LanGuard reports



Supported OVAL Bulletins


More information on 2017 updates



ID:
CVE-2013-6981
Title:
Cisco IOS XE 3.7S(.1) and earlier allows remote attackers to cause a denial of service (Packet Processor crash) via fragmented MPLS IP packets, aka Bug ID CSCul00709.
Type:
Hardware
Bulletins:
CVE-2013-6981
SFBID64514
Severity:
Medium
Description:
Cisco IOS XE 3.7S(.1) and earlier allows remote attackers to cause a denial of service (Packet Processor crash) via fragmented MPLS IP packets, aka Bug ID CSCul00709.
Applies to:
Created:
2013-12-27
Updated:
2017-11-10

ID:
CVE-2013-6979
Title:
The VTY authentication implementation in Cisco IOS XE 03.02.xxSE and 03.03.xxSE incorrectly relies on the Linux-IOS internal-network configuration, which allows remote attackers to bypass authentication by leveraging access to a 192.168.x.2 source...
Type:
Hardware
Bulletins:
CVE-2013-6979
SFBID64502
Severity:
Medium
Description:
The VTY authentication implementation in Cisco IOS XE 03.02.xxSE and 03.03.xxSE incorrectly relies on the Linux-IOS internal-network configuration, which allows remote attackers to bypass authentication by leveraging access to a 192.168.x.2 source IP address, aka Bug ID CSCuj90227.
Applies to:
Created:
2013-12-23
Updated:
2017-11-10

ID:
CVE-2012-4131
Title:
Directory traversal vulnerability in tar in Cisco NX-OS allows local users to access arbitrary files via crafted command-line arguments, aka Bug IDs CSCty07157, CSCty07159, CSCty07162, and CSCty07164.
Type:
Hardware
Bulletins:
CVE-2012-4131
Severity:
Medium
Description:
Directory traversal vulnerability in tar in Cisco NX-OS allows local users to access arbitrary files via crafted command-line arguments, aka Bug IDs CSCty07157, CSCty07159, CSCty07162, and CSCty07164.
Applies to:
Created:
2013-12-21
Updated:
2017-11-10

ID:
CVE-2012-4135
Title:
Directory traversal vulnerability in filesys in Cisco NX-OS 6.1(2) and earlier allows local users to access arbitrary files via crafted command-line arguments during a delete action, aka Bug IDs CSCty07270, CSCty07271, CSCty07273, and CSCty07275.
Type:
Hardware
Bulletins:
CVE-2012-4135
Severity:
Medium
Description:
Directory traversal vulnerability in filesys in Cisco NX-OS 6.1(2) and earlier allows local users to access arbitrary files via crafted command-line arguments during a delete action, aka Bug IDs CSCty07270, CSCty07271, CSCty07273, and CSCty07275.
Applies to:
Created:
2013-12-21
Updated:
2017-11-10

ID:
CVE-2013-6978
Title:
The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug...
Type:
Hardware
Bulletins:
CVE-2013-6978
SFBID64421
Severity:
Medium
Description:
The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug ID CSCuj39249.
Applies to:
Unified Communications Manager
Created:
2013-12-21
Updated:
2017-11-10

ID:
CVE-2013-4775
Title:
NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware 5.3.0.17; and GS752TXS and GS728TXS with firmware...
Type:
Hardware
Bulletins:
CVE-2013-4775
Severity:
High
Description:
NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware 5.3.0.17; and GS752TXS and GS728TXS with firmware 6.1.0.12 allows remote attackers to read encrypted administrator credentials and other startup configurations via a direct request to filesystem/startup-config.
Applies to:
GS716Tv2 Smart Switch
GS724Tv3 Smart Switch
GS728TPS Stack Smart Switch
GS728TS Stack Smart Switch
GS752TPS Stack Smart Switch
Created:
2013-12-18
Updated:
2017-11-10

ID:
CVE-2013-4776
Title:
NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier, GS748Tv4 5.4.1.14, and GS510TP 5.0.4.4 allows remote attackers to cause a denial of service (reboot or crash) via a crafted HTTP request to filesystem/.
Type:
Hardware
Bulletins:
CVE-2013-4776
Severity:
High
Description:
NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier, GS748Tv4 5.4.1.14, and GS510TP 5.0.4.4 allows remote attackers to cause a denial of service (reboot or crash) via a crafted HTTP request to filesystem/.
Applies to:
GS716Tv2 Smart Switch
GS724Tv3 Smart Switch
Created:
2013-12-18
Updated:
2017-11-10

ID:
CVE-2013-5225
Title:
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2013-5225
Severity:
Medium
Description:
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
Applies to:
Created:
2013-12-18
Updated:
2017-11-10

ID:
CVE-2013-5228
Title:
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2013-5228
Severity:
Medium
Description:
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
Applies to:
Created:
2013-12-18
Updated:
2017-11-10

ID:
CVE-2013-5196
Title:
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2013-5196
Severity:
Medium
Description:
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
Applies to:
Created:
2013-12-18
Updated:
2017-11-10

ID:
CVE-2013-5197
Title:
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2013-5197
Severity:
Medium
Description:
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
Applies to:
Created:
2013-12-18
Updated:
2017-11-10

ID:
CVE-2013-5198
Title:
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2013-5198
Severity:
Medium
Description:
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
Applies to:
Created:
2013-12-18
Updated:
2017-11-10

ID:
CVE-2013-5199
Title:
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different...
Type:
Mobile Devices
Bulletins:
CVE-2013-5199
SFBID64361
Severity:
Medium
Description:
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
Applies to:
Created:
2013-12-18
Updated:
2017-11-10

ID:
CVE-2013-6271
Title:
Android 4.0 through 4.3 allows attackers to bypass intended access restrictions and remove device locks via a crafted application that invokes the updateUnlockMethodAndFinish method in the com.android.settings.ChooseLockGeneric class...
Type:
Mobile Devices
Bulletins:
CVE-2013-6271
Severity:
High
Description:
Android 4.0 through 4.3 allows attackers to bypass intended access restrictions and remove device locks via a crafted application that invokes the updateUnlockMethodAndFinish method in the com.android.settings.ChooseLockGeneric class with the PASSWORD_QUALITY_UNSPECIFIED option.
Applies to:
Created:
2013-12-14
Updated:
2017-11-10

ID:
CVE-2013-6956
Title:
Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web...
Type:
Hardware
Bulletins:
CVE-2013-6956
Severity:
Low
Description:
Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web rewrite is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Applies to:
Created:
2013-12-13
Updated:
2017-11-10

ID:
CVE-2013-6958
Title:
Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet.
Type:
Hardware
Bulletins:
CVE-2013-6958
Severity:
High
Description:
Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet.
Applies to:
Created:
2013-12-13
Updated:
2017-11-10

ID:
CVE-2013-2751
Title:
Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to...
Type:
Hardware
Bulletins:
CVE-2013-2751
Severity:
High
Description:
Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to the "forgot password workflow."
Applies to:
Created:
2013-12-12
Updated:
2017-11-10

ID:
CVE-2013-2752
Title:
Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_handler.pl in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to hijack the authentication of users.
Type:
Hardware
Bulletins:
CVE-2013-2752
Severity:
Medium
Description:
Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_handler.pl in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to hijack the authentication of users.
Applies to:
Created:
2013-12-12
Updated:
2017-11-10

ID:
CVE-2013-7030
Title:
** DISPUTED ** The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential...
Type:
Hardware
Bulletins:
CVE-2013-7030
Severity:
Medium
Description:
** DISPUTED ** The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential field in an SPDefault.cnf.xml file. NOTE: the vendor reportedly disputes the significance of this report, stating that this is an expected default behavior, and that the product's documentation describes use of the TFTP Encrypted Config option in addressing this issue.
Applies to:
Unified Communications Manager
Created:
2013-12-12
Updated:
2017-11-10

ID:
MITRE:20770
Title:
oval:org.mitre.oval:def:20770: Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
Type:
Web
Bulletins:
MITRE:20770
CVE-2012-5254
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20656
Title:
oval:org.mitre.oval:def:20656: Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
Type:
Web
Bulletins:
MITRE:20656
CVE-2012-5265
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20893
Title:
oval:org.mitre.oval:def:20893: Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
Type:
Web
Bulletins:
MITRE:20893
CVE-2012-5260
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20846
Title:
oval:org.mitre.oval:def:20846: Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 and Adobe AIR before 3.5.0.600 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than...
Type:
Web
Bulletins:
MITRE:20846
CVE-2012-5277
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, and CVE-2012-5280.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20651
Title:
oval:org.mitre.oval:def:20651: Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 and Adobe AIR before 3.4.0.2540 on Windows, allow remote attackers to read content from a different domain via a crafted web site
Type:
Web
Bulletins:
MITRE:20651
CVE-2012-4168
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow remote attackers to read content from a different domain via a crafted web site.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20607
Title:
oval:org.mitre.oval:def:20607: Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
Type:
Web
Bulletins:
MITRE:20607
CVE-2012-5248
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20915
Title:
oval:org.mitre.oval:def:20915: Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
Type:
Web
Bulletins:
MITRE:20915
CVE-2012-5253
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20318
Title:
oval:org.mitre.oval:def:20318: Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content
Type:
Web
Bulletins:
MITRE:20318
CVE-2012-1535
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document.
Applies to:
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20693
Title:
oval:org.mitre.oval:def:20693: Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 and Adobe AIR before 3.4.0.2540 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
Type:
Web
Bulletins:
MITRE:20693
CVE-2012-4163
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4164 and CVE-2012-4165.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20035
Title:
oval:org.mitre.oval:def:20035: Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified...
Type:
Web
Bulletins:
MITRE:20035
CVE-2012-5256
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20434
Title:
oval:org.mitre.oval:def:20434: Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
Type:
Web
Bulletins:
MITRE:20434
CVE-2012-5263
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20323
Title:
oval:org.mitre.oval:def:20323: Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 and Adobe AIR before 3.5.0.600 on Windows allow attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors
Type:
Web
Bulletins:
MITRE:20323
CVE-2012-5278
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allow attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20739
Title:
oval:org.mitre.oval:def:20739: Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 and Adobe AIR before 3.5.0.600 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors
Type:
Web
Bulletins:
MITRE:20739
CVE-2012-5279
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20589
Title:
oval:org.mitre.oval:def:20589: Unspecified vulnerability in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows has unknown impact and attack vectors
Type:
Web
Bulletins:
MITRE:20589
CVE-2012-5673
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 has unknown impact and attack vectors.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20395
Title:
oval:org.mitre.oval:def:20395: Buffer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 and Adobe AIR before 3.5.0.880 on Windows, allows attackers to execute arbitrary code via unspecified vectors
Type:
Web
Bulletins:
MITRE:20395
CVE-2012-5676
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20958
Title:
oval:org.mitre.oval:def:20958: Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
Type:
Web
Bulletins:
MITRE:20958
CVE-2012-5271
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20880
Title:
oval:org.mitre.oval:def:20880: Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 and Adobe AIR before 3.4.0.2540 on Windows, allow attackers to cause a denial of service...
Type:
Web
Bulletins:
MITRE:20880
CVE-2012-5054
Severity:
Low
Description:
Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 11.4.402.265 allows remote attackers to execute arbitrary code via malformed arguments.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:19970
Title:
oval:org.mitre.oval:def:19970: Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
Type:
Web
Bulletins:
MITRE:19970
CVE-2012-5252
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20876
Title:
oval:org.mitre.oval:def:20876: Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
Type:
Web
Bulletins:
MITRE:20876
CVE-2012-5251
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20632
Title:
oval:org.mitre.oval:def:20632: Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 and Adobe AIR before 3.3.0.3610 on Windows, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors
Type:
Web
Bulletins:
MITRE:20632
CVE-2012-2038
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20459
Title:
oval:org.mitre.oval:def:20459: Stack-based buffer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 and Adobe AIR before 3.3.0.3610 on Windows, allows attackers to execute arbitrary code via unspecified vectors
Type:
Web
Bulletins:
MITRE:20459
CVE-2012-2035
Severity:
Low
Description:
Stack-based buffer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20424
Title:
oval:org.mitre.oval:def:20424: Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 and Adobe AIR before 3.3.0.3610 on Windows, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
Type:
Web
Bulletins:
MITRE:20424
CVE-2012-2037
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2034.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20873
Title:
oval:org.mitre.oval:def:20873: Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 and Adobe AIR before 3.4.0.2540 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
Type:
Web
Bulletins:
MITRE:20873
CVE-2012-4165
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4163 and CVE-2012-4164.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:19949
Title:
oval:org.mitre.oval:def:19949: Integer overflow in Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 and Adobe AIR before 3.4.0.2540 on Windows, allows attackers to execute arbitrary code via unspecified vectors
Type:
Web
Bulletins:
MITRE:19949
CVE-2012-4167
Severity:
Low
Description:
Integer overflow in Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20789
Title:
oval:org.mitre.oval:def:20789: Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
Type:
Web
Bulletins:
MITRE:20789
CVE-2012-5272
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20963
Title:
oval:org.mitre.oval:def:20963: Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
Type:
Web
Bulletins:
MITRE:20963
CVE-2012-5285
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20928
Title:
oval:org.mitre.oval:def:20928: Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 and Adobe AIR before 3.5.0.600 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than...
Type:
Web
Bulletins:
MITRE:20928
CVE-2012-5276
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5277, and CVE-2012-5280.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20925
Title:
oval:org.mitre.oval:def:20925: Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
Type:
Web
Bulletins:
MITRE:20925
CVE-2012-5262
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:19994
Title:
oval:org.mitre.oval:def:19994: Integer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 and Adobe AIR before 3.5.0.880 on Windows, allows attackers to execute arbitrary code via unspecified vectors
Type:
Web
Bulletins:
MITRE:19994
CVE-2012-5677
Severity:
Low
Description:
Integer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20964
Title:
oval:org.mitre.oval:def:20964: Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
Type:
Web
Bulletins:
MITRE:20964
CVE-2012-5259
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20838
Title:
oval:org.mitre.oval:def:20838: Integer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 and Adobe AIR before 3.3.0.3610 on Windows, allows attackers to execute arbitrary code via unspecified vectors
Type:
Web
Bulletins:
MITRE:20838
CVE-2012-2036
Severity:
Low
Description:
Integer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20954
Title:
oval:org.mitre.oval:def:20954: Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
Type:
Web
Bulletins:
MITRE:20954
CVE-2012-5270
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20879
Title:
oval:org.mitre.oval:def:20879: Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
Type:
Web
Bulletins:
MITRE:20879
CVE-2012-5261
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20510
Title:
oval:org.mitre.oval:def:20510: Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
Type:
Web
Bulletins:
MITRE:20510
CVE-2012-5269
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20559
Title:
oval:org.mitre.oval:def:20559: Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
Type:
Web
Bulletins:
MITRE:20559
CVE-2012-5249
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20472
Title:
oval:org.mitre.oval:def:20472: Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on Windows allows remote attackers to execute arbitrary code via a crafted file, related to an "object confusion vulnerability"
Type:
Web
Bulletins:
MITRE:20472
CVE-2012-0779
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on Windows, Mac OS X, and Linux; before 11.1.111.9 on Android 2.x and 3.x; and before 11.1.115.8 on Android 4.x allows remote attackers to execute arbitrary code via a crafted file, related to an "object confusion vulnerability," as exploited in the wild in May 2012.
Applies to:
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20654
Title:
oval:org.mitre.oval:def:20654: Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 and Adobe AIR before 3.3.0.3610 on Windows, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
Type:
Web
Bulletins:
MITRE:20654
CVE-2012-2034
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2037.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20674
Title:
oval:org.mitre.oval:def:20674: Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
Type:
Web
Bulletins:
MITRE:20674
CVE-2012-5250
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20934
Title:
oval:org.mitre.oval:def:20934: Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
Type:
Web
Bulletins:
MITRE:20934
CVE-2012-5264
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20859
Title:
oval:org.mitre.oval:def:20859: Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
Type:
Web
Bulletins:
MITRE:20859
CVE-2012-5267
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20148
Title:
oval:org.mitre.oval:def:20148: Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
Type:
Web
Bulletins:
MITRE:20148
CVE-2012-5266
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20556
Title:
oval:org.mitre.oval:def:20556: Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 and Adobe AIR before 3.4.0.2540 on Windows, allow attackers to cause a denial of service (application crash) by leveraging a logic error during handling of Firefox dialogs
Type:
Web
Bulletins:
MITRE:20556
CVE-2012-4171
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow attackers to cause a denial of service (application crash) by leveraging a logic error during handling of Firefox dialogs.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20274
Title:
oval:org.mitre.oval:def:20274: Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 and Adobe AIR before 3.5.0.600 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than...
Type:
Web
Bulletins:
MITRE:20274
CVE-2012-5275
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5276, CVE-2012-5277, and CVE-2012-5280.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20701
Title:
oval:org.mitre.oval:def:20701: Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
Type:
Web
Bulletins:
MITRE:20701
CVE-2012-5286
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20772
Title:
oval:org.mitre.oval:def:20772: Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 and Adobe AIR before 3.5.0.880 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors
Type:
Web
Bulletins:
MITRE:20772
CVE-2012-5678
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20844
Title:
oval:org.mitre.oval:def:20844: Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
Type:
Web
Bulletins:
MITRE:20844
CVE-2012-5287
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20688
Title:
oval:org.mitre.oval:def:20688: Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
Type:
Web
Bulletins:
MITRE:20688
CVE-2012-5255
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20799
Title:
oval:org.mitre.oval:def:20799: Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
Type:
Web
Bulletins:
MITRE:20799
CVE-2012-5268
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20968
Title:
oval:org.mitre.oval:def:20968: Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other...
Type:
Web
Bulletins:
MITRE:20968
CVE-2012-5257
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20892
Title:
oval:org.mitre.oval:def:20892: Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 and Adobe AIR before 3.5.0.600 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than...
Type:
Web
Bulletins:
MITRE:20892
CVE-2012-5274
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, and CVE-2012-5280.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20840
Title:
oval:org.mitre.oval:def:20840: Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 and Adobe AIR before 3.3.0.3610 on Windows, allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors
Type:
Web
Bulletins:
MITRE:20840
CVE-2012-2039
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20904
Title:
oval:org.mitre.oval:def:20904: Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 and Adobe AIR before 3.5.0.600 on Windows, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than...
Type:
Web
Bulletins:
MITRE:20904
CVE-2012-5280
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, and CVE-2012-5277.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:20727
Title:
oval:org.mitre.oval:def:20727: Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 and Adobe AIR before 3.4.0.2710 on Windows, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
Type:
Web
Bulletins:
MITRE:20727
CVE-2012-5258
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-10
Updated:
2015-08-03

