MITRE:16466
CVE-2012-5073
Severity:
Medium
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries.
Applies to:
Java Runtime Environment
JavaFX
Created:
2013-06-03
Updated:
2024-01-17

ID:
MITRE:16544
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, 1.4.2_38 and earlier, and JavaFX 2.2 and...
Type:
Software
Bulletins:
MITRE:16544
CVE-2012-5083
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, 1.4.2_38 and earlier, and JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Applies to:
Java Runtime Environment
JavaFX
Created:
2013-06-03
Updated:
2024-01-17

ID:
CVE-2013-1212
Title:
The SSL functionality in Cisco NX-OS on the Nexus 1000V does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof servers, and intercept or modify Virtual Supervisor Module (VSM) to VMware vCenter communication,...
Type:
Hardware
Bulletins:
CVE-2013-1212
Severity:
Medium
Description:
The SSL functionality in Cisco NX-OS on the Nexus 1000V does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof servers, and intercept or modify Virtual Supervisor Module (VSM) to VMware vCenter communication, via a crafted certificate, aka Bug ID CSCud14837.
Applies to:
Cisco Nexus 1000V VSM
Created:
2013-05-29
Updated:
2024-01-17

ID:
CVE-2013-1209
Title:
The encryption functionality in the Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication component in Cisco NX-OS on the Nexus 1000V does not properly authenticate VSM/VEM packets, which allows remote attackers to disable...
Type:
Hardware
Bulletins:
CVE-2013-1209
Severity:
Medium
Description:
The encryption functionality in the Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication component in Cisco NX-OS on the Nexus 1000V does not properly authenticate VSM/VEM packets, which allows remote attackers to disable packet-level encryption and integrity protection via crafted packets, aka Bug ID CSCud14710.
Applies to:
Created:
2013-05-29
Updated:
2024-01-17

ID:
CVE-2013-1208
Title:
The encryption functionality in Cisco NX-OS on the Nexus 1000V does not properly handle Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication, which allows remote attackers to intercept or modify network traffic by...
Type:
Hardware
Bulletins:
CVE-2013-1208
Severity:
Medium
Description:
The encryption functionality in Cisco NX-OS on the Nexus 1000V does not properly handle Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication, which allows remote attackers to intercept or modify network traffic by leveraging certain Layer 2 or Layer 3 access, aka Bug ID CSCud14691.
Applies to:
Created:
2013-05-29
Updated:
2024-01-17

ID:
CVE-2013-1211
Title:
Cisco NX-OS on the Nexus 1000V does not properly handle authentication for Virtual Ethernet Module (VEM) to Virtual Supervisor Module (VSM) communication, which allows remote attackers to obtain VEM access via (1) spoofed STUN packets or (2) a...
Type:
Hardware
Bulletins:
CVE-2013-1211
Severity:
Medium
Description:
Cisco NX-OS on the Nexus 1000V does not properly handle authentication for Virtual Ethernet Module (VEM) to Virtual Supervisor Module (VSM) communication, which allows remote attackers to obtain VEM access via (1) spoofed STUN packets or (2) a crafted VMware ESXi instance, aka Bug ID CSCud14832.
Applies to:
Created:
2013-05-29
Updated:
2024-01-17

ID:
CVE-2013-1213
Title:
Cisco NX-OS on the Nexus 1000V does not assign the proper priority to heartbeat messages from a Virtual Ethernet Module (VEM) to a Virtual Supervisor Module (VSM), which allows remote attackers to cause a denial of service (false VEM unavailability...
Type:
Hardware
Bulletins:
CVE-2013-1213
Severity:
Medium
Description:
Cisco NX-OS on the Nexus 1000V does not assign the proper priority to heartbeat messages from a Virtual Ethernet Module (VEM) to a Virtual Supervisor Module (VSM), which allows remote attackers to cause a denial of service (false VEM unavailability report) via a flood of UDP packets, aka Bug ID CSCud14840.
Applies to:
Cisco Nexus 1000V VSM
Created:
2013-05-29
Updated:
2024-01-17

ID:
CVE-2013-1210
Title:
Array index error in the Virtual Ethernet Module (VEM) kernel driver for VMware ESXi in Cisco NX-OS on the Nexus 1000V, when STUN debugging is enabled, allows remote attackers to cause a denial of service (ESXi crash and purple screen of death) by...
Type:
Hardware
Bulletins:
CVE-2013-1210
Severity:
Medium
Description:
Array index error in the Virtual Ethernet Module (VEM) kernel driver for VMware ESXi in Cisco NX-OS on the Nexus 1000V, when STUN debugging is enabled, allows remote attackers to cause a denial of service (ESXi crash and purple screen of death) by sending crafted STUN packets to a VEM, aka Bug ID CSCud14825.
Applies to:
Created:
2013-05-29
Updated:
2024-01-17

ID:
MITRE:16598
Title:
Microsoft Windows Remote Desktop Client remote code execution vulnerability - MS13-029
Type:
Software
Bulletins:
MITRE:16598
CVE-2013-1296
Severity:
High
Description:
The Remote Desktop ActiveX control in mstscax.dll in Microsoft Remote Desktop Connection Client 6.1 and 7.0 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a web page that triggers access to a deleted object, and allows remote RDP servers to execute arbitrary code via unspecified vectors that trigger access to a deleted object, aka "RDP ActiveX Control Remote Code Execution Vulnerability."
Applies to:
Remote Desktop Client
Created:
2013-05-27
Updated:
2024-01-17

ID:
MITRE:16293
Title:
Elevation of privilege vulnerability in Windows Defender - MS13-034
Type:
Software
Bulletins:
MITRE:16293
CVE-2013-0078
Severity:
High
Description:
The Microsoft Antimalware Client in Windows Defender on Windows 8 and Windows RT uses an incorrect pathname for MsMpEng.exe, which allows local users to gain privileges via a crafted application, aka "Microsoft Antimalware Improper Pathname Vulnerability."
Applies to:
Created:
2013-05-27
Updated:
2024-01-17

ID:
CVE-2013-1019
Title:
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.
Type:
Mobile Devices
Bulletins:
CVE-2013-1019
Severity:
High
Description:
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.
Applies to:
Created:
2013-05-24
Updated:
2024-01-17

ID:
CVE-2013-1204
Title:
Memory leak in the SNMP process in Cisco IOS XR allows remote attackers to cause a denial of service (memory consumption or process reload) by sending many port-162 UDP packets, aka Bug ID CSCug80345.
Type:
Hardware
Bulletins:
CVE-2013-1204
Severity:
Medium
Description:
Memory leak in the SNMP process in Cisco IOS XR allows remote attackers to cause a denial of service (memory consumption or process reload) by sending many port-162 UDP packets, aka Bug ID CSCug80345.
Applies to:
Created:
2013-05-23
Updated:
2024-01-17

ID:
CVE-2013-2842
Title:
Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets.
Type:
Mobile Devices
Bulletins:
CVE-2013-2842
Severity:
High
Description:
Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets.
Applies to:
Created:
2013-05-22
Updated:
2024-01-17

ID:
CVE-2013-0999
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Mobile Devices
Bulletins:
CVE-2013-0999
Severity:
High
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Created:
2013-05-20
Updated:
2024-01-17

ID:
CVE-2013-1000
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Mobile Devices
Bulletins:
CVE-2013-1000
Severity:
High
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Created:
2013-05-20
Updated:
2024-01-17

ID:
CVE-2013-1001
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Mobile Devices
Bulletins:
CVE-2013-1001
Severity:
High
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Created:
2013-05-20
Updated:
2024-01-17

ID:
CVE-2013-1002
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Mobile Devices
Bulletins:
CVE-2013-1002
Severity:
High
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Created:
2013-05-20
Updated:
2024-01-17

ID:
CVE-2013-1003
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Mobile Devices
Bulletins:
CVE-2013-1003
Severity:
High
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Created:
2013-05-20
Updated:
2024-01-17

ID:
CVE-2013-1006
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Mobile Devices
Bulletins:
CVE-2013-1006
Severity:
High
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Created:
2013-05-20
Updated:
2024-01-17

ID:
CVE-2013-1007
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Mobile Devices
Bulletins:
CVE-2013-1007
Severity:
High
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Created:
2013-05-20
Updated:
2024-01-17

ID:
CVE-2013-1008
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Mobile Devices
Bulletins:
CVE-2013-1008
Severity:
High
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Created:
2013-05-20
Updated:
2024-01-17

ID:
CVE-2013-1010
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Mobile Devices
Bulletins:
CVE-2013-1010
Severity:
High
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Created:
2013-05-20
Updated:
2024-01-17

ID:
CVE-2013-1004
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Mobile Devices
Bulletins:
CVE-2013-1004
Severity:
High
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Created:
2013-05-20
Updated:
2024-01-17

ID:
CVE-2013-1005
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Mobile Devices
Bulletins:
CVE-2013-1005
Severity:
High
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Created:
2013-05-20
Updated:
2024-01-17

ID:
CVE-2013-1188
Title:
Cisco Unified Communications Manager (CUCM) does not properly limit the rate of authentication attempts, which allows remote attackers to cause a denial of service (application slowdown) via a series of requests, aka Bug ID CSCud39515.
Type:
Hardware
Bulletins:
CVE-2013-1188
Severity:
Medium
Description:
Cisco Unified Communications Manager (CUCM) does not properly limit the rate of authentication attempts, which allows remote attackers to cause a denial of service (application slowdown) via a series of requests, aka Bug ID CSCud39515.
Applies to:
Unified Communications Manager
Created:
2013-05-15
Updated:
2024-01-17

ID:
CVE-2013-1136
Title:
The crypto engine process in Cisco IOS on Aggregation Services Router (ASR) Route Processor 2 does not properly manage memory, which allows local users to cause a denial of service (route processor crash) by creating multiple tunnels and then...
Type:
Hardware
Bulletins:
CVE-2013-1136
Severity:
Medium
Description:
The crypto engine process in Cisco IOS on Aggregation Services Router (ASR) Route Processor 2 does not properly manage memory, which allows local users to cause a denial of service (route processor crash) by creating multiple tunnels and then examining encryption statistics, aka Bug ID CSCuc52193.
Applies to:
Created:
2013-05-13
Updated:
2024-01-17

ID:
CVE-2013-1234
Title:
The SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (process restart) via crafted SNMP packets, aka Bug ID CSCue69472.
Type:
Hardware
Bulletins:
CVE-2013-1234
Severity:
Medium
Description:
The SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (process restart) via crafted SNMP packets, aka Bug ID CSCue69472.
Applies to:
Created:
2013-05-03
Updated:
2024-01-17

ID:
CVE-2013-1240
Title:
The command-line interface in Cisco Unified Communications Manager (CUCM) does not properly validate input, which allows local users to read arbitrary files via unspecified vectors, aka Bug ID CSCue25770.
Type:
Hardware
Bulletins:
CVE-2013-1240
Severity:
Medium
Description:
The command-line interface in Cisco Unified Communications Manager (CUCM) does not properly validate input, which allows local users to read arbitrary files via unspecified vectors, aka Bug ID CSCue25770.
Applies to:
Unified Communications Manager
Created:
2013-05-03
Updated:
2024-01-17

ID:
CVE-2013-1235
Title:
Cisco Wireless LAN Controller (WLC) devices do not properly address the resource consumption of terminated TELNET sessions, which allows remote attackers to cause a denial of service (TELNET outage) by making many TELNET connections and improperly...
Type:
Hardware
Bulletins:
CVE-2013-1235
Severity:
Medium
Description:
Cisco Wireless LAN Controller (WLC) devices do not properly address the resource consumption of terminated TELNET sessions, which allows remote attackers to cause a denial of service (TELNET outage) by making many TELNET connections and improperly ending these connections, aka Bug ID CSCug35507.
Applies to:
Cisco WLC 2000
Cisco WLC 2100
Cisco WLC 4100
Cisco WLC 4400
Created:
2013-05-03
Updated:
2024-01-17