ID:
MITRE:19802
Title:
oval:org.mitre.oval:def:19802: Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows; Adobe AIR before 3.9.0.1210 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors,...
Type:
Web
Bulletins:
MITRE:19802
CVE-2013-5329
Severity:
Low
Description:
Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows and Mac OS X and before 11.2.202.327 on Linux, Adobe AIR before 3.9.0.1210, Adobe AIR SDK before 3.9.0.1210, and Adobe AIR SDK & Compiler before 3.9.0.1210 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-5330.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
MITRE:20078
Title:
oval:org.mitre.oval:def:20078: Use-after-free vulnerability in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified...
Type:
Web
Bulletins:
MITRE:20078
CVE-2013-0649
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0644 and CVE-2013-1374.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
MITRE:20004
Title:
oval:org.mitre.oval:def:20004: Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allow attackers to obtain sensitive information via unspecified vectors
Type:
Web
Bulletins:
MITRE:20004
CVE-2013-0637
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allow attackers to obtain sensitive information via unspecified vectors.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
MITRE:19805
Title:
oval:org.mitre.oval:def:19805: Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a...
Type:
Web
Bulletins:
MITRE:19805
CVE-2013-1367
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
MITRE:20044
Title:
oval:org.mitre.oval:def:20044: Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a...
Type:
Web
Bulletins:
MITRE:20044
CVE-2013-1365
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
MITRE:20125
Title:
oval:org.mitre.oval:def:20125: Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a...
Type:
Web
Bulletins:
MITRE:20125
CVE-2013-1369
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
MITRE:20133
Title:
oval:org.mitre.oval:def:20133: Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows; Adobe AIR before 3.9.0.1210 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors,...
Type:
Web
Bulletins:
MITRE:20133
CVE-2013-5330
Severity:
Low
Description:
Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows and Mac OS X and before 11.2.202.327 on Linux, Adobe AIR before 3.9.0.1210, Adobe AIR SDK before 3.9.0.1210, and Adobe AIR SDK & Compiler before 3.9.0.1210 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-5329.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
MITRE:20073
Title:
oval:org.mitre.oval:def:20073: Integer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors
Type:
Web
Bulletins:
MITRE:20073
CVE-2013-0639
Severity:
Low
Description:
Integer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
MITRE:19930
Title:
oval:org.mitre.oval:def:19930: Buffer overflow in the broker service in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows allows attackers to execute arbitrary code via unspecified vectors
Type:
Web
Bulletins:
MITRE:19930
CVE-2013-0504
Severity:
Low
Description:
Buffer overflow in the broker service in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
MITRE:20111
Title:
oval:org.mitre.oval:def:20111: Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a...
Type:
Web
Bulletins:
MITRE:20111
CVE-2013-0645
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
MITRE:20137
Title:
oval:org.mitre.oval:def:20137: Integer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows allows attackers to execute arbitrary code via PCM data that is not properly handled during resampling
Type:
Web
Bulletins:
MITRE:20137
CVE-2013-3347
Severity:
Low
Description:
Integer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code via PCM data that is not properly handled during resampling.
Applies to:
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
MITRE:20081
Title:
oval:org.mitre.oval:def:20081: The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content
Type:
Web
Bulletins:
MITRE:20081
CVE-2013-0643
Severity:
Low
Description:
The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.
Applies to:
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
MITRE:19467
Title:
oval:org.mitre.oval:def:19467: Buffer overflow in Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows, allows remote attackers to execute arbitrary code via crafted SWF content
Type:
Web
Bulletins:
MITRE:19467
CVE-2013-0633
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
MITRE:19869
Title:
oval:org.mitre.oval:def:19869: Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a...
Type:
Web
Bulletins:
MITRE:19869
CVE-2013-1370
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1372, and CVE-2013-1373.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
MITRE:19913
Title:
oval:org.mitre.oval:def:19913: Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows Adobe AIR before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different...
Type:
Web
Bulletins:
MITRE:19913
CVE-2013-5324
Severity:
Low
Description:
Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x; Adobe AIR before 3.8.0.1430; and Adobe AIR SDK & Compiler before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3361, CVE-2013-3362, and CVE-2013-3363.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
MITRE:19966
Title:
oval:org.mitre.oval:def:19966: Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a...
Type:
Web
Bulletins:
MITRE:19966
CVE-2013-1368
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
MITRE:19661
Title:
oval:org.mitre.oval:def:19661: Adobe Flash Player before 10.3.183.68, 11.x before 11.6.602.180 and Adobe AIR before 3.6.0.6090 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors
Type:
Web
Bulletins:
MITRE:19661
CVE-2013-1371
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
MITRE:19694
Title:
oval:org.mitre.oval:def:19694: Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows Adobe AIR before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different...
Type:
Web
Bulletins:
MITRE:19694
CVE-2013-3362
Severity:
Low
Description:
Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x; Adobe AIR before 3.8.0.1430; and Adobe AIR SDK & Compiler before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3361, CVE-2013-3363, and CVE-2013-5324.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
MITRE:19427
Title:
oval:org.mitre.oval:def:19427: Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than...
Type:
Web
Bulletins:
MITRE:19427
CVE-2013-1372
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, and CVE-2013-1373.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
MITRE:19898
Title:
oval:org.mitre.oval:def:19898: Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows allows remote attackers to execute arbitrary code via crafted SWF content
Type:
Web
Bulletins:
MITRE:19898
CVE-2013-0648
Severity:
Low
Description:
Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.
Applies to:
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
MITRE:19629
Title:
oval:org.mitre.oval:def:19629: Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Adobe AIR before 3.7.0.1530 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different...
Type:
Web
Bulletins:
MITRE:19629
CVE-2013-1380
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-1378.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
MITRE:19410
Title:
oval:org.mitre.oval:def:19410: Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a...
Type:
Web
Bulletins:
MITRE:19410
CVE-2013-1373
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, and CVE-2013-1372.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
MITRE:19907
Title:
oval:org.mitre.oval:def:19907: Integer overflow in Adobe Flash Player before 10.3.183.68, 11.x before 11.6.602.180 and Adobe AIR before 3.6.0.6090 on Windows allows attackers to execute arbitrary code via unspecified vectors
Type:
Web
Bulletins:
MITRE:19907
CVE-2013-0646
Severity:
Low
Description:
Integer overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
MITRE:19856
Title:
oval:org.mitre.oval:def:19856: Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Adobe AIR before 3.7.0.1530 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified...
Type:
Web
Bulletins:
MITRE:19856
CVE-2013-1378
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-1380.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
MITRE:19510
Title:
oval:org.mitre.oval:def:19510: Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability...
Type:
Web
Bulletins:
MITRE:19510
CVE-2013-1374
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0644 and CVE-2013-0649.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
MITRE:19824
Title:
oval:org.mitre.oval:def:19824: Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Adobe AIR before 3.7.0.1530 allows remote attackers to execute arbitrary code via unspecified vectors
Type:
Web
Bulletins:
MITRE:19824
CVE-2013-2555
Severity:
Low
Description:
Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
MITRE:19528
Title:
oval:org.mitre.oval:def:19528: Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors
Type:
Web
Bulletins:
MITRE:19528
CVE-2013-3345
Severity:
Low
Description:
Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
MITRE:20080
Title:
oval:org.mitre.oval:def:20080: Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via...
Type:
Web
Bulletins:
MITRE:20080
CVE-2013-0638
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-0647.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
MITRE:20011
Title:
oval:org.mitre.oval:def:20011: Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Adobe AIR before 3.7.0.1530 do not properly initialize pointer arrays, which allows attackers to execute arbitrary code or cause a...
Type:
Web
Bulletins:
MITRE:20011
CVE-2013-1379
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 do not properly initialize pointer arrays, which allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
MITRE:19929
Title:
oval:org.mitre.oval:def:19929: Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows Adobe AIR before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different...
Type:
Web
Bulletins:
MITRE:19929
CVE-2013-3363
Severity:
Low
Description:
Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x; Adobe AIR before 3.8.0.1430; and Adobe AIR SDK & Compiler before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3361, CVE-2013-3362, and CVE-2013-5324.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
MITRE:19826
Title:
oval:org.mitre.oval:def:19826: Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content
Type:
Web
Bulletins:
MITRE:19826
CVE-2013-0634
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, as exploited in the wild in February 2013.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
MITRE:20079
Title:
oval:org.mitre.oval:def:20079: Use-after-free vulnerability in Adobe Flash Player before 10.3.183.68, 11.x before 11.6.602.180 and Adobe AIR before 3.6.0.6090 on Windows allows attackers to execute arbitrary code via unspecified vectors
Type:
Web
Bulletins:
MITRE:20079
CVE-2013-0650
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
MITRE:20025
Title:
oval:org.mitre.oval:def:20025: Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via...
Type:
Web
Bulletins:
MITRE:20025
CVE-2013-0647
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-0638.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
MITRE:20006
Title:
oval:org.mitre.oval:def:20006: Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a...
Type:
Web
Bulletins:
MITRE:20006
CVE-2013-1366
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
MITRE:19957
Title:
oval:org.mitre.oval:def:19957: Heap-based buffer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows allows attackers to execute arbitrary code via unspecified vectors
Type:
Web
Bulletins:
MITRE:19957
CVE-2013-3344
Severity:
Low
Description:
Heap-based buffer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
MITRE:19525
Title:
oval:org.mitre.oval:def:19525: Use-after-free vulnerability in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified...
Type:
Web
Bulletins:
MITRE:19525
CVE-2013-0644
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0649 and CVE-2013-1374.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
MITRE:20096
Title:
oval:org.mitre.oval:def:20096: Buffer overflow in Adobe Flash Player before 10.3.183.50 and 11.x before 11.5.502.146 on Windows and in Adobe AIR before 3.5.0.1060, allows attackers to execute arbitrary code via unspecified vectors
Type:
Web
Bulletins:
MITRE:20096
CVE-2013-0630
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.50 and 11.x before 11.5.502.146 on Windows and Mac OS X, before 10.3.183.50 and 11.x before 11.2.202.261 on Linux, before 11.1.111.31 on Android 2.x and 3.x, and before 11.1.115.36 on Android 4.x; Adobe AIR before 3.5.0.1060; and Adobe AIR SDK before 3.5.0.1060 allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
MITRE:19896
Title:
oval:org.mitre.oval:def:19896: Heap-based buffer overflow in Adobe Flash Player before 10.3.183.68, 11.x before 11.6.602.180 and Adobe AIR before 3.6.0.6090 on Windows allows attackers to execute arbitrary code via unspecified vectors
Type:
Web
Bulletins:
MITRE:19896
CVE-2013-1375
Severity:
Low
Description:
Heap-based buffer overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
MITRE:19961
Title:
oval:org.mitre.oval:def:19961: Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a...
Type:
Web
Bulletins:
MITRE:19961
CVE-2013-0642
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
MITRE:20015
Title:
oval:org.mitre.oval:def:20015: Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows Adobe AIR before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different...
Type:
Web
Bulletins:
MITRE:20015
CVE-2013-3361
Severity:
Low
Description:
Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x; Adobe AIR before 3.8.0.1430; and Adobe AIR SDK & Compiler before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3362, CVE-2013-3363, and CVE-2013-5324.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-12-05
Updated:
2015-08-03

ID:
CVE-2013-6704
Title:
Cisco IOS XE does not properly manage memory for TFTP UDP flows, which allows remote attackers to cause a denial of service (memory consumption) via TFTP (1) client or (2) server traffic, aka Bug IDs CSCuh09324 and CSCty42686.
Type:
Hardware
Bulletins:
CVE-2013-6704
Severity:
High
Description:
Cisco IOS XE does not properly manage memory for TFTP UDP flows, which allows remote attackers to cause a denial of service (memory consumption) via TFTP (1) client or (2) server traffic, aka Bug IDs CSCuh09324 and CSCty42686.
Applies to:
Created:
2013-12-03
Updated:
2017-11-10

ID:
CVE-2013-6705
Title:
The IP Device Tracking (IPDT) feature in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (IPDT AVL corruption and device reload) via a crafted sequence of ARP packets, aka Bug ID CSCuh38133.
Type:
Hardware
Bulletins:
CVE-2013-6705
Severity:
Medium
Description:
The IP Device Tracking (IPDT) feature in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (IPDT AVL corruption and device reload) via a crafted sequence of ARP packets, aka Bug ID CSCuh38133.
Applies to:
Created:
2013-12-03
Updated:
2017-11-10

ID:
CVE-2013-6696
Title:
Cisco Adaptive Security Appliance (ASA) Software does not properly handle errors during the processing of DNS responses, which allows remote attackers to cause a denial of service (device reload) via a malformed response, aka Bug ID CSCuj28861.
Type:
Hardware
Bulletins:
CVE-2013-6696
Severity:
High
Description:
Cisco Adaptive Security Appliance (ASA) Software does not properly handle errors during the processing of DNS responses, which allows remote attackers to cause a denial of service (device reload) via a malformed response, aka Bug ID CSCuj28861.
Applies to:
Created:
2013-12-02
Updated:
2017-11-10

ID:
CVE-2013-6700
Title:
The SNMP module in Cisco IOS XR allows remote attackers to cause a denial of service (process reload) via a request for an unspecified MIB, aka Bug ID CSCuh43144.
Type:
Hardware
Bulletins:
CVE-2013-6700
Severity:
Medium
Description:
The SNMP module in Cisco IOS XR allows remote attackers to cause a denial of service (process reload) via a request for an unspecified MIB, aka Bug ID CSCuh43144.
Applies to:
Created:
2013-11-28
Updated:
2017-11-10

ID:
CVE-2013-6706
Title:
The Cisco Express Forwarding processing module in Cisco IOS XE allows remote attackers to cause a denial of service (device reload) via crafted MPLS packets that are not properly handled during IP header validation, aka Bug ID CSCuj23992.
Type:
Hardware
Bulletins:
CVE-2013-6706
SFBID63979
Severity:
Medium
Description:
The Cisco Express Forwarding processing module in Cisco IOS XE allows remote attackers to cause a denial of service (device reload) via crafted MPLS packets that are not properly handled during IP header validation, aka Bug ID CSCuj23992.
Applies to:
Created:
2013-11-28
Updated:
2017-11-10

ID:
CVE-2013-6694
Title:
The IPSec implementation in Cisco IOS allows remote attackers to cause a denial of service (MTU change and tunnel-session drop) via crafted ICMP packets, aka Bug ID CSCul29918.
Type:
Hardware
Bulletins:
CVE-2013-6694
Severity:
Medium
Description:
The IPSec implementation in Cisco IOS allows remote attackers to cause a denial of service (MTU change and tunnel-session drop) via crafted ICMP packets, aka Bug ID CSCul29918.
Applies to:
Created:
2013-11-22
Updated:
2017-11-10

ID:
CVE-2013-6698
Title:
The web interface on Cisco Wireless LAN Controller (WLC) devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site,...
Type:
Hardware
Bulletins:
CVE-2013-6698
Severity:
Medium
Description:
The web interface on Cisco Wireless LAN Controller (WLC) devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuf77821.
Applies to:
Created:
2013-11-22
Updated:
2017-11-10

ID:
CVE-2013-6699
Title:
The Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service via a crafted CAPWAP packet that triggers a buffer over-read,...
Type:
Hardware
Bulletins:
CVE-2013-6699
Severity:
Medium
Description:
The Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service via a crafted CAPWAP packet that triggers a buffer over-read, aka Bug ID CSCuh81880.
Applies to:
Created:
2013-11-22
Updated:
2017-11-10

ID:
CVE-2013-6692
Title:
Cisco IOS XE 3.8S(.2) and earlier does not properly use a DHCP pool during assignment of an IP address, which allows remote authenticated users to cause a denial of service (device reload) via an AAA packet that triggers an address requirement, aka...
Type:
Hardware
Bulletins:
CVE-2013-6692
Severity:
Medium
Description:
Cisco IOS XE 3.8S(.2) and earlier does not properly use a DHCP pool during assignment of an IP address, which allows remote authenticated users to cause a denial of service (device reload) via an AAA packet that triggers an address requirement, aka Bug ID CSCuh04949.
Applies to:
Created:
2013-11-21
Updated:
2017-11-10

ID:
CVE-2013-6693
Title:
The MLDP implementation in Cisco IOS 15.3(3)S and earlier on 7600 routers, when many VRFs are configured, allows remote attackers to cause a denial of service (chunk corruption and device reload) by establishing many multicast flows, aka Bug ID...
Type:
Hardware
Bulletins:
CVE-2013-6693
Severity:
Medium
Description:
The MLDP implementation in Cisco IOS 15.3(3)S and earlier on 7600 routers, when many VRFs are configured, allows remote attackers to cause a denial of service (chunk corruption and device reload) by establishing many multicast flows, aka Bug ID CSCue22345.
Applies to:
Cisco 7600 Series Routers
Created:
2013-11-21
Updated:
2017-11-10

ID:
CVE-2013-5556
Title:
The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual Security Gateway 4.2(1)VSG1(1) for Nexus 1000V switches...
Type:
Hardware
Bulletins:
CVE-2013-5556
Severity:
Medium
Description:
The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual Security Gateway 4.2(1)VSG1(1) for Nexus 1000V switches allows local users to gain privileges and execute arbitrary commands via crafted "install all iso" arguments, aka Bug ID CSCui21340.
Applies to:
Cisco Nexus 1000V VSM
Created:
2013-11-17
Updated:
2017-11-10

ID:
CVE-2013-5193
Title:
The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App purchase by leveraging previous...
Type:
Mobile Devices
Bulletins:
CVE-2013-5193
Severity:
Medium
Description:
The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App purchase by leveraging previous entry of Apple ID credentials.
Applies to:
Created:
2013-11-17
Updated:
2017-11-10

ID:
CVE-2013-6686
Title:
The SSL VPN implementation in Cisco IOS 15.3(1)T2 and earlier allows remote authenticated users to cause a denial of service (interface queue wedge) via crafted DTLS packets in an SSL session, aka Bug IDs CSCuh97409 and CSCud90568.
Type:
Hardware
Bulletins:
CVE-2013-6686
Severity:
Medium
Description:
The SSL VPN implementation in Cisco IOS 15.3(1)T2 and earlier allows remote authenticated users to cause a denial of service (interface queue wedge) via crafted DTLS packets in an SSL session, aka Bug IDs CSCuh97409 and CSCud90568.
Applies to:
Created:
2013-11-17
Updated:
2017-11-10

ID:
CVE-2013-6688
Title:
Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted...
Type:
Hardware
Bulletins:
CVE-2013-6688
Severity:
Medium
Description:
Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted path, aka Bug ID CSCui58222.
Applies to:
Unified Communications Manager
Created:
2013-11-17
Updated:
2017-11-10

ID:
CVE-2013-6689
Title:
Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or create arbitrary files, via an "overload" of the command-line utility, aka Bug ID CSCui58229.
Type:
Hardware
Bulletins:
CVE-2013-6689
Severity:
Medium
Description:
Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or create arbitrary files, via an "overload" of the command-line utility, aka Bug ID CSCui58229.
Applies to:
Unified Communications Manager
Created:
2013-11-17
Updated:
2017-11-10

ID:
CVE-2013-5552
Title:
Cisco IOS 12.4(24)MDB9 and earlier on Content Services Gateway (CSG) devices does not properly implement the "parse error drop" feature, which allows remote attackers to bypass intended access restrictions via a crafted series of packets, aka Bug ID...
Type:
Hardware
Bulletins:
CVE-2013-5552
Severity:
Medium
Description:
Cisco IOS 12.4(24)MDB9 and earlier on Content Services Gateway (CSG) devices does not properly implement the "parse error drop" feature, which allows remote attackers to bypass intended access restrictions via a crafted series of packets, aka Bug ID CSCug90143.
Applies to:
Created:
2013-11-13
Updated:
2017-11-10

ID:
CVE-2013-6683
Title:
The IPv6 implementation in Cisco NX-OS does not properly handle neighbor-table adjacencies, which allows remote attackers to cause a denial of service (NS processing outage) via a series of malformed packets, aka Bug ID CSCtd15904.
Type:
Hardware
Bulletins:
CVE-2013-6683
Severity:
Medium
Description:
The IPv6 implementation in Cisco NX-OS does not properly handle neighbor-table adjacencies, which allows remote attackers to cause a denial of service (NS processing outage) via a series of malformed packets, aka Bug ID CSCtd15904.
Applies to:
Created:
2013-11-13
Updated:
2017-11-10

ID:
CVE-2013-6684
Title:
The web framework on Cisco Wireless LAN Controller (WLC) devices does not properly validate configuration parameters, which allows remote authenticated users to cause a denial of service via a crafted HTTP request, aka Bug ID CSCuh81011.
Type:
Hardware
Bulletins:
CVE-2013-6684
Severity:
Medium
Description:
The web framework on Cisco Wireless LAN Controller (WLC) devices does not properly validate configuration parameters, which allows remote authenticated users to cause a denial of service via a crafted HTTP request, aka Bug ID CSCuh81011.
Applies to:
Created:
2013-11-13
Updated:
2017-11-10

ID:
CVE-2013-5553
Title:
Multiple memory leaks in Cisco IOS 15.1 before 15.1(4)M7 allow remote attackers to cause a denial of service (memory consumption or device reload) by sending a crafted SIP message over (1) IPv4 or (2) IPv6, aka Bug IDs CSCuc42558 and CSCug25383.
Type:
Hardware
Bulletins:
CVE-2013-5553
Severity:
High
Description:
Multiple memory leaks in Cisco IOS 15.1 before 15.1(4)M7 allow remote attackers to cause a denial of service (memory consumption or device reload) by sending a crafted SIP message over (1) IPv4 or (2) IPv6, aka Bug IDs CSCuc42558 and CSCug25383.
Applies to:
Created:
2013-11-07
Updated:
2017-11-10

ID:
CVE-2013-5565
Title:
The OSPFv3 functionality in Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (process crash) via a malformed LSA Type-1 packet, aka Bug ID CSCuj82176.
Type:
Hardware
Bulletins:
CVE-2013-5565
Severity:
Medium
Description:
The OSPFv3 functionality in Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (process crash) via a malformed LSA Type-1 packet, aka Bug ID CSCuj82176.
Applies to:
Created:
2013-11-07
Updated:
2017-11-10

ID:
CVE-2013-5566
Title:
Cisco NX-OS 5.0 and earlier on MDS 9000 devices allows remote attackers to cause a denial of service (supervisor CPU consumption) via Authentication Header (AH) authentication in a Virtual Router Redundancy Protocol (VRRP) frame, aka Bug ID CSCte27874.
Type:
Hardware
Bulletins:
CVE-2013-5566
Severity:
Medium
Description:
Cisco NX-OS 5.0 and earlier on MDS 9000 devices allows remote attackers to cause a denial of service (supervisor CPU consumption) via Authentication Header (AH) authentication in a Virtual Router Redundancy Protocol (VRRP) frame, aka Bug ID CSCte27874.
Applies to:
Created:
2013-11-07
Updated:
2017-11-10

ID:
CVE-2013-6618
Title:
jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary commands via the rsargs parameter in an exec action.
Type:
Hardware
Bulletins:
CVE-2013-6618
SFBID62305
Severity:
High
Description:
jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary commands via the rsargs parameter in an exec action.
Applies to:
Created:
2013-11-05
Updated:
2017-11-10