ID:
CVE-2013-1226
Title:
The Ethernet frame-forwarding implementation in Cisco NX-OS on Nexus 7000 devices allows remote attackers to cause a denial of service (forwarding loop and service outage) via a crafted frame, aka Bug ID CSCug47098.
Type:
Hardware
Bulletins:
CVE-2013-1226
Severity:
Medium
Description:
The Ethernet frame-forwarding implementation in Cisco NX-OS on Nexus 7000 devices allows remote attackers to cause a denial of service (forwarding loop and service outage) via a crafted frame, aka Bug ID CSCug47098.
Applies to:
Cisco Nexus 7000
Cisco Nexus 7000-9slot
Cisco Nexus 7010
Cisco Nexus 7018
Created:
2013-04-29
Updated:
2024-01-17

ID:
CVE-2013-1216
Title:
Memory leak in the SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (memory consumption and process restart) via crafted SNMP packets, aka Bug ID CSCue31546.
Type:
Hardware
Bulletins:
CVE-2013-1216
Severity:
Medium
Description:
Memory leak in the SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (memory consumption and process restart) via crafted SNMP packets, aka Bug ID CSCue31546.
Applies to:
Created:
2013-04-29
Updated:
2024-01-17

ID:
CVE-2013-1215
Title:
The vpnclient program in the Easy VPN component on Cisco Adaptive Security Appliances (ASA) 5505 devices allows local users to gain privileges via unspecified vectors, aka Bug ID CSCuf85295.
Type:
Hardware
Bulletins:
CVE-2013-1215
Severity:
Medium
Description:
The vpnclient program in the Easy VPN component on Cisco Adaptive Security Appliances (ASA) 5505 devices allows local users to gain privileges via unspecified vectors, aka Bug ID CSCuf85295.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Created:
2013-04-25
Updated:
2024-01-17

ID:
CVE-2013-1192
Title:
The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5.2.8, and Cisco Device Manager for Cisco Nexus 5000 devices, allow remote attackers to execute arbitrary commands on Windows client machines via a crafted element-manager.jnlp...
Type:
Hardware
Bulletins:
CVE-2013-1192
Severity:
High
Description:
The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5.2.8, and Cisco Device Manager for Cisco Nexus 5000 devices, allow remote attackers to execute arbitrary commands on Windows client machines via a crafted element-manager.jnlp file, aka Bug IDs CSCty17417 and CSCty10802.
Applies to:
Cisco Nexus 5000 Series
Cisco Nexus 5010
Cisco Nexus 5020
Cisco Nexus 5020p
Cisco Nexus 5548p
Cisco Nexus 5548up
Cisco Nexus 5596UP
Cisco Nexus C5010P-BF
Created:
2013-04-25
Updated:
2024-01-17

ID:
CVE-2013-1178
Title:
Multiple buffer overflows in the Cisco Discovery Protocol (CDP) implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(4) and 6.x before 6.1(1), Nexus 5000 and 5500 devices 4.x and 5.x before 5.1(3)N1(1), Nexus 4000 devices...
Type:
Hardware
Bulletins:
CVE-2013-1178
Severity:
High
Description:
Multiple buffer overflows in the Cisco Discovery Protocol (CDP) implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(4) and 6.x before 6.1(1), Nexus 5000 and 5500 devices 4.x and 5.x before 5.1(3)N1(1), Nexus 4000 devices before 4.1(2)E1(1h), Nexus 3000 devices 5.x before 5.0(3)U3(1), Nexus 1000V devices 4.x before 4.2(1)SV1(5.1), MDS 9000 devices 4.x and 5.x before 5.2(4), Unified Computing System (UCS) 6100 and 6200 devices before 2.0(2m), and Connected Grid Router (CGR) 1000 devices before CG4(1) allow remote attackers to execute arbitrary code via malformed CDP packets, aka Bug IDs CSCtu10630, CSCtu10551, CSCtu10550, CSCtw56581, CSCtu10548, CSCtu10544, and CSCuf61275.
Applies to:
Cisco Nexus 1000V VSM
Cisco Nexus 5000 Series
Cisco Nexus 5010
Cisco Nexus 5020
Cisco Nexus 5548p
Cisco Nexus 5548up
Cisco Nexus 5596UP
Cisco Nexus 7000
Cisco Nexus 7000-9slot
Cisco Nexus 7010
Cisco Nexus 7018
Created:
2013-04-25
Updated:
2024-01-17

ID:
CVE-2013-1179
Title:
Multiple buffer overflows in the (1) SNMP and (2) License Manager implementations in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(5) and 6.x before 6.1(1) and MDS 9000 devices 4.x and 5.x before 5.2(5) allow remote authenticated users to...
Type:
Hardware
Bulletins:
CVE-2013-1179
Severity:
High
Description:
Multiple buffer overflows in the (1) SNMP and (2) License Manager implementations in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(5) and 6.x before 6.1(1) and MDS 9000 devices 4.x and 5.x before 5.2(5) allow remote authenticated users to execute arbitrary code via a crafted SNMP request, aka Bug ID CSCtx54830.
Applies to:
Cisco Nexus 7000
Cisco Nexus 7000-9slot
Cisco Nexus 7010
Cisco Nexus 7018
Created:
2013-04-25
Updated:
2024-01-17

ID:
CVE-2013-1181
Title:
Cisco NX-OS on Nexus 5500 devices 4.x and 5.x before 5.0(3)N2(2), Nexus 3000 devices 5.x before 5.0(3)U3(2), and Unified Computing System (UCS) 6200 devices before 2.0(1w) allows remote attackers to cause a denial of service (device reload) by...
Type:
Hardware
Bulletins:
CVE-2013-1181
Severity:
High
Description:
Cisco NX-OS on Nexus 5500 devices 4.x and 5.x before 5.0(3)N2(2), Nexus 3000 devices 5.x before 5.0(3)U3(2), and Unified Computing System (UCS) 6200 devices before 2.0(1w) allows remote attackers to cause a denial of service (device reload) by sending a jumbo packet to the management interface, aka Bug IDs CSCtx17544, CSCts10593, and CSCtx95389.
Applies to:
Cisco Nexus 5548p
Cisco Nexus 5548up
Cisco Nexus 5596UP
Created:
2013-04-25
Updated:
2024-01-17