ID:
CVE-2013-5555
Title:
Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to cause a denial of service (service restart) via a crafted SIP message, aka Bug ID CSCub54349.
Type:
Hardware
Bulletins:
CVE-2013-5555
Severity:
Medium
Description:
Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to cause a denial of service (service restart) via a crafted SIP message, aka Bug ID CSCub54349.
Applies to:
Unified Communications Manager
Created:
2013-10-31
Updated:
2017-11-10

ID:
CVE-2013-5543
Title:
Cisco IOS XE 3.4 before 3.4.2S and 3.5 before 3.5.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via malformed ICMP error packets associated with a (1) TCP or (2) UDP session that is under inspection by...
Type:
Hardware
Bulletins:
CVE-2013-5543
Severity:
High
Description:
Cisco IOS XE 3.4 before 3.4.2S and 3.5 before 3.5.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via malformed ICMP error packets associated with a (1) TCP or (2) UDP session that is under inspection by the Zone-Based Firewall (ZBFW) component, aka Bug ID CSCtt26470.
Applies to:
Created:
2013-10-31
Updated:
2017-11-10

ID:
CVE-2013-5545
Title:
The PPTP ALG implementation in Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending many PPTP packets over NAT, aka Bug ID CSCuh19936.
Type:
Hardware
Bulletins:
CVE-2013-5545
Severity:
High
Description:
The PPTP ALG implementation in Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending many PPTP packets over NAT, aka Bug ID CSCuh19936.
Applies to:
Created:
2013-10-31
Updated:
2017-11-10

ID:
CVE-2013-5546
Title:
The TCP reassembly feature in Cisco IOS XE 3.7 before 3.7.3S and 3.8 before 3.8.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via large TCP packets that are processed by the (1) NAT or (2) ALG component,...
Type:
Hardware
Bulletins:
CVE-2013-5546
Severity:
High
Description:
The TCP reassembly feature in Cisco IOS XE 3.7 before 3.7.3S and 3.8 before 3.8.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via large TCP packets that are processed by the (1) NAT or (2) ALG component, aka Bug ID CSCud72509.
Applies to:
Created:
2013-10-31
Updated:
2017-11-10

ID:
CVE-2013-5547
Title:
Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending malformed EoGRE packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCuf08269.
Type:
Hardware
Bulletins:
CVE-2013-5547
Severity:
High
Description:
Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending malformed EoGRE packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCuf08269.
Applies to:
Created:
2013-10-31
Updated:
2017-11-10

ID:
CVE-2013-5548
Title:
The IKEv2 implementation in Cisco IOS, when AES-GCM or AES-GMAC is used, allows remote attackers to bypass certain IPsec anti-replay features via IPsec tunnel traffic, aka Bug ID CSCuj47795.
Type:
Hardware
Bulletins:
CVE-2013-5548
Severity:
Medium
Description:
The IKEv2 implementation in Cisco IOS, when AES-GCM or AES-GMAC is used, allows remote attackers to bypass certain IPsec anti-replay features via IPsec tunnel traffic, aka Bug ID CSCuj47795.
Applies to:
Created:
2013-10-31
Updated:
2017-11-10

ID:
CVE-2013-6012
Title:
Juniper Junos 12.1X44 before 12.1.X44-D20 and 12.1X45 before 12.1X45-D15, when the no-validate option is enabled, does not properly handle configuration validation errors during the config commit phase of the boot-up sequence, which allows remote...
Type:
Hardware
Bulletins:
CVE-2013-6012
SFBID63389
Severity:
High
Description:
Juniper Junos 12.1X44 before 12.1.X44-D20 and 12.1X45 before 12.1X45-D15, when the no-validate option is enabled, does not properly handle configuration validation errors during the config commit phase of the boot-up sequence, which allows remote attackers to bypass authentication via unspecified vectors.
Applies to:
Created:
2013-10-28
Updated:
2017-11-10

ID:
CVE-2013-6014
Title:
Juniper Junos 10.4 before 10.4S15, 11.4 before 11.4R9, 11.4X27 before 11.4X27.44, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.2 before 12.2R6, 12.3 before 12.3R3, 13.1 before 13.1R3, and 13.2 before 13.2R1, when...
Type:
Hardware
Bulletins:
CVE-2013-6014
Severity:
Medium
Description:
Juniper Junos 10.4 before 10.4S15, 11.4 before 11.4R9, 11.4X27 before 11.4X27.44, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.2 before 12.2R6, 12.3 before 12.3R3, 13.1 before 13.1R3, and 13.2 before 13.2R1, when Proxy ARP is enabled on an unnumbered interface, allows remote attackers to perform ARP poisoning attacks and possibly obtain sensitive information via a crafted ARP message.
Applies to:
Created:
2013-10-28
Updated:
2017-11-10

ID:
MITRE:19032
Title:
oval:org.mitre.oval:def:19032: Unspecified vulnerability in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Type:
Software
Bulletins:
MITRE:19032
CVE-2013-5774
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries.
Applies to:
Java Runtime Environment
Created:
2013-10-24
Updated:
2015-03-23

ID:
MITRE:19188
Title:
oval:org.mitre.oval:def:19188: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, and JRockit R27.7.6 and earlier
Type:
Software
Bulletins:
MITRE:19188
CVE-2013-5804
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, and JRockit R27.7.6 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Javadoc.
Applies to:
JRockit
Java Runtime Environment
Created:
2013-10-24
Updated:
2015-03-23

ID:
MITRE:19207
Title:
oval:org.mitre.oval:def:19207: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
Type:
Software
Bulletins:
MITRE:19207
CVE-2013-5802
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP.
Applies to:
JRockit
Java Runtime Environment
Created:
2013-10-24
Updated:
2015-03-23

ID:
MITRE:19088
Title:
oval:org.mitre.oval:def:19088: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Type:
Software
Bulletins:
MITRE:19088
CVE-2013-5783
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Swing.
Applies to:
Java Runtime Environment
Created:
2013-10-24
Updated:
2015-03-23

ID:
MITRE:18645
Title:
oval:org.mitre.oval:def:18645: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
Type:
Software
Bulletins:
MITRE:18645
CVE-2013-5782
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Applies to:
JRockit
Java Runtime Environment
Created:
2013-10-24
Updated:
2015-03-23

ID:
MITRE:18874
Title:
oval:org.mitre.oval:def:18874: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
Type:
Software
Bulletins:
MITRE:18874
CVE-2013-5803
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JGSS.
Applies to:
JRockit
Java Runtime Environment
Created:
2013-10-24
Updated:
2015-03-23

ID:
MITRE:18733
Title:
oval:org.mitre.oval:def:18733: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Type:
Software
Bulletins:
MITRE:18733
CVE-2013-5790
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to BEANS.
Applies to:
Java Runtime Environment
Created:
2013-10-24
Updated:
2015-03-23

ID:
MITRE:18990
Title:
oval:org.mitre.oval:def:18990: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Type:
Software
Bulletins:
MITRE:18990
CVE-2013-5840
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
Applies to:
Java Runtime Environment
Created:
2013-10-24
Updated:
2015-03-23

ID:
MITRE:19150
Title:
oval:org.mitre.oval:def:19150: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Type:
Software
Bulletins:
MITRE:19150
CVE-2013-5850
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Applies to:
Java Runtime Environment
Created:
2013-10-24
Updated:
2015-03-23

ID:
MITRE:19185
Title:
oval:org.mitre.oval:def:19185: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Type:
Software
Bulletins:
MITRE:19185
CVE-2013-5814
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA.
Applies to:
Java Runtime Environment
Created:
2013-10-24
Updated:
2015-03-23

ID:
MITRE:18436
Title:
oval:org.mitre.oval:def:18436: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Type:
Software
Bulletins:
MITRE:18436
CVE-2013-5842
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Applies to:
Java Runtime Environment
Created:
2013-10-24
Updated:
2015-03-23

ID:
MITRE:19002
Title:
oval:org.mitre.oval:def:19002: Unspecified vulnerability in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Type:
Software
Bulletins:
MITRE:19002
CVE-2013-3829
Severity:
Low
Description:
Unspecified vulnerability in the Java SE, Java SE Embedded component in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.
Applies to:
Java Runtime Environment
Created:
2013-10-24
Updated:
2015-03-23

ID:
MITRE:18894
Title:
oval:org.mitre.oval:def:18894: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Type:
Software
Bulletins:
MITRE:18894
CVE-2013-5801
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D.
Applies to:
Java Runtime Environment
Created:
2013-10-24
Updated:
2015-03-23

ID:
MITRE:19020
Title:
oval:org.mitre.oval:def:19020: Unspecified vulnerability in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Type:
Software
Bulletins:
MITRE:19020
CVE-2013-5778
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D.
Applies to:
Java Runtime Environment
Created:
2013-10-24
Updated:
2015-03-23

ID:
MITRE:19101
Title:
oval:org.mitre.oval:def:19101: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
Type:
Software
Bulletins:
MITRE:19101
CVE-2013-5780
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
Applies to:
JRockit
Java Runtime Environment
Created:
2013-10-24
Updated:
2015-03-23

ID:
MITRE:19024
Title:
oval:org.mitre.oval:def:19024: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Type:
Software
Bulletins:
MITRE:19024
CVE-2013-5817
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI.
Applies to:
Java Runtime Environment
Created:
2013-10-24
Updated:
2015-03-23

ID:
MITRE:18504
Title:
oval:org.mitre.oval:def:18504: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Type:
Software
Bulletins:
MITRE:18504
CVE-2013-5809
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Applies to:
Java Runtime Environment
Created:
2013-10-24
Updated:
2015-03-23

ID:
MITRE:19189
Title:
oval:org.mitre.oval:def:19189: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Type:
Software
Bulletins:
MITRE:19189
CVE-2013-5829
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Applies to:
Java Runtime Environment
Created:
2013-10-24
Updated:
2015-03-23

ID:
MITRE:18971
Title:
oval:org.mitre.oval:def:18971: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Type:
Software
Bulletins:
MITRE:18971
CVE-2013-5849
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to AWT.
Applies to:
Java Runtime Environment
Created:
2013-10-24
Updated:
2015-03-23

ID:
MITRE:19046
Title:
oval:org.mitre.oval:def:19046: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
Type:
Software
Bulletins:
MITRE:19046
CVE-2013-5825
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JAXP.
Applies to:
JRockit
Java Runtime Environment
Created:
2013-10-24
Updated:
2015-03-23

ID:
MITRE:19096
Title:
oval:org.mitre.oval:def:19096: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
Type:
Software
Bulletins:
MITRE:19096
CVE-2013-5830
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Applies to:
JRockit
Java Runtime Environment
Created:
2013-10-24
Updated:
2015-03-23

ID:
CVE-2013-5522
Title:
Cisco IOS on Catalyst 3750X switches has default Service Module credentials, which makes it easier for local users to gain privileges via a Service Module login, aka Bug ID CSCue92286.
Type:
Hardware
Bulletins:
CVE-2013-5522
Severity:
Medium
Description:
Cisco IOS on Catalyst 3750X switches has default Service Module credentials, which makes it easier for local users to gain privileges via a Service Module login, aka Bug ID CSCue92286.
Applies to:
Cisco Catalyst 3750X
Created:
2013-10-24
Updated:
2017-11-10

ID:
CVE-2013-5549
Title:
Cisco IOS XR 3.8.1 through 4.2.0 does not properly process fragmented packets within the RP-A, RP-B, PRP, and DRP-B route-processor components, which allows remote attackers to cause a denial of service (transmission outage) via (1) IPv4 or (2) IPv6...
Type:
Hardware
Bulletins:
CVE-2013-5549
Severity:
High
Description:
Cisco IOS XR 3.8.1 through 4.2.0 does not properly process fragmented packets within the RP-A, RP-B, PRP, and DRP-B route-processor components, which allows remote attackers to cause a denial of service (transmission outage) via (1) IPv4 or (2) IPv6 traffic, aka Bug ID CSCuh30380.
Applies to:
Created:
2013-10-24
Updated:
2017-11-10

ID:
CVE-2013-5144
Title:
Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emergency-call button during a certain...
Type:
Mobile Devices
Bulletins:
CVE-2013-5144
Severity:
Low
Description:
Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emergency-call button during a certain notification and camera-pane state to trigger a NULL pointer dereference.
Applies to:
Created:
2013-10-23
Updated:
2017-11-10

ID:
CVE-2013-5162
Title:
Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcode-entry view after use of the Phone app.
Type:
Mobile Devices
Bulletins:
CVE-2013-5162
Severity:
Low
Description:
Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcode-entry view after use of the Phone app.
Applies to:
Created:
2013-10-23
Updated:
2017-11-10

ID:
CVE-2013-5164
Title:
Multiple race conditions in the Phone app in Apple iOS before 7.0.3 allow physically proximate attackers to bypass the locked state, and dial the telephone numbers in arbitrary Contacts entries, by visiting the Contacts pane.
Type:
Mobile Devices
Bulletins:
CVE-2013-5164
Severity:
Low
Description:
Multiple race conditions in the Phone app in Apple iOS before 7.0.3 allow physically proximate attackers to bypass the locked state, and dial the telephone numbers in arbitrary Contacts entries, by visiting the Contacts pane.
Applies to:
Created:
2013-10-23
Updated:
2017-11-10

ID:
CVE-2013-6027
Title:
Stack-based buffer overflow in the RuntimeDiagnosticPing function in /bin/webs on D-Link DIR-100 routers might allow remote authenticated administrators to execute arbitrary commands via a long set/runtime/diagnostic/pingIp parameter to...
Type:
Hardware
Bulletins:
CVE-2013-6027
Severity:
High
Description:
Stack-based buffer overflow in the RuntimeDiagnosticPing function in /bin/webs on D-Link DIR-100 routers might allow remote authenticated administrators to execute arbitrary commands via a long set/runtime/diagnostic/pingIp parameter to Tools/tools_misc.xgi.
Applies to:
DIR-100
Created:
2013-10-19
Updated:
2017-11-10

ID:
CVE-2013-4689
Title:
J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1R before 12.1R6, 12.1X44 before 12.1X44-D15, 12.1x45 before 12.1X45-D10, 12.2 before 12.2R3, 12.3 before 12.3R2, and 13.1 before 13.1R3 allow remote attackers to bypass the cross-site...
Type:
Hardware
Bulletins:
CVE-2013-4689
SFBID62940
Severity:
Medium
Description:
J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1R before 12.1R6, 12.1X44 before 12.1X44-D15, 12.1x45 before 12.1X45-D10, 12.2 before 12.2R3, 12.3 before 12.3R2, and 13.1 before 13.1R3 allow remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism and hijack the authentication of administrators for requests that (1) create new administrator accounts or (2) have other unspecified impacts.
Applies to:
Created:
2013-10-17
Updated:
2017-11-10

ID:
CVE-2013-6013
Title:
Buffer overflow in the flow daemon (flowd) in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7-S2, 12.1.X44 before 12.1X44-D15, 12.1X45 before 12.1X45-D10 on SRX devices, when using telnet pass-through authentication on the firewall, might...
Type:
Hardware
Bulletins:
CVE-2013-6013
SFBID62962
Severity:
Medium
Description:
Buffer overflow in the flow daemon (flowd) in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7-S2, 12.1.X44 before 12.1X44-D15, 12.1X45 before 12.1X45-D10 on SRX devices, when using telnet pass-through authentication on the firewall, might allow remote attackers to execute arbitrary code via a crafted telnet message.
Applies to:
Created:
2013-10-17
Updated:
2017-11-10

ID:
CVE-2013-6015
Title:
Juniper Junos before 10.4S14, 11.4 before 11.4R5-S2, 12.1R before 12.1R3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D15 on SRX Series services gateways, when a plugin using TCP proxy is configured, allows remote attackers to cause a...
Type:
Hardware
Bulletins:
CVE-2013-6015
Severity:
Medium
Description:
Juniper Junos before 10.4S14, 11.4 before 11.4R5-S2, 12.1R before 12.1R3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D15 on SRX Series services gateways, when a plugin using TCP proxy is configured, allows remote attackers to cause a denial of service (flow daemon crash) via an unspecified sequence of TCP packets.
Applies to:
Created:
2013-10-17
Updated:
2017-11-10

ID:
CVE-2013-6170
Title:
Juniper Junos 10.0 before 10.0S28, 10.4 before 10.4R7, 11.1 before 11.1R5, 11.2 before 11.2R2, and 11.4 before 11.4R1, when in a Next-Generation Multicast VPN (NGEN MVPN) environment, allows remote attackers to cause a denial of service (RPD routing...
Type:
Hardware
Bulletins:
CVE-2013-6170
SFBID62973
Severity:
Medium
Description:
Juniper Junos 10.0 before 10.0S28, 10.4 before 10.4R7, 11.1 before 11.1R5, 11.2 before 11.2R2, and 11.4 before 11.4R1, when in a Next-Generation Multicast VPN (NGEN MVPN) environment, allows remote attackers to cause a denial of service (RPD routing daemon crash) via a large number of crafted PIM (S,G) join requests.
Applies to:
Created:
2013-10-17
Updated:
2017-11-10

ID:
MITRE:19136
Title:
oval:org.mitre.oval:def:19136: Cross-site scripting vulnerability in Microsoft SharePoint () - MS13-067
Type:
Software
Bulletins:
MITRE:19136
CVE-2013-3180
Severity:
Low
Description:
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 and SP2 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted POST request, aka "POST XSS Vulnerability."
Applies to:
Microsoft SharePoint Foundation 2010
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2010
Microsoft SharePoint Server 2013
Created:
2013-10-16
Updated:
2015-06-15

ID:
MITRE:19036
Title:
oval:org.mitre.oval:def:19036: Denial of service vulnerability in Microsoft SharePoint () - MS13-067
Type:
Software
Bulletins:
MITRE:19036
CVE-2013-0081
Severity:
Low
Description:
Microsoft SharePoint Portal Server 2003 SP3 and SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 do not properly process unassigned workflows, which allows remote attackers to cause a denial of service (W3WP process hang) via a crafted URL, aka "SharePoint Denial of Service Vulnerability."
Applies to:
Microsoft SharePoint Foundation 2010
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2007
Microsoft SharePoint Server 2010
Microsoft SharePoint Server 2013
Microsoft SharePoint Services 2.0
Microsoft SharePoint Services 3.0
Created:
2013-10-16
Updated:
2015-06-15

ID:
MITRE:18750
Title:
oval:org.mitre.oval:def:18750: Cross-site scripting vulnerability in Microsoft SharePoint () - MS13-067
Type:
Software
Bulletins:
MITRE:18750
CVE-2013-3179
Severity:
Low
Description:
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "SharePoint XSS Vulnerability."
Applies to:
Microsoft SharePoint Foundation 2010
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2007
Microsoft SharePoint Server 2010
Microsoft SharePoint Server 2013
Microsoft SharePoint Services 3.0
Created:
2013-10-16
Updated:
2015-06-15

ID:
CVE-2012-4076
Title:
Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in a command that calls the system library function, aka Bug IDs CSCtf23559 and CSCtf27780.
Type:
Hardware
Bulletins:
CVE-2012-4076
SFBID62848
Severity:
Medium
Description:
Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in a command that calls the system library function, aka Bug IDs CSCtf23559 and CSCtf27780.
Applies to:
Created:
2013-10-13
Updated:
2017-11-10

ID:
CVE-2012-4077
Title:
Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via the sed e option, aka Bug IDs CSCtf25457 and CSCtf27651.
Type:
Hardware
Bulletins:
CVE-2012-4077
SFBID62849
Severity:
Medium
Description:
Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via the sed e option, aka Bug IDs CSCtf25457 and CSCtf27651.
Applies to:
Created:
2013-10-13
Updated:
2017-11-10

ID:
CVE-2012-4097
Title:
The BGP implementation in Cisco NX-OS does not properly filter segment types in AS paths, which allows remote attackers to cause a denial of service (BGP service reset) via a malformed UPDATE message, aka Bug ID CSCtn13043.
Type:
Hardware
Bulletins:
CVE-2012-4097
Severity:
Medium
Description:
The BGP implementation in Cisco NX-OS does not properly filter segment types in AS paths, which allows remote attackers to cause a denial of service (BGP service reset) via a malformed UPDATE message, aka Bug ID CSCtn13043.
Applies to:
Created:
2013-10-13
Updated:
2017-11-10

ID:
CVE-2012-4099
Title:
The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13065.
Type:
Hardware
Bulletins:
CVE-2012-4099
Severity:
Medium
Description:
The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13065.
Applies to:
Created:
2013-10-13
Updated:
2017-11-10

ID:
CVE-2012-4121
Title:
Cisco NX-OS allows local users to gain privileges, and read or modify arbitrary files, via the sed (1) r and (2) w commands, aka Bug IDs CSCts56559, CSCts56565, CSCts56570, and CSCts56574.
Type:
Hardware
Bulletins:
CVE-2012-4121
Severity:
Medium
Description:
Cisco NX-OS allows local users to gain privileges, and read or modify arbitrary files, via the sed (1) r and (2) w commands, aka Bug IDs CSCts56559, CSCts56565, CSCts56570, and CSCts56574.
Applies to:
Created:
2013-10-13
Updated:
2017-11-10

ID:
CVE-2013-5499
Title:
The remember feature in the DHCP server in Cisco IOS allows remote attackers to cause a denial of service (device reload) by acquiring a lease and then sending a DHCPRELEASE message, aka Bug ID CSCuh46822.
Type:
Hardware
Bulletins:
CVE-2013-5499
Severity:
Medium
Description:
The remember feature in the DHCP server in Cisco IOS allows remote attackers to cause a denial of service (device reload) by acquiring a lease and then sending a DHCPRELEASE message, aka Bug ID CSCuh46822.
Applies to:
Created:
2013-10-10
Updated:
2017-11-10

ID:
CVE-2013-5527
Title:
The OSPF functionality in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted options in an LSA type 11 packet, aka Bug ID CSCui21030.
Type:
Hardware
Bulletins:
CVE-2013-5527
SFBID62904
Severity:
Medium
Description:
The OSPF functionality in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted options in an LSA type 11 packet, aka Bug ID CSCui21030.
Applies to:
Created:
2013-10-10
Updated:
2017-11-10

ID:
CVE-2013-5528
Title:
Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug...
Type:
Hardware
Bulletins:
CVE-2013-5528
SFBID62960
Severity:
Medium
Description:
Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815.
Applies to:
Unified Communications Manager
Created:
2013-10-10
Updated:
2017-11-10

ID:
CVE-2012-4075
Title:
Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in unspecified command parameters, aka Bug IDs CSCtf19827 and CSCtf27788.
Type:
Hardware
Bulletins:
CVE-2012-4075
SFBID62837
Severity:
High
Description:
Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in unspecified command parameters, aka Bug IDs CSCtf19827 and CSCtf27788.
Applies to:
Created:
2013-10-05
Updated:
2017-11-10

ID:
CVE-2012-4090
Title:
The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089.
Type:
Hardware
Bulletins:
CVE-2012-4090
SFBID62841
Severity:
Medium
Description:
The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089.
Applies to:
Cisco Nexus 7000
Cisco Nexus 7000-9slot
Cisco Nexus 7010
Cisco Nexus 7018
Created:
2013-10-05
Updated:
2017-11-10

ID:
CVE-2012-4091
Title:
The RIP service engine in Cisco NX-OS allows remote attackers to cause a denial of service (engine restart) via a malformed (1) RIPv4 or (2) RIPv6 message, aka Bug ID CSCtj73415.
Type:
Hardware
Bulletins:
CVE-2012-4091
SFBID62838
Severity:
Medium
Description:
The RIP service engine in Cisco NX-OS allows remote attackers to cause a denial of service (engine restart) via a malformed (1) RIPv4 or (2) RIPv6 message, aka Bug ID CSCtj73415.
Applies to:
Created:
2013-10-05
Updated:
2017-11-10

ID:
CVE-2012-4098
Title:
The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13055.
Type:
Hardware
Bulletins:
CVE-2012-4098
Severity:
Medium
Description:
The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13055.
Applies to:
Created:
2013-10-05
Updated:
2017-11-10

ID:
CVE-2012-4122
Title:
The CLI parser in Cisco NX-OS allows local users to bypass intended access restrictions, and overwrite or create arbitrary files, via shell output redirection, aka Bug IDs CSCts56672 and CSCts56669.
Type:
Hardware
Bulletins:
CVE-2012-4122
SFBID62843
Severity:
Medium
Description:
The CLI parser in Cisco NX-OS allows local users to bypass intended access restrictions, and overwrite or create arbitrary files, via shell output redirection, aka Bug IDs CSCts56672 and CSCts56669.
Applies to:
Created:
2013-10-05
Updated:
2017-11-10

ID:
CVE-2012-4141
Title:
Directory traversal vulnerability in the CLI parser in Cisco NX-OS allows local users to create arbitrary script files via a relative pathname in the "file name" parameter, aka Bug IDs CSCua71557 and CSCua71551.
Type:
Hardware
Bulletins:
CVE-2012-4141
SFBID62839
Severity:
Medium
Description:
Directory traversal vulnerability in the CLI parser in Cisco NX-OS allows local users to create arbitrary script files via a relative pathname in the "file name" parameter, aka Bug IDs CSCua71557 and CSCua71551.
Applies to:
Created:
2013-10-05
Updated:
2017-11-10

ID:
CVE-2013-5519
Title:
Cross-site scripting (XSS) vulnerability in the management interface on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuf77810.
Type:
Hardware
Bulletins:
CVE-2013-5519
SFBID62787
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in the management interface on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuf77810.
Applies to:
Created:
2013-10-03
Updated:
2017-11-10