ID:
CVE-2013-1180
Title:
Buffer overflow in the SNMP implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(5) and 6.x before 6.1(1) and MDS 9000 devices 4.x and 5.x before 5.2(5) allows remote authenticated users to execute arbitrary code via a crafted...
Type:
Hardware
Bulletins:
CVE-2013-1180
Severity:
High
Description:
Buffer overflow in the SNMP implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(5) and 6.x before 6.1(1) and MDS 9000 devices 4.x and 5.x before 5.2(5) allows remote authenticated users to execute arbitrary code via a crafted SNMP request, aka Bug ID CSCtx54822.
Applies to:
Cisco Nexus 7000
Cisco Nexus 7000-9slot
Cisco Nexus 7010
Cisco Nexus 7018
Created:
2013-04-25
Updated:
2024-01-17

ID:
CVE-2013-1217
Title:
The generic input/output control implementation in Cisco IOS does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) by sending many SNMP requests at the same time, aka Bug ID CSCub41105.
Type:
Hardware
Bulletins:
CVE-2013-1217
Severity:
Medium
Description:
The generic input/output control implementation in Cisco IOS does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) by sending many SNMP requests at the same time, aka Bug ID CSCub41105.
Applies to:
Created:
2013-04-24
Updated:
2024-01-17

ID:
CVE-2013-1194
Title:
The ISAKMP implementation on Cisco Adaptive Security Appliances (ASA) devices generates different responses for IKE aggressive-mode messages depending on whether invalid VPN groups are specified, which allows remote attackers to enumerate groups via...
Type:
Hardware
Bulletins:
CVE-2013-1194
Severity:
Medium
Description:
The ISAKMP implementation on Cisco Adaptive Security Appliances (ASA) devices generates different responses for IKE aggressive-mode messages depending on whether invalid VPN groups are specified, which allows remote attackers to enumerate groups via a series of messages, aka Bug ID CSCue73708.
Applies to:
Created:
2013-04-18
Updated:
2024-01-17

ID:
CVE-2013-1199
Title:
Race condition in the CIFS implementation in the rewriter module in the Clientless SSL VPN component on Cisco Adaptive Security Appliances (ASA) devices allows remote authenticated users to cause a denial of service (device reload) by accessing...
Type:
Hardware
Bulletins:
CVE-2013-1199
Severity:
Medium
Description:
Race condition in the CIFS implementation in the rewriter module in the Clientless SSL VPN component on Cisco Adaptive Security Appliances (ASA) devices allows remote authenticated users to cause a denial of service (device reload) by accessing resources within multiple sessions, aka Bug ID CSCub58996.
Applies to:
Created:
2013-04-18
Updated:
2024-01-17

ID:
CVE-2012-5415
Title:
Race condition on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (CPU consumption or device reload) by establishing multiple connections, leading to improper handling of hash lookups for...
Type:
Hardware
Bulletins:
CVE-2012-5415
Severity:
Medium
Description:
Race condition on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (CPU consumption or device reload) by establishing multiple connections, leading to improper handling of hash lookups for secondary flows, aka Bug IDs CSCue31622 and CSCuc71272.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Created:
2013-04-16
Updated:
2024-01-17

ID:
CVE-2013-1150
Title:
The authentication-proxy implementation on Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.31), 8.1 and 8.2 before 8.2(5.38), 8.3 before 8.3(2.37), 8.4 before 8.4(5.3), 8.5 and 8.6 before...
Type:
Hardware
Bulletins:
CVE-2013-1150
Severity:
High
Description:
The authentication-proxy implementation on Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.31), 8.1 and 8.2 before 8.2(5.38), 8.3 before 8.3(2.37), 8.4 before 8.4(5.3), 8.5 and 8.6 before 8.6(1.10), 8.7 before 8.7(1.4), 9.0 before 9.0(1.1), and 9.1 before 9.1(1.2) allows remote attackers to cause a denial of service (device reload) via a crafted URL, aka Bug ID CSCud16590.
Applies to:
Created:
2013-04-11
Updated:
2024-01-17

ID:
CVE-2013-2779
Title:
Cisco IOS XE 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) feature, which allows remote attackers to cause a...
Type:
Hardware
Bulletins:
CVE-2013-2779
Severity:
High
Description:
Cisco IOS XE 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) feature, which allows remote attackers to cause a denial of service (card reload) via fragmented IPv6 MVPN (aka MVPNv6) packets, aka Bug ID CSCub34945, a different vulnerability than CVE-2013-1164.
Applies to:
Created:
2013-04-11
Updated:
2024-01-17

ID:
CVE-2013-1164
Title:
Cisco IOS XE 3.4 before 3.4.4S, 3.5, and 3.6 on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) feature, which allows remote attackers to cause a denial of service (card...
Type:
Hardware
Bulletins:
CVE-2013-1164
Severity:
High
Description:
Cisco IOS XE 3.4 before 3.4.4S, 3.5, and 3.6 on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) feature, which allows remote attackers to cause a denial of service (card reload) via fragmented IPv6 multicast packets, aka Bug ID CSCtz97563.
Applies to:
Created:
2013-04-11
Updated:
2024-01-17

ID:
CVE-2013-1166
Title:
Cisco IOS XE 3.2 through 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR), when VRF-aware NAT and SIP ALG are enabled, allows remote attackers to cause a denial of service (card reload) by...
Type:
Hardware
Bulletins:
CVE-2013-1166
Severity:
High
Description:
Cisco IOS XE 3.2 through 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR), when VRF-aware NAT and SIP ALG are enabled, allows remote attackers to cause a denial of service (card reload) by sending many SIP packets, aka Bug ID CSCuc65609.
Applies to:
Created:
2013-04-11
Updated:
2024-01-17

ID:
CVE-2013-1167
Title:
Cisco IOS XE 3.2 through 3.4 before 3.4.2S, and 3.5, on 1000 series Aggregation Services Routers (ASR), when bridge domain interface (BDI) is enabled, allows remote attackers to cause a denial of service (card reload) via packets that are not...
Type:
Hardware
Bulletins:
CVE-2013-1167
Severity:
High
Description:
Cisco IOS XE 3.2 through 3.4 before 3.4.2S, and 3.5, on 1000 series Aggregation Services Routers (ASR), when bridge domain interface (BDI) is enabled, allows remote attackers to cause a denial of service (card reload) via packets that are not properly handled during the processing of encapsulation, aka Bug ID CSCtt11558.
Applies to:
Created:
2013-04-11
Updated:
2024-01-17