ID:
MITRE:18087
Title:
oval:org.mitre.oval:def:18087: Apache Subversion vulnerability 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 in VisualSVN Server
Type:
Software
Bulletins:
MITRE:18087
CVE-2013-1846
Severity:
Low
Description:
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
MITRE:18790
Title:
oval:org.mitre.oval:def:18790: Apache HTTP vulnerability from 2.2.x before 2.2.25 in VisualSVN Server
Type:
Software
Bulletins:
MITRE:18790
CVE-2013-1862
Severity:
Low
Description:
mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
MITRE:18999
Title:
oval:org.mitre.oval:def:18999: Apache Subversion vulnerability 1.5.x and 1.6.x before 1.6.17 in VisualSVN Server
Type:
Software
Bulletins:
MITRE:18999
CVE-2011-1921
Severity:
Low
Description:
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
MITRE:19016
Title:
oval:org.mitre.oval:def:19016: OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d in VisualSVN Server
Type:
Software
Bulletins:
MITRE:19016
CVE-2013-0169
Severity:
Low
Description:
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
MITRE:19057
Title:
oval:org.mitre.oval:def:19057: Apache Subversion vulnerability 1.6.0 before 1.6.23 and 1.7.x before 1.7.10 in VisualSVN Server
Type:
Software
Bulletins:
MITRE:19057
CVE-2013-2112
Severity:
Low
Description:
The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
MITRE:18154
Title:
oval:org.mitre.oval:def:18154: Apache HTTP vulnerability before 2.2.21 in VisualSVN Server
Type:
Software
Bulletins:
MITRE:18154
CVE-2011-3348
Severity:
Low
Description:
The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
MITRE:18985
Title:
oval:org.mitre.oval:def:18985: OpenSSL vulnerability 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c in VisualSVN Server
Type:
Software
Bulletins:
MITRE:18985
CVE-2011-0014
Severity:
Low
Description:
ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability."
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
MITRE:18868
Title:
oval:org.mitre.oval:def:18868: OpenSSL vulnerability 1.0.1 before 1.0.1d in VisualSVN Server
Type:
Software
Bulletins:
MITRE:18868
CVE-2012-2686
Severity:
Low
Description:
crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
MITRE:19081
Title:
oval:org.mitre.oval:def:19081: OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d in VisualSVN Server
Type:
Software
Bulletins:
MITRE:19081
CVE-2013-0166
Severity:
Low
Description:
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
MITRE:18772
Title:
oval:org.mitre.oval:def:18772: Apache Subversion vulnerability 1.6.0 before 1.6.23 in VisualSVN Server
Type:
Software
Bulletins:
MITRE:18772
CVE-2013-2088
Severity:
Low
Description:
Contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
MITRE:18889
Title:
oval:org.mitre.oval:def:18889: Apache Subversion vulnerability 1.5.x and 1.6.x before 1.6.17 in VisualSVN Server
Type:
Software
Bulletins:
MITRE:18889
CVE-2011-1783
Severity:
Low
Description:
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
MITRE:18827
Title:
oval:org.mitre.oval:def:18827: Apache HTTP vulnerability 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 in VisualSVN Server
Type:
Software
Bulletins:
MITRE:18827
CVE-2011-3192
Severity:
Low
Description:
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
MITRE:18554
Title:
oval:org.mitre.oval:def:18554: Apache Subversion vulnerability from 1.4.0 through 1.7.12 and from 1.8.0 through 1.8.1 in VisualSVN Server
Type:
Software
Bulletins:
MITRE:18554
CVE-2013-4277
Severity:
Low
Description:
Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
MITRE:18973
Title:
oval:org.mitre.oval:def:18973: Apache Subversion vulnerability 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 in VisualSVN Server
Type:
Software
Bulletins:
MITRE:18973
CVE-2013-1845
Severity:
Low
Description:
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
MITRE:18538
Title:
oval:org.mitre.oval:def:18538: Apache Subversion vulnerability 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 in VisualSVN Server
Type:
Software
Bulletins:
MITRE:18538
CVE-2013-1847
Severity:
Low
Description:
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
MITRE:18967
Title:
oval:org.mitre.oval:def:18967: Apache Subversion vulnerability before 1.6.16 in VisualSVN Server
Type:
Software
Bulletins:
MITRE:18967
CVE-2011-0715
Severity:
Low
Description:
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
MITRE:18986
Title:
oval:org.mitre.oval:def:18986: Apache Subversion vulnerability 1.6.0 before 1.6.23 and 1.7.x before 1.7.10 in VisualSVN Server
Type:
Software
Bulletins:
MITRE:18986
CVE-2013-1968
Severity:
Low
Description:
Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
MITRE:18621
Title:
oval:org.mitre.oval:def:18621: Apache Subversion vulnerability from 1.7.0 through 1.7.10 and from 1.8.x before 1.8.1 in VisualSVN Server
Type:
Software
Bulletins:
MITRE:18621
CVE-2013-4131
Severity:
Low
Description:
The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
MITRE:18788
Title:
oval:org.mitre.oval:def:18788: Apache Subversion vulnerability 1.7.0 through 1.7.8 in VisualSVN Server
Type:
Software
Bulletins:
MITRE:18788
CVE-2013-1884
Severity:
Low
Description:
The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
MITRE:18980
Title:
oval:org.mitre.oval:def:18980: Apache Subversion vulnerability 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 in VisualSVN Server
Type:
Software
Bulletins:
MITRE:18980
CVE-2013-1849
Severity:
Low
Description:
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
MITRE:18910
Title:
oval:org.mitre.oval:def:18910: OpenSSL vulnerability before 0.9.8q, and 1.0.x before 1.0.0c in VisualSVN Server
Type:
Software
Bulletins:
MITRE:18910
CVE-2010-4180
Severity:
Low
Description:
OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
MITRE:18922
Title:
oval:org.mitre.oval:def:18922: Apache Subversion vulnerability before 1.6.17 in VisualSVN Server
Type:
Software
Bulletins:
MITRE:18922
CVE-2011-1752
Severity:
Low
Description:
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
MITRE:18835
Title:
oval:org.mitre.oval:def:18835: Apache HTTP vulnerability before 2.2.25 in VisualSVN Server
Type:
Software
Bulletins:
MITRE:18835
CVE-2013-1896
Severity:
Low
Description:
mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
MITRE:19039
Title:
oval:org.mitre.oval:def:19039: OpenSSL vulnerability before 1.0.0c in VisualSVN Server
Type:
Software
Bulletins:
MITRE:19039
CVE-2010-4252
Severity:
Low
Description:
OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
MITRE:19007
Title:
oval:org.mitre.oval:def:19007: Apache Subversion vulnerability 1.5.x before 1.5.8 and 1.6.x before 1.6.13 in VisualSVN Server
Type:
Software
Bulletins:
MITRE:19007
CVE-2010-3315
Severity:
Low
Description:
authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
Applies to:
VisualSVN Server
Created:
2013-10-02
Updated:
2015-05-04

ID:
CVE-2013-5503
Title:
The UDP process in Cisco IOS XR 4.3.1 does not free packet memory upon detecting full packet queues, which allows remote attackers to cause a denial of service (memory consumption) via UDP packets to listening ports, aka Bug ID CSCue69413.
Type:
Hardware
Bulletins:
CVE-2013-5503
Severity:
High
Description:
The UDP process in Cisco IOS XR 4.3.1 does not free packet memory upon detecting full packet queues, which allows remote attackers to cause a denial of service (memory consumption) via UDP packets to listening ports, aka Bug ID CSCue69413.
Applies to:
Created:
2013-10-02
Updated:
2017-11-10

ID:
CVE-2013-5516
Title:
The Media Snapshot implementation on Cisco TelePresence Multipoint Switch (CTMS) devices allows remote authenticated users to cause a denial of service (device reload) by sending many Media Snapshot requests at the time of a meeting termination, aka...
Type:
Hardware
Bulletins:
CVE-2013-5516
Severity:
Medium
Description:
The Media Snapshot implementation on Cisco TelePresence Multipoint Switch (CTMS) devices allows remote authenticated users to cause a denial of service (device reload) by sending many Media Snapshot requests at the time of a meeting termination, aka Bug ID CSCuh44796.
Applies to:
Cisco Telepresence Multipoint Switch
Created:
2013-09-30
Updated:
2017-11-10

ID:
MITRE:18997
Title:
oval:org.mitre.oval:def:18997: The iTunes ActiveX control in Apple iTunes before 11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site
Type:
Software
Bulletins:
MITRE:18997
CVE-2013-1035
Severity:
Low
Description:
The iTunes ActiveX control in Apple iTunes before 11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
Applies to:
Apple iTunes
Created:
2013-09-27
Updated:
2015-06-22

ID:
CVE-2013-5472
Title:
The NTP implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.1, and IOS XE 2.1 through 3.3, does not properly handle encapsulation of multicast NTP packets within MSDP SA messages, which allows remote attackers to cause a denial of...
Type:
Hardware
Bulletins:
CVE-2013-5472
Severity:
High
Description:
The NTP implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.1, and IOS XE 2.1 through 3.3, does not properly handle encapsulation of multicast NTP packets within MSDP SA messages, which allows remote attackers to cause a denial of service (device reload) by leveraging an MSDP peer relationship, aka Bug ID CSCuc81226.
Applies to:
Created:
2013-09-27
Updated:
2017-11-10

ID:
CVE-2013-5473
Title:
Memory leak in Cisco IOS 12.2, 15.1, and 15.2; IOS XE 3.4.2S through 3.4.5S; and IOS XE 3.6.xS before 3.6.1S allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed IKEv1 packets, aka Bug ID CSCtx66011.
Type:
Hardware
Bulletins:
CVE-2013-5473
Severity:
High
Description:
Memory leak in Cisco IOS 12.2, 15.1, and 15.2; IOS XE 3.4.2S through 3.4.5S; and IOS XE 3.6.xS before 3.6.1S allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed IKEv1 packets, aka Bug ID CSCtx66011.
Applies to:
Created:
2013-09-27
Updated:
2017-11-10

ID:
CVE-2013-5474
Title:
Race condition in the IPv6 virtual fragmentation reassembly (VFR) implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.3 allows remote attackers to cause a denial of service (device reload or hang) via fragmented IPv6 packets, aka Bug...
Type:
Hardware
Bulletins:
CVE-2013-5474
Severity:
High
Description:
Race condition in the IPv6 virtual fragmentation reassembly (VFR) implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.3 allows remote attackers to cause a denial of service (device reload or hang) via fragmented IPv6 packets, aka Bug ID CSCud64812.
Applies to:
Created:
2013-09-27
Updated:
2017-11-10

ID:
CVE-2013-5475
Title:
Cisco IOS 12.2 through 12.4 and 15.0 through 15.3, and IOS XE 2.1 through 3.9, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets that are processed locally by a (1) server or (2) relay agent, aka Bug ID...
Type:
Hardware
Bulletins:
CVE-2013-5475
Severity:
High
Description:
Cisco IOS 12.2 through 12.4 and 15.0 through 15.3, and IOS XE 2.1 through 3.9, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets that are processed locally by a (1) server or (2) relay agent, aka Bug ID CSCug31561.
Applies to:
Created:
2013-09-27
Updated:
2017-11-10

ID:
CVE-2013-5476
Title:
The Zone-Based Firewall (ZFW) feature in Cisco IOS 15.1 through 15.2, when content filtering or HTTP ALG inspection is enabled, allows remote attackers to cause a denial of service (device reload or hang) via crafted IPv4 HTTP traffic, aka Bug ID...
Type:
Hardware
Bulletins:
CVE-2013-5476
Severity:
High
Description:
The Zone-Based Firewall (ZFW) feature in Cisco IOS 15.1 through 15.2, when content filtering or HTTP ALG inspection is enabled, allows remote attackers to cause a denial of service (device reload or hang) via crafted IPv4 HTTP traffic, aka Bug ID CSCtx56174.
Applies to:
Created:
2013-09-27
Updated:
2017-11-10

ID:
CVE-2013-5477
Title:
The T1/E1 driver-queue functionality in Cisco IOS 12.2 and 15.0 through 15.3, when an HDLC32 driver is used, allows remote attackers to cause a denial of service (interface queue wedge) via bursty network traffic, aka Bug ID CSCub67465.
Type:
Hardware
Bulletins:
CVE-2013-5477
Severity:
High
Description:
The T1/E1 driver-queue functionality in Cisco IOS 12.2 and 15.0 through 15.3, when an HDLC32 driver is used, allows remote attackers to cause a denial of service (interface queue wedge) via bursty network traffic, aka Bug ID CSCub67465.
Applies to:
Created:
2013-09-27
Updated:
2017-11-10

ID:
CVE-2013-5478
Title:
Cisco IOS 15.0 through 15.3 and IOS XE 3.2 through 3.8, when a VRF interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via crafted UDP RSVP packets, aka Bug ID CSCuf17023.
Type:
Hardware
Bulletins:
CVE-2013-5478
Severity:
High
Description:
Cisco IOS 15.0 through 15.3 and IOS XE 3.2 through 3.8, when a VRF interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via crafted UDP RSVP packets, aka Bug ID CSCuf17023.
Applies to:
Created:
2013-09-27
Updated:
2017-11-10

ID:
CVE-2013-5479
Title:
The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCtn53730.
Type:
Hardware
Bulletins:
CVE-2013-5479
Severity:
High
Description:
The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCtn53730.
Applies to:
Created:
2013-09-27
Updated:
2017-11-10

ID:
CVE-2013-5480
Title:
The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCuf28733.
Type:
Hardware
Bulletins:
CVE-2013-5480
Severity:
High
Description:
The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCuf28733.
Applies to:
Created:
2013-09-27
Updated:
2017-11-10

ID:
CVE-2013-5481
Title:
The PPTP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted TCP port-1723 packets, aka Bug ID CSCtq14817.
Type:
Hardware
Bulletins:
CVE-2013-5481
Severity:
High
Description:
The PPTP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted TCP port-1723 packets, aka Bug ID CSCtq14817.
Applies to:
Created:
2013-09-27
Updated:
2017-11-10

ID:
CVE-2013-5498
Title:
The PPTP-ALG component in CRS Carrier Grade Services Engine (CGSE) and ASR 9000 Integrated Service Module (ISM) in Cisco IOS XR allows remote attackers to cause a denial of service (module reset) via crafted packet streams, aka Bug ID CSCue91963.
Type:
Hardware
Bulletins:
CVE-2013-5498
SFBID62651
Severity:
Medium
Description:
The PPTP-ALG component in CRS Carrier Grade Services Engine (CGSE) and ASR 9000 Integrated Service Module (ISM) in Cisco IOS XR allows remote attackers to cause a denial of service (module reset) via crafted packet streams, aka Bug ID CSCue91963.
Applies to:
Created:
2013-09-27
Updated:
2017-11-10

ID:
CVE-2013-5160
Title:
Passcode Lock in Apple iOS before 7.0.2 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by making a series of taps of the emergency-call button...
Type:
Mobile Devices
Bulletins:
CVE-2013-5160
Severity:
Low
Description:
Passcode Lock in Apple iOS before 7.0.2 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by making a series of taps of the emergency-call button to trigger a NULL pointer dereference.
Applies to:
Created:
2013-09-27
Updated:
2017-11-10

ID:
CVE-2013-5161
Title:
Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened...
Type:
Mobile Devices
Bulletins:
CVE-2013-5161
Severity:
Medium
Description:
Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened apps, by leveraging unspecified transition errors.
Applies to:
Created:
2013-09-27
Updated:
2017-11-10

ID:
CVE-2011-2391
Title:
The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets.
Type:
Mobile Devices
Bulletins:
CVE-2011-2391
Severity:
Medium
Description:
The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets.
Applies to:
Created:
2013-09-19
Updated:
2017-11-10

ID:
CVE-2013-1121
Title:
The regex engine in the BGP implementation in Cisco NX-OS, when a complex regular expression is configured for inbound routes, allows remote attackers to cause a denial of service (device reload) via a crafted AS path set, aka Bug ID CSCuf49554.
Type:
Hardware
Bulletins:
CVE-2013-1121
Severity:
Medium
Description:
The regex engine in the BGP implementation in Cisco NX-OS, when a complex regular expression is configured for inbound routes, allows remote attackers to cause a denial of service (device reload) via a crafted AS path set, aka Bug ID CSCuf49554.
Applies to:
Created:
2013-09-19
Updated:
2017-11-10