ID:
CVE-2013-1165
Title:
Cisco IOS XE 2.x and 3.x before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR) allows remote attackers to cause a denial of service (card reload) by sending many crafted L2TP packets, aka Bug ID CSCtz23293.
Type:
Hardware
Bulletins:
CVE-2013-1165
Severity:
High
Description:
Cisco IOS XE 2.x and 3.x before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR) allows remote attackers to cause a denial of service (card reload) by sending many crafted L2TP packets, aka Bug ID CSCtz23293.
Applies to:
Created:
2013-04-11
Updated:
2024-01-17

ID:
CVE-2013-1152
Title:
Cisco Adaptive Security Appliances (ASA) devices with software 9.0 before 9.0(1.2) allow remote attackers to cause a denial of service (device reload) via a crafted field in a DNS message, aka Bug ID CSCuc80080.
Type:
Hardware
Bulletins:
CVE-2013-1152
Severity:
High
Description:
Cisco Adaptive Security Appliances (ASA) devices with software 9.0 before 9.0(1.2) allow remote attackers to cause a denial of service (device reload) via a crafted field in a DNS message, aka Bug ID CSCuc80080.
Applies to:
Created:
2013-04-11
Updated:
2024-01-17

ID:
CVE-2013-1149
Title:
Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.28), 8.1 and 8.2 before 8.2(5.35), 8.3 before 8.3(2.34), 8.4 before 8.4(4.11), 8.6 before 8.6(1.10), and 8.7 before 8.7(1.3), and Cisco Firewall...
Type:
Hardware
Bulletins:
CVE-2013-1149
Severity:
High
Description:
Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.28), 8.1 and 8.2 before 8.2(5.35), 8.3 before 8.3(2.34), 8.4 before 8.4(4.11), 8.6 before 8.6(1.10), and 8.7 before 8.7(1.3), and Cisco Firewall Services Module (FWSM) software 3.1 and 3.2 before 3.2(24.1) and 4.0 and 4.1 before 4.1(11.1), allow remote attackers to cause a denial of service (device reload) via a crafted IKEv1 message, aka Bug IDs CSCub85692 and CSCud20267.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Created:
2013-04-11
Updated:
2024-01-17

ID:
CVE-2013-1146
Title:
The Smart Install client functionality in Cisco IOS 12.2 and 15.0 through 15.3 on Catalyst switches allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in Smart Install packets, aka Bug ID CSCub55790.
Type:
Hardware
Bulletins:
CVE-2013-1146
Severity:
High
Description:
The Smart Install client functionality in Cisco IOS 12.2 and 15.0 through 15.3 on Catalyst switches allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in Smart Install packets, aka Bug ID CSCub55790.
Applies to:
Created:
2013-03-28
Updated:
2024-01-17

ID:
CVE-2013-1143
Title:
The RSVP protocol implementation in Cisco IOS 12.2 and 15.0 through 15.2 and IOS XE 3.1.xS through 3.4.xS before 3.4.5S and 3.5.xS through 3.7.xS before 3.7.2S, when MPLS-TE is enabled, allows remote attackers to cause a denial of service (incorrect...
Type:
Hardware
Bulletins:
CVE-2013-1143
Severity:
High
Description:
The RSVP protocol implementation in Cisco IOS 12.2 and 15.0 through 15.2 and IOS XE 3.1.xS through 3.4.xS before 3.4.5S and 3.5.xS through 3.7.xS before 3.7.2S, when MPLS-TE is enabled, allows remote attackers to cause a denial of service (incorrect memory access and device reload) via a traffic engineering PATH message in an RSVP packet, aka Bug ID CSCtg39957.
Applies to:
Created:
2013-03-28
Updated:
2024-01-17

ID:
CVE-2013-1147
Title:
The Protocol Translation (PT) functionality in Cisco IOS 12.3 through 12.4 and 15.0 through 15.3, when one-step port-23 translation or a Telnet-to-PAD ruleset is configured, does not properly validate TCP connection information, which allows remote...
Type:
Hardware
Bulletins:
CVE-2013-1147
Severity:
High
Description:
The Protocol Translation (PT) functionality in Cisco IOS 12.3 through 12.4 and 15.0 through 15.3, when one-step port-23 translation or a Telnet-to-PAD ruleset is configured, does not properly validate TCP connection information, which allows remote attackers to cause a denial of service (device reload) via an attempted connection to a PT resource, aka Bug ID CSCtz35999.
Applies to:
Created:
2013-03-28
Updated:
2024-01-17

ID:
CVE-2013-1148
Title:
The General Responder implementation in the IP Service Level Agreement (SLA) feature in Cisco IOS 15.2 and IOS XE 3.1.xS through 3.4.xS before 3.4.5S and 3.5.xS through 3.7.xS before 3.7.2S allows remote attackers to cause a denial of service...
Type:
Hardware
Bulletins:
CVE-2013-1148
Severity:
High
Description:
The General Responder implementation in the IP Service Level Agreement (SLA) feature in Cisco IOS 15.2 and IOS XE 3.1.xS through 3.4.xS before 3.4.5S and 3.5.xS through 3.7.xS before 3.7.2S allows remote attackers to cause a denial of service (device reload) via crafted (1) IPv4 or (2) IPv6 IP SLA packets on UDP port 1167, aka Bug ID CSCuc72594.
Applies to:
Created:
2013-03-28
Updated:
2024-01-17

ID:
CVE-2013-1142
Title:
Race condition in the VRF-aware NAT feature in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 allows remote attackers to cause a denial of service (memory consumption) via IPv4 packets, aka Bug IDs CSCtg47129 and CSCtz96745.
Type:
Hardware
Bulletins:
CVE-2013-1142
Severity:
High
Description:
Race condition in the VRF-aware NAT feature in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 allows remote attackers to cause a denial of service (memory consumption) via IPv4 packets, aka Bug IDs CSCtg47129 and CSCtz96745.
Applies to:
Created:
2013-03-28
Updated:
2024-01-17

ID:
CVE-2013-1144
Title:
Memory leak in the IKEv1 implementation in Cisco IOS 15.1 allows remote attackers to cause a denial of service (memory consumption) via unspecified (1) IPv4 or (2) IPv6 IKE packets, aka Bug ID CSCth81055.
Type:
Hardware
Bulletins:
CVE-2013-1144
Severity:
High
Description:
Memory leak in the IKEv1 implementation in Cisco IOS 15.1 allows remote attackers to cause a denial of service (memory consumption) via unspecified (1) IPv4 or (2) IPv6 IKE packets, aka Bug ID CSCth81055.
Applies to:
Created:
2013-03-28
Updated:
2024-01-17

ID:
CVE-2013-1145
Title:
Memory leak in Cisco IOS 12.2, 12.4, 15.0, and 15.1, when Zone-Based Policy Firewall SIP application layer gateway inspection is enabled, allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed SIP...
Type:
Hardware
Bulletins:
CVE-2013-1145
Severity:
High
Description:
Memory leak in Cisco IOS 12.2, 12.4, 15.0, and 15.1, when Zone-Based Policy Firewall SIP application layer gateway inspection is enabled, allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed SIP messages, aka Bug ID CSCtl99174.
Applies to:
Created:
2013-03-28
Updated:
2024-01-17

ID:
CVE-2012-5216
Title:
Cross-site request forgery (CSRF) vulnerability on HP ProCurve 1700-8 (aka J9079A) switches with software before VA.02.09 and 1700-24 (aka J9080A) switches with software before VB.02.09 allows remote attackers to hijack the authentication of...
Type:
Hardware
Bulletins:
CVE-2012-5216
Severity:
Medium
Description:
Cross-site request forgery (CSRF) vulnerability on HP ProCurve 1700-8 (aka J9079A) switches with software before VA.02.09 and 1700-24 (aka J9080A) switches with software before VB.02.09 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Applies to:
Created:
2013-03-28
Updated:
2024-01-17

ID:
CVE-2013-1162
Title:
The traffic engineering (TE) processing subsystem in Cisco IOS XR allows remote attackers to cause a denial of service (process restart) via crafted TE packets, aka Bug ID CSCue04000.
Type:
Hardware
Bulletins:
CVE-2013-1162
Severity:
Medium
Description:
The traffic engineering (TE) processing subsystem in Cisco IOS XR allows remote attackers to cause a denial of service (process restart) via crafted TE packets, aka Bug ID CSCue04000.
Applies to:
Created:
2013-03-25
Updated:
2024-01-17

ID:
CVE-2013-0980
Title:
The Passcode Lock implementation in Apple iOS before 6.1.3 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging an error in the emergency-call...
Type:
Mobile Devices
Bulletins:
CVE-2013-0980
Severity:
Low
Description:
The Passcode Lock implementation in Apple iOS before 6.1.3 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging an error in the emergency-call feature.
Applies to:
Created:
2013-03-20
Updated:
2024-01-17

ID:
CVE-2013-0979
Title:
lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of arbitrary files via a backup that...
Type:
Mobile Devices
Bulletins:
CVE-2013-0979
Severity:
Low
Description:
lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of arbitrary files via a backup that contains a pathname with a symlink.
Applies to:
Created:
2013-03-20
Updated:
2024-01-17

ID:
CVE-2013-1141
Title:
The mDNS snooping functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.4.1.54 and earlier does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) via crafted mDNS...
Type:
Hardware
Bulletins:
CVE-2013-1141
Severity:
Medium
Description:
The mDNS snooping functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.4.1.54 and earlier does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) via crafted mDNS packets, aka Bug ID CSCue04153.
Applies to:
Created:
2013-02-28
Updated:
2024-01-17

ID:
CVE-2013-1134
Title:
The Location Bandwidth Manager (LBM) Intracluster-communication feature in Cisco Unified Communications Manager (CUCM) 9.x before 9.1(1) does not require authentication from the remote LBM Hub node, which allows remote attackers to conduct...
Type:
Hardware
Bulletins:
CVE-2013-1134
Severity:
High
Description:
The Location Bandwidth Manager (LBM) Intracluster-communication feature in Cisco Unified Communications Manager (CUCM) 9.x before 9.1(1) does not require authentication from the remote LBM Hub node, which allows remote attackers to conduct cache-poisoning attacks against transaction records, and cause a denial of service (bandwidth-pool consumption and call outage), via unspecified vectors, aka Bug ID CSCub28920.
Applies to:
Unified Communications Manager
Created:
2013-02-27
Updated:
2024-01-17

ID:
CVE-2013-1133
Title:
Cisco Unified Communications Manager (CUCM) 8.6 before 8.6(2a)su2, 8.6 BE3k before 8.6(4) BE3k, and 9.x before 9.0(1) allows remote attackers to cause a denial of service (CPU consumption and GUI and voice outages) via malformed packets to unused...
Type:
Hardware
Bulletins:
CVE-2013-1133
Severity:
High
Description:
Cisco Unified Communications Manager (CUCM) 8.6 before 8.6(2a)su2, 8.6 BE3k before 8.6(4) BE3k, and 9.x before 9.0(1) allows remote attackers to cause a denial of service (CPU consumption and GUI and voice outages) via malformed packets to unused UDP ports, aka Bug ID CSCtx43337.
Applies to:
Unified Communications Manager
Created:
2013-02-27
Updated:
2024-01-17

ID:
CVE-2013-1138
Title:
The NAT process on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (connections-table memory consumption) via crafted packets, aka Bug ID CSCue46386.
Type:
Hardware
Bulletins:
CVE-2013-1138
Severity:
Medium
Description:
The NAT process on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (connections-table memory consumption) via crafted packets, aka Bug ID CSCue46386.
Applies to:
Created:
2013-02-25
Updated:
2024-01-17