ID:
CVE-2013-0957
Title:
Data Protection in Apple iOS before 7 allows attackers to bypass intended limits on incorrect passcode entry, and consequently avoid a configured Erase Data setting, by leveraging the presence of an app in the third-party sandbox.
Type:
Mobile Devices
Bulletins:
CVE-2013-0957
Severity:
Medium
Description:
Data Protection in Apple iOS before 7 allows attackers to bypass intended limits on incorrect passcode entry, and consequently avoid a configured Erase Data setting, by leveraging the presence of an app in the third-party sandbox.
Applies to:
Created:
2013-09-19
Updated:
2017-11-10

ID:
CVE-2013-1036
Title:
Safari in Apple iOS before 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
Type:
Mobile Devices
Bulletins:
CVE-2013-1036
Severity:
Medium
Description:
Safari in Apple iOS before 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
Applies to:
Created:
2013-09-19
Updated:
2017-11-10

ID:
CVE-2013-1037
Title:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2013-1037
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Applies to:
Created:
2013-09-19
Updated:
2017-11-10

ID:
CVE-2013-1038
Title:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2013-1038
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Applies to:
Created:
2013-09-19
Updated:
2017-11-10

ID:
CVE-2013-1039
Title:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2013-1039
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Applies to:
Created:
2013-09-19
Updated:
2017-11-10

ID:
CVE-2013-1040
Title:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2013-1040
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Applies to:
Created:
2013-09-19
Updated:
2017-11-10

ID:
CVE-2013-1041
Title:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2013-1041
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Applies to:
Created:
2013-09-19
Updated:
2017-11-10

ID:
CVE-2013-1042
Title:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2013-1042
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Applies to:
Created:
2013-09-19
Updated:
2017-11-10

ID:
CVE-2013-1043
Title:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2013-1043
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Applies to:
Created:
2013-09-19
Updated:
2017-11-10

ID:
CVE-2013-1044
Title:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2013-1044
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Applies to:
Created:
2013-09-19
Updated:
2017-11-10

ID:
CVE-2013-1045
Title:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2013-1045
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Applies to:
Created:
2013-09-19
Updated:
2017-11-10

ID:
CVE-2013-1046
Title:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2013-1046
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Applies to:
Created:
2013-09-19
Updated:
2017-11-10

ID:
CVE-2013-1047
Title:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2013-1047
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Applies to:
Created:
2013-09-19
Updated:
2017-11-10

ID:
CVE-2013-5125
Title:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2013-5125
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Applies to:
Created:
2013-09-19
Updated:
2017-11-10

ID:
CVE-2013-5126
Title:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2013-5126
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Applies to:
Created:
2013-09-19
Updated:
2017-11-10

ID:
CVE-2013-5127
Title:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2013-5127
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Applies to:
Created:
2013-09-19
Updated:
2017-11-10

ID:
CVE-2013-5128
Title:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2013-5128
Severity:
Medium
Description:
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Applies to:
Created:
2013-09-19
Updated:
2017-11-10

ID:
CVE-2013-5129
Title:
Multiple cross-site scripting (XSS) vulnerabilities in WebKit in Apple iOS before 7 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation.
Type:
Mobile Devices
Bulletins:
CVE-2013-5129
Severity:
Medium
Description:
Multiple cross-site scripting (XSS) vulnerabilities in WebKit in Apple iOS before 7 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation.
Applies to:
Created:
2013-09-19
Updated:
2017-11-10

ID:
CVE-2013-5131
Title:
Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Type:
Mobile Devices
Bulletins:
CVE-2013-5131
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Applies to:
Created:
2013-09-19
Updated:
2017-11-10

ID:
CVE-2013-5137
Title:
IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API.
Type:
Mobile Devices
Bulletins:
CVE-2013-5137
Severity:
Low
Description:
IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API.
Applies to:
Created:
2013-09-19
Updated:
2017-11-10

ID:
CVE-2013-5138
Title:
IOCatalogue in IOKitUser in Apple iOS before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted application.
Type:
Mobile Devices
Bulletins:
CVE-2013-5138
Severity:
Medium
Description:
IOCatalogue in IOKitUser in Apple iOS before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted application.
Applies to:
Created:
2013-09-19
Updated:
2017-11-10

ID:
CVE-2013-5139
Title:
The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds array access) via a crafted application.
Type:
Mobile Devices
Bulletins:
CVE-2013-5139
Severity:
High
Description:
The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds array access) via a crafted application.
Applies to:
Created:
2013-09-19
Updated:
2017-11-10

ID:
CVE-2013-5140
Title:
The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment.
Type:
Mobile Devices
Bulletins:
CVE-2013-5140
Severity:
High
Description:
The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment.
Applies to:
Created:
2013-09-19
Updated:
2017-11-10

ID:
CVE-2013-5141
Title:
The kernel in Apple iOS before 7 uses an incorrect data size for a certain integer variable, which allows attackers to cause a denial of service (infinite loop and device hang) via a crafted application, related to an "integer...
Type:
Mobile Devices
Bulletins:
CVE-2013-5141
Severity:
High
Description:
The kernel in Apple iOS before 7 uses an incorrect data size for a certain integer variable, which allows attackers to cause a denial of service (infinite loop and device hang) via a crafted application, related to an "integer truncation vulnerability."
Applies to:
Created:
2013-09-19
Updated:
2017-11-10

ID:
CVE-2013-5142
Title:
The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2) segctl API.
Type:
Mobile Devices
Bulletins:
CVE-2013-5142
Severity:
Medium
Description:
The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2) segctl API.
Applies to:
Created:
2013-09-19
Updated:
2017-11-10

ID:
CVE-2013-5145
Title:
kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message.
Type:
Mobile Devices
Bulletins:
CVE-2013-5145
Severity:
Medium
Description:
kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message.
Applies to:
Created:
2013-09-19
Updated:
2017-11-10

ID:
CVE-2013-5147
Title:
Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of...
Type:
Mobile Devices
Bulletins:
CVE-2013-5147
Severity:
Low
Description:
Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of a SIM card.
Applies to:
Created:
2013-09-19
Updated:
2017-11-10

ID:
CVE-2013-5149
Title:
The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that employs a crafted push-notification...
Type:
Mobile Devices
Bulletins:
CVE-2013-5149
Severity:
Medium
Description:
The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that employs a crafted push-notification registration process.
Applies to:
Created:
2013-09-19
Updated:
2017-11-10

ID:
CVE-2013-5150
Title:
The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation.
Type:
Mobile Devices
Bulletins:
CVE-2013-5150
Severity:
Low
Description:
The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation.
Applies to:
Created:
2013-09-19
Updated:
2017-11-10

ID:
CVE-2013-5151
Title:
Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file.
Type:
Mobile Devices
Bulletins:
CVE-2013-5151
Severity:
Medium
Description:
Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file.
Applies to:
Created:
2013-09-19
Updated:
2017-11-10

ID:
CVE-2013-5152
Title:
Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site.
Type:
Mobile Devices
Bulletins:
CVE-2013-5152
Severity:
Medium
Description:
Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site.
Applies to:
Created:
2013-09-19
Updated:
2017-11-10

ID:
CVE-2013-5153
Title:
Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors.
Type:
Mobile Devices
Bulletins:
CVE-2013-5153
Severity:
Low
Description:
Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors.
Applies to:
Created:
2013-09-19
Updated:
2017-11-10

ID:
CVE-2013-5154
Title:
The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a...
Type:
Mobile Devices
Bulletins:
CVE-2013-5154
Severity:
Medium
Description:
The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a crafted application.
Applies to:
Created:
2013-09-19
Updated:
2017-11-10

ID:
CVE-2013-5155
Title:
The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random.
Type:
Mobile Devices
Bulletins:
CVE-2013-5155
Severity:
High
Description:
The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random.
Applies to:
Created:
2013-09-19
Updated:
2017-11-10

ID:
CVE-2013-5156
Title:
The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct...
Type:
Mobile Devices
Bulletins:
CVE-2013-5156
Severity:
Medium
Description:
The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct requests to the daemon.
Applies to:
Created:
2013-09-19
Updated:
2017-11-10

ID:
CVE-2013-5157
Title:
The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests to the daemon.
Type:
Mobile Devices
Bulletins:
CVE-2013-5157
Severity:
Medium
Description:
The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests to the daemon.
Applies to:
Created:
2013-09-19
Updated:
2017-11-10

ID:
CVE-2013-5158
Title:
The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Twitter interaction via unspecified...
Type:
Mobile Devices
Bulletins:
CVE-2013-5158
Severity:
Low
Description:
The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Twitter interaction via unspecified vectors.
Applies to:
Created:
2013-09-19
Updated:
2017-11-10

ID:
CVE-2013-5159
Title:
WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element.
Type:
Mobile Devices
Bulletins:
CVE-2013-5159
Severity:
Medium
Description:
WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element.
Applies to:
Created:
2013-09-19
Updated:
2017-11-10

ID:
CVE-2013-1025
Title:
Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document.
Type:
Mobile Devices
Bulletins:
CVE-2013-1025
Severity:
Medium
Description:
Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document.
Applies to:
Created:
2013-09-16
Updated:
2017-11-10

ID:
CVE-2013-1026
Title:
Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document.
Type:
Mobile Devices
Bulletins:
CVE-2013-1026
Severity:
Medium
Description:
Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document.
Applies to:
Created:
2013-09-16
Updated:
2017-11-10

ID:
CVE-2013-1028
Title:
The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive...
Type:
Mobile Devices
Bulletins:
CVE-2013-1028
Severity:
Medium
Description:
The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive information via a crafted certificate.
Applies to:
Created:
2013-09-16
Updated:
2017-11-10

ID:
CVE-2013-5496
Title:
Open Network Environment Platform (ONEP) in Cisco NX-OS allows remote authenticated users to cause a denial of service (network-element reload) via a crafted packet, aka Bug ID CSCui51551.
Type:
Hardware
Bulletins:
CVE-2013-5496
Severity:
Medium
Description:
Open Network Environment Platform (ONEP) in Cisco NX-OS allows remote authenticated users to cause a denial of service (network-element reload) via a crafted packet, aka Bug ID CSCui51551.
Applies to:
Created:
2013-09-16
Updated:
2017-11-10

ID:
CVE-2013-5649
Title:
Multiple cross-site scripting (XSS) vulnerabilities in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.1 before 7.1r15, 7.2 before 7.2r11, 7.3 before 7.3r6, and 7.4 before 7.4r3 allow (1) remote attackers to inject arbitrary...
Type:
Hardware
Bulletins:
CVE-2013-5649
Severity:
Medium
Description:
Multiple cross-site scripting (XSS) vulnerabilities in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.1 before 7.1r15, 7.2 before 7.2r11, 7.3 before 7.3r6, and 7.4 before 7.4r3 allow (1) remote attackers to inject arbitrary web script or HTML via vectors involving login pages, and allow (2) remote authenticated users to inject arbitrary web script or HTML via vectors involving a support page.
Applies to:
Created:
2013-09-13
Updated:
2017-11-10

ID:
CVE-2013-3458
Title:
Cisco Adaptive Security Appliances (ASA) devices, when SMP is used, do not properly process X.509 certificates, which allows remote attackers to cause a denial of service (device crash) via a large volume of (1) SSL or (2) TLS traffic, aka Bug ID...
Type:
Hardware
Bulletins:
CVE-2013-3458
Severity:
High
Description:
Cisco Adaptive Security Appliances (ASA) devices, when SMP is used, do not properly process X.509 certificates, which allows remote attackers to cause a denial of service (device crash) via a large volume of (1) SSL or (2) TLS traffic, aka Bug ID CSCuh19462.
Applies to:
Created:
2013-09-07
Updated:
2017-11-10

ID:
CVE-2013-3474
Title:
The Web Administrator Interface on Cisco Wireless LAN Controller (WLC) devices allows remote authenticated users to cause a denial of service (device crash) by leveraging membership in the Full Manager managers group, Read Only managers group, or...
Type:
Hardware
Bulletins:
CVE-2013-3474
SFBID62084
Severity:
Medium
Description:
The Web Administrator Interface on Cisco Wireless LAN Controller (WLC) devices allows remote authenticated users to cause a denial of service (device crash) by leveraging membership in the Full Manager managers group, Read Only managers group, or Lobby Ambassador managers group, and sending a request that (1) lacks a parameter value or (2) contains a malformed parameter value, aka Bug IDs CSCuh14313, CSCuh14159, CSCuh14368, and CSCuh14436.
Applies to:
Created:
2013-08-30
Updated:
2017-11-10

ID:
CVE-2013-5469
Title:
The TCP implementation in Cisco IOS does not properly implement the transitions from the ESTABLISHED state to the CLOSED state, which allows remote attackers to cause a denial of service (flood of ACK packets) via a crafted series of ACK and FIN...
Type:
Hardware
Bulletins:
CVE-2013-5469
SFBID62083
Severity:
High
Description:
The TCP implementation in Cisco IOS does not properly implement the transitions from the ESTABLISHED state to the CLOSED state, which allows remote attackers to cause a denial of service (flood of ACK packets) via a crafted series of ACK and FIN packets, aka Bug ID CSCtz14399.
Applies to:
Created:
2013-08-30
Updated:
2017-11-10

ID:
CVE-2013-3463
Title:
The protocol-inspection feature on Cisco Adaptive Security Appliances (ASA) devices does not properly implement the idle timeout, which allows remote attackers to cause a denial of service (connection-table exhaustion) via crafted requests that use...
Type:
Hardware
Bulletins:
CVE-2013-3463
SFBID62068
Severity:
Medium
Description:
The protocol-inspection feature on Cisco Adaptive Security Appliances (ASA) devices does not properly implement the idle timeout, which allows remote attackers to cause a denial of service (connection-table exhaustion) via crafted requests that use an inspected protocol, aka Bug ID CSCuh13899.
Applies to:
Created:
2013-08-29
Updated:
2017-11-10