ID:
CVE-2013-0120
Title:
The web interface on Dell PowerConnect 6248P switches allows remote attackers to cause a denial of service (device crash) via a malformed request.
Type:
Hardware
Bulletins:
CVE-2013-0120
Severity:
High
Description:
The web interface on Dell PowerConnect 6248P switches allows remote attackers to cause a denial of service (device crash) via a malformed request.
Applies to:
PowerConnect 6248P
Created:
2013-02-24
Updated:
2024-01-17

ID:
CVE-2013-0879
Title:
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly implement web audio nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have...
Type:
Mobile Devices
Bulletins:
CVE-2013-0879
Severity:
High
Description:
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly implement web audio nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
Applies to:
Created:
2013-02-23
Updated:
2024-01-17

ID:
CVE-2013-1100
Title:
The HTTP server in Cisco IOS on Catalyst switches does not properly handle TCP socket events, which allows remote attackers to cause a denial of service (device crash) via crafted packets on TCP port (1) 80 or (2) 443, aka Bug ID CSCuc53853.
Type:
Hardware
Bulletins:
CVE-2013-1100
Severity:
Medium
Description:
The HTTP server in Cisco IOS on Catalyst switches does not properly handle TCP socket events, which allows remote attackers to cause a denial of service (device crash) via crafted packets on TCP port (1) 80 or (2) 443, aka Bug ID CSCuc53853.
Applies to:
Created:
2013-02-13
Updated:
2024-01-17

ID:
CVE-2013-1122
Title:
Cisco NX-OS on the Nexus 7000, when a certain Overlay Transport Virtualization (OTV) configuration is used, allows remote attackers to cause a denial of service (M1-Series module reload) via crafted packets, aka Bug ID CSCud15673.
Type:
Hardware
Bulletins:
CVE-2013-1122
Severity:
Medium
Description:
Cisco NX-OS on the Nexus 7000, when a certain Overlay Transport Virtualization (OTV) configuration is used, allows remote attackers to cause a denial of service (M1-Series module reload) via crafted packets, aka Bug ID CSCud15673.
Applies to:
Cisco Nexus 7000
Created:
2013-02-13
Updated:
2024-01-17

ID:
CVE-2011-5262
Title:
SQL injection vulnerability in prodpage.cfm in SonicWALL Aventail allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter.
Type:
Hardware
Bulletins:
CVE-2011-5262
SFBID50702
Severity:
High
Description:
SQL injection vulnerability in prodpage.cfm in SonicWALL Aventail allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter.
Applies to:
SonicWall SSL-VPN 6000
SonicWall SSL-VPN 7000
SonicWall SSL-VPN 9000
Created:
2013-02-12
Updated:
2024-01-17

ID:
CVE-2011-1350
Title:
The PowerVR SGX driver in Android before 2.3.6 allows attackers to obtain potentially sensitive information from kernel stack memory via an application that uses a crafted length parameter in a request to the pvrsrvkm device.
Type:
Mobile Devices
Bulletins:
CVE-2011-1350
Severity:
High
Description:
The PowerVR SGX driver in Android before 2.3.6 allows attackers to obtain potentially sensitive information from kernel stack memory via an application that uses a crafted length parameter in a request to the pvrsrvkm device.
Applies to:
Created:
2013-02-05
Updated:
2024-01-17

ID:
CVE-2011-1352
Title:
The PowerVR SGX driver in Android before 2.3.6 allows attackers to gain root privileges via an application that triggers kernel memory corruption using crafted user data to the pvrsrvkm device.
Type:
Mobile Devices
Bulletins:
CVE-2011-1352
Severity:
Medium
Description:
The PowerVR SGX driver in Android before 2.3.6 allows attackers to gain root privileges via an application that triggers kernel memory corruption using crafted user data to the pvrsrvkm device.
Applies to:
Created:
2013-02-05
Updated:
2024-01-17

ID:
CVE-2013-0948
Title:
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Mobile Devices
Bulletins:
CVE-2013-0948
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
Applies to:
Created:
2013-01-29
Updated:
2024-01-17

ID:
CVE-2013-0949
Title:
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Mobile Devices
Bulletins:
CVE-2013-0949
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
Applies to:
Created:
2013-01-29
Updated:
2024-01-17

ID:
CVE-2013-0950
Title:
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Mobile Devices
Bulletins:
CVE-2013-0950
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
Applies to:
Created:
2013-01-29
Updated:
2024-01-17

ID:
CVE-2013-0951
Title:
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Mobile Devices
Bulletins:
CVE-2013-0951
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
Applies to:
Created:
2013-01-29
Updated:
2024-01-17

ID:
CVE-2013-0952
Title:
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Mobile Devices
Bulletins:
CVE-2013-0952
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
Applies to:
Created:
2013-01-29
Updated:
2024-01-17

ID:
CVE-2013-0953
Title:
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Mobile Devices
Bulletins:
CVE-2013-0953
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
Applies to:
Created:
2013-01-29
Updated:
2024-01-17

ID:
CVE-2013-0954
Title:
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Mobile Devices
Bulletins:
CVE-2013-0954
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
Applies to:
Created:
2013-01-29
Updated:
2024-01-17

ID:
CVE-2013-0955
Title:
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Mobile Devices
Bulletins:
CVE-2013-0955
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
Applies to:
Created:
2013-01-29
Updated:
2024-01-17

ID:
CVE-2013-0956
Title:
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Mobile Devices
Bulletins:
CVE-2013-0956
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
Applies to:
Created:
2013-01-29
Updated:
2024-01-17

ID:
CVE-2013-0958
Title:
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Mobile Devices
Bulletins:
CVE-2013-0958
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
Applies to:
Created:
2013-01-29
Updated:
2024-01-17

ID:
CVE-2013-0959
Title:
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Mobile Devices
Bulletins:
CVE-2013-0959
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
Applies to:
Created:
2013-01-29
Updated:
2024-01-17

ID:
CVE-2013-0968
Title:
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Mobile Devices
Bulletins:
CVE-2013-0968
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
Applies to:
Created:
2013-01-29
Updated:
2024-01-17

ID:
CVE-2013-0974
Title:
StoreKit in Apple iOS before 6.1 does not properly handle the disabling of JavaScript within the preferences configuration of Mobile Safari, which allows remote attackers to bypass intended access restrictions and execute JavaScript...
Type:
Mobile Devices
Bulletins:
CVE-2013-0974
Severity:
Medium
Description:
StoreKit in Apple iOS before 6.1 does not properly handle the disabling of JavaScript within the preferences configuration of Mobile Safari, which allows remote attackers to bypass intended access restrictions and execute JavaScript code via a web site with a Smart App Banner.
Applies to:
Created:
2013-01-29
Updated:
2024-01-17

ID:
CVE-2013-0963
Title:
Identity Services in Apple iOS before 6.1 does not properly handle validation failures of AppleID certificates, which might allow physically proximate attackers to bypass authentication by leveraging an incorrect assignment of an...
Type:
Mobile Devices
Bulletins:
CVE-2013-0963
Severity:
Low
Description:
Identity Services in Apple iOS before 6.1 does not properly handle validation failures of AppleID certificates, which might allow physically proximate attackers to bypass authentication by leveraging an incorrect assignment of an empty string value to an AppleID.
Applies to:
Created:
2013-01-29
Updated:
2024-01-17

ID:
CVE-2013-0962
Title:
Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 6.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted content that is not properly handled during a copy-and-paste operation.
Type:
Mobile Devices
Bulletins:
CVE-2013-0962
Severity:
Low
Description:
Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 6.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted content that is not properly handled during a copy-and-paste operation.
Applies to:
Created:
2013-01-29
Updated:
2024-01-17

ID:
CVE-2013-1102
Title:
The Wireless Intrusion Prevention System (wIPS) component on Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.0, 7.1 and 7.2 before 7.2.110.0, and 7.3 before 7.3.101.0 allows remote attackers to cause a denial of service...
Type:
Hardware
Bulletins:
CVE-2013-1102
SFBID57524
Severity:
High
Description:
The Wireless Intrusion Prevention System (wIPS) component on Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.0, 7.1 and 7.2 before 7.2.110.0, and 7.3 before 7.3.101.0 allows remote attackers to cause a denial of service (device reload) via crafted IP packets, aka Bug ID CSCtx80743.
Applies to:
Cisco WLC 2000
Cisco WLC 2100
Cisco WLC 4100
Cisco WLC 4400
Created:
2013-01-24
Updated:
2024-01-17

ID:
CVE-2013-1104
Title:
The HTTP Profiling functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.3.101.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP User-Agent header, aka Bug ID CSCuc15636.
Type:
Hardware
Bulletins:
CVE-2013-1104
SFBID57524
Severity:
High
Description:
The HTTP Profiling functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.3.101.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP User-Agent header, aka Bug ID CSCuc15636.
Applies to:
Cisco WLC 2000
Cisco WLC 2100
Cisco WLC 4100
Cisco WLC 4400
Created:
2013-01-24
Updated:
2024-01-17

ID:
CVE-2013-1105
Title:
Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.3, 7.1 and 7.2 before 7.2.111.3, and 7.3 before 7.3.101.0 allow remote authenticated users to bypass wireless-management settings and read or modify the device...
Type:
Hardware
Bulletins:
CVE-2013-1105
SFBID57524
Severity:
High
Description:
Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.3, 7.1 and 7.2 before 7.2.111.3, and 7.3 before 7.3.101.0 allow remote authenticated users to bypass wireless-management settings and read or modify the device configuration via an SNMP request, aka Bug ID CSCua60653.
Applies to:
Cisco WLC 2000
Cisco WLC 2100
Created:
2013-01-24
Updated:
2024-01-17

ID:
CVE-2013-1103
Title:
Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (Access Point reload) via crafted SIP packets, aka Bug ID CSCts87659.
Type:
Hardware
Bulletins:
CVE-2013-1103
SFBID57524
Severity:
High
Description:
Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (Access Point reload) via crafted SIP packets, aka Bug ID CSCts87659.
Applies to:
Cisco WLC 2000
Cisco WLC 2100
Cisco WLC 4100
Cisco WLC 4400
Created:
2013-01-24
Updated:
2024-01-17

ID:
CVE-2012-6396
Title:
Cisco NX-OS on Nexus 7000 series switches does not properly handle certain line-card replacements, which might allow remote authenticated users to cause a denial of service (memory consumption) via a crafted configuration that references interfaces...
Type:
Hardware
Bulletins:
CVE-2012-6396
Severity:
Medium
Description:
Cisco NX-OS on Nexus 7000 series switches does not properly handle certain line-card replacements, which might allow remote authenticated users to cause a denial of service (memory consumption) via a crafted configuration that references interfaces that do not exist on the new card, aka Bug ID CSCud44300.
Applies to:
Cisco Nexus 7000
Cisco Nexus 7000-9slot
Cisco Nexus 7010
Cisco Nexus 7018
Created:
2013-01-19
Updated:
2024-01-17

ID:
CVE-2012-5717
Title:
Cisco Adaptive Security Appliances (ASA) devices with firmware 8.x through 8.4(1) do not properly manage SSH sessions, which allows remote authenticated users to cause a denial of service (device crash) by establishing multiple sessions, aka Bug ID...
Type:
Hardware
Bulletins:
CVE-2012-5717
Severity:
Medium
Description:
Cisco Adaptive Security Appliances (ASA) devices with firmware 8.x through 8.4(1) do not properly manage SSH sessions, which allows remote authenticated users to cause a denial of service (device crash) by establishing multiple sessions, aka Bug ID CSCtc59462.
Applies to:
Created:
2013-01-18
Updated:
2024-01-17

ID:
CVE-2012-6395
Title:
Cisco Adaptive Security Appliances (ASA) devices with firmware 8.4 do not properly validate unspecified input related to UNC share pathnames, which allows remote authenticated users to cause a denial of service (device crash) via unknown vectors,...
Type:
Hardware
Bulletins:
CVE-2012-6395
Severity:
Medium
Description:
Cisco Adaptive Security Appliances (ASA) devices with firmware 8.4 do not properly validate unspecified input related to UNC share pathnames, which allows remote authenticated users to cause a denial of service (device crash) via unknown vectors, aka Bug ID CSCuc65775.
Applies to:
Created:
2013-01-18
Updated:
2024-01-17