ID:
CVE-2013-3470
Title:
The RIP process in Cisco IOS XR allows remote attackers to cause a denial of service (process crash) via a crafted version-2 RIP packet, aka Bug ID CSCue46731.
Type:
Hardware
Bulletins:
CVE-2013-3470
SFBID62066
Severity:
Medium
Description:
The RIP process in Cisco IOS XR allows remote attackers to cause a denial of service (process crash) via a crafted version-2 RIP packet, aka Bug ID CSCue46731.
Applies to:
Created:
2013-08-29
Updated:
2017-11-10

ID:
CVE-2013-3472
Title:
Cross-site request forgery (CSRF) vulnerability in the Enterprise License Manager (ELM) in Cisco Unified Communications Manager (CM) allows remote attackers to hijack the authentication of arbitrary users for requests that make ELM modifications,...
Type:
Hardware
Bulletins:
CVE-2013-3472
Severity:
Medium
Description:
Cross-site request forgery (CSRF) vulnerability in the Enterprise License Manager (ELM) in Cisco Unified Communications Manager (CM) allows remote attackers to hijack the authentication of arbitrary users for requests that make ELM modifications, aka Bug ID CSCui58210.
Applies to:
Unified Communications Manager
Created:
2013-08-29
Updated:
2017-11-10

ID:
CVE-2013-3459
Title:
Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6a does not properly handle errors, which allows remote attackers to cause a denial of service (service disruption) via malformed registration messages, aka Bug ID CSCuf93466.
Type:
Hardware
Bulletins:
CVE-2013-3459
Severity:
High
Description:
Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6a does not properly handle errors, which allows remote attackers to cause a denial of service (service disruption) via malformed registration messages, aka Bug ID CSCuf93466.
Applies to:
Unified Communications Manager
Created:
2013-08-24
Updated:
2017-11-10

ID:
CVE-2013-3460
Title:
Memory leak in Cisco Unified Communications Manager (Unified CM) 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(1) allows remote attackers to cause a denial of service (service disruption) via a high rate of UDP packets, aka...
Type:
Hardware
Bulletins:
CVE-2013-3460
Severity:
High
Description:
Memory leak in Cisco Unified Communications Manager (Unified CM) 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(1) allows remote attackers to cause a denial of service (service disruption) via a high rate of UDP packets, aka Bug ID CSCub85597.
Applies to:
Unified Communications Manager
Created:
2013-08-24
Updated:
2017-11-10

ID:
CVE-2013-3461
Title:
Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption,...
Type:
Hardware
Bulletins:
CVE-2013-3461
Severity:
High
Description:
Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption, and service disruption) via a flood of UDP packets to port 5060, aka Bug ID CSCub35869.
Applies to:
Unified Communications Manager
Created:
2013-08-24
Updated:
2017-11-10

ID:
CVE-2013-3462
Title:
Buffer overflow in Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6, 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(2) allows remote authenticated users to execute arbitrary code via unspecified...
Type:
Hardware
Bulletins:
CVE-2013-3462
Severity:
High
Description:
Buffer overflow in Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6, 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(2) allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Bug ID CSCud54358.
Applies to:
Unified Communications Manager
Created:
2013-08-24
Updated:
2017-11-10

ID:
CVE-2013-3453
Title:
Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (memory and CPU consumption) by making many TCP...
Type:
Hardware
Bulletins:
CVE-2013-3453
Severity:
High
Description:
Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (memory and CPU consumption) by making many TCP connections to port (1) 5060 or (2) 5061, aka Bug ID CSCud84959.
Applies to:
Unified Communications Manager
Created:
2013-08-22
Updated:
2017-11-10

ID:
MITRE:18318
Title:
oval:org.mitre.oval:def:18318: Vulnerability in Active Directory Federation Services could allow information disclosure - MS13-066
Type:
Software
Bulletins:
MITRE:18318
CVE-2013-3185
Severity:
Low
Description:
Microsoft Active Directory Federation Services (AD FS) 1.x through 2.1 on Windows Server 2003 R2 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allows remote attackers to obtain sensitive information about the service account, and possibly conduct account-lockout attacks, by connecting to an endpoint, aka "AD FS Information Disclosure Vulnerability."
Applies to:
Microsoft Active Directory Federation Services
Created:
2013-08-19
Updated:
2015-08-10

ID:
CVE-2013-3464
Title:
Cisco IOS XR allows local users to cause a denial of service (Silicon Packet Processor memory corruption, improper mutex handling, and device reload) by starting an outbound flood of large ICMP Echo Request packets and stopping this with a CTRL-C...
Type:
Hardware
Bulletins:
CVE-2013-3464
Severity:
Medium
Description:
Cisco IOS XR allows local users to cause a denial of service (Silicon Packet Processor memory corruption, improper mutex handling, and device reload) by starting an outbound flood of large ICMP Echo Request packets and stopping this with a CTRL-C sequence, aka Bug ID CSCui60347.
Applies to:
Created:
2013-08-13
Updated:
2017-11-10

ID:
CVE-2013-4806
Title:
The OSPF implementation on HP JD9##A routers; HP J4###A, J484#B, J8###A, JD3##A, JE###A, and JF55#A switches; HP 3COM routers and switches; and HP H3C routers and switches does not consider the possibility of duplicate Link State ID values in Link...
Type:
Hardware
Bulletins:
CVE-2013-4806
Severity:
High
Description:
The OSPF implementation on HP JD9##A routers; HP J4###A, J484#B, J8###A, JD3##A, JE###A, and JF55#A switches; HP 3COM routers and switches; and HP H3C routers and switches does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote authenticated users to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.
Applies to:
...
3Com Router 3012
3Com Router 3013
3Com Router 5012
3Com Router 5232
3Com Router 5642
3Com Router 5682
3Com Switch 5500-SI 24-Port
3Com Switch 5500G-48P-SI
3Com Switch 5500G-EI 24-Port
3Com Switch 5500G-EI 48-Port
hh3c-s5600-26C
Created:
2013-08-12
Updated:
2017-11-10

ID:
CVE-2013-3454
Title:
Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices, has a default password for the pwrecovery account, which makes it easier for remote attackers to modify the...
Type:
Hardware
Bulletins:
CVE-2013-3454
Severity:
High
Description:
Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices, has a default password for the pwrecovery account, which makes it easier for remote attackers to modify the configuration or perform arbitrary actions via HTTPS requests, aka Bug ID CSCui43128.
Applies to:
Cisco TX 9000
Cisco TX 9200
Cisco TelePresence System 1300
Cisco TelePresence System 3000
Cisco TelePresence System 3010
Cisco TelePresence System 3200
Cisco TelePresence System 3210
Created:
2013-08-08
Updated:
2017-11-10

ID:
CVE-2013-3442
Title:
The web portal in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854.
Type:
Hardware
Bulletins:
CVE-2013-3442
Severity:
Medium
Description:
The web portal in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854.
Applies to:
Unified Communications Manager
Created:
2013-08-05
Updated:
2017-11-10

ID:
CVE-2013-3450
Title:
Cross-site request forgery (CSRF) vulnerability in the User WebDialer page in Cisco Unified Communications Manager (Unified CM) allows remote attackers to hijack the authentication of arbitrary users for requests that dial calls, aka Bug ID CSCui13028.
Type:
Hardware
Bulletins:
CVE-2013-3450
Severity:
Medium
Description:
Cross-site request forgery (CSRF) vulnerability in the User WebDialer page in Cisco Unified Communications Manager (Unified CM) allows remote attackers to hijack the authentication of arbitrary users for requests that dial calls, aka Bug ID CSCui13028.
Applies to:
Unified Communications Manager
Created:
2013-08-05
Updated:
2017-11-10

ID:
CVE-2013-3451
Title:
Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Unified Communications Manager (Unified CM) allow remote attackers to hijack the authentication of arbitrary users for requests that perform arbitrary Unified CM operations, aka Bug...
Type:
Hardware
Bulletins:
CVE-2013-3451
Severity:
Medium
Description:
Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Unified Communications Manager (Unified CM) allow remote attackers to hijack the authentication of arbitrary users for requests that perform arbitrary Unified CM operations, aka Bug ID CSCui13033.
Applies to:
Unified Communications Manager
Created:
2013-08-05
Updated:
2017-11-10

ID:
CVE-2012-5460
Title:
Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText...
Type:
Hardware
Bulletins:
CVE-2012-5460
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter.
Applies to:
Created:
2013-08-01
Updated:
2017-11-10

ID:
MITRE:16978
Title:
oval:org.mitre.oval:def:16978: Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a...
Type:
Software
Bulletins:
MITRE:16978
CVE-2007-1008
Severity:
Low
Description:
Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requires an attacker to perform DNS spoofing or man-in-the-middle attacks for exploitation.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17298
Title:
oval:org.mitre.oval:def:17298: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17298
CVE-2013-0996
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17144
Title:
oval:org.mitre.oval:def:17144: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17144
CVE-2012-3675
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:16826
Title:
oval:org.mitre.oval:def:16826: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:16826
CVE-2012-0631
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:16843
Title:
oval:org.mitre.oval:def:16843: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:16843
CVE-2011-0146
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17170
Title:
oval:org.mitre.oval:def:17170: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17170
CVE-2011-3235
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17488
Title:
oval:org.mitre.oval:def:17488: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17488
CVE-2012-0592
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17048
Title:
oval:org.mitre.oval:def:17048: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17048
CVE-2012-0617
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17297
Title:
oval:org.mitre.oval:def:17297: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17297
CVE-2011-2871
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:16788
Title:
oval:org.mitre.oval:def:16788: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:16788
CVE-2011-0126
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17302
Title:
oval:org.mitre.oval:def:17302: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17302
CVE-2012-0619
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17167
Title:
oval:org.mitre.oval:def:17167: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17167
CVE-2011-0135
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:16938
Title:
oval:org.mitre.oval:def:16938: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:16938
CVE-2011-0168
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17575
Title:
oval:org.mitre.oval:def:17575: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17575
CVE-2012-3672
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17427
Title:
oval:org.mitre.oval:def:17427: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17427
CVE-2012-0593
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17327
Title:
oval:org.mitre.oval:def:17327: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17327
CVE-2011-0118
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17246
Title:
oval:org.mitre.oval:def:17246: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17246
CVE-2012-3648
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17207
Title:
oval:org.mitre.oval:def:17207: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17207
CVE-2011-3237
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17572
Title:
oval:org.mitre.oval:def:17572: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17572
CVE-2013-1001
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17394
Title:
oval:org.mitre.oval:def:17394: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17394
CVE-2011-0128
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17299
Title:
oval:org.mitre.oval:def:17299: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17299
CVE-2011-0155
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17377
Title:
oval:org.mitre.oval:def:17377: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17377
CVE-2012-3708
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17326
Title:
oval:org.mitre.oval:def:17326: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17326
CVE-2011-2873
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17413
Title:
oval:org.mitre.oval:def:17413: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17413
CVE-2011-0143
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17466
Title:
oval:org.mitre.oval:def:17466: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17466
CVE-2013-0997
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:16919
Title:
oval:org.mitre.oval:def:16919: CoreFoundation, as used in Apple iTunes before 10.5, does not properly perform string tokenization, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash)...
Type:
Software
Bulletins:
MITRE:16919
CVE-2011-0259
Severity:
Low
Description:
CoreFoundation, as used in Apple iTunes before 10.5, does not properly perform string tokenization, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17359
Title:
oval:org.mitre.oval:def:17359: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17359
CVE-2013-1008
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17473
Title:
oval:org.mitre.oval:def:17473: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17473
CVE-2012-0613
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17357
Title:
oval:org.mitre.oval:def:17357: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17357
CVE-2012-3622
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17458
Title:
oval:org.mitre.oval:def:17458: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17458
CVE-2012-0628
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17483
Title:
oval:org.mitre.oval:def:17483: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17483
CVE-2011-3239
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17288
Title:
oval:org.mitre.oval:def:17288: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17288
CVE-2012-3699
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17272
Title:
oval:org.mitre.oval:def:17272: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17272
CVE-2012-3649
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17516
Title:
oval:org.mitre.oval:def:17516: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17516
CVE-2012-3647
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17372
Title:
oval:org.mitre.oval:def:17372: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17372
CVE-2011-0122
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17018
Title:
oval:org.mitre.oval:def:17018: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17018
CVE-2011-0123
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17220
Title:
oval:org.mitre.oval:def:17220: Use-after-free vulnerability in the setOuterText method in the htmlelement library in WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service...
Type:
Software
Bulletins:
MITRE:17220
CVE-2011-0116
Severity:
Low
Description:
Use-after-free vulnerability in the setOuterText method in the htmlelement library in WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to DOM manipulations during iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17530
Title:
oval:org.mitre.oval:def:17530: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17530
CVE-2012-3643
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17104
Title:
oval:org.mitre.oval:def:17104: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17104
CVE-2011-0142
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17486
Title:
oval:org.mitre.oval:def:17486: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17486
CVE-2012-0604
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17435
Title:
oval:org.mitre.oval:def:17435: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17435
CVE-2011-2868
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17621
Title:
oval:org.mitre.oval:def:17621: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17621
CVE-2013-0992
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17407
Title:
oval:org.mitre.oval:def:17407: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17407
CVE-2013-1011
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17237
Title:
oval:org.mitre.oval:def:17237: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17237
CVE-2012-3673
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17419
Title:
oval:org.mitre.oval:def:17419: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17419
CVE-2012-0629
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17336
Title:
oval:org.mitre.oval:def:17336: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17336
CVE-2012-3601
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17355
Title:
oval:org.mitre.oval:def:17355: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17355
CVE-2011-3244
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:16568
Title:
oval:org.mitre.oval:def:16568: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:16568
CVE-2011-0130
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17136
Title:
oval:org.mitre.oval:def:17136: Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning
Type:
Software
Bulletins:
MITRE:17136
CVE-2008-3434
Severity:
Low
Description:
Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17016
Title:
oval:org.mitre.oval:def:17016: Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist
Type:
Software
Bulletins:
MITRE:17016
CVE-2012-0677
Severity:
Low
Description:
Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:16780
Title:
oval:org.mitre.oval:def:16780: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:16780
CVE-2012-3660
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17081
Title:
oval:org.mitre.oval:def:17081: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17081
CVE-2012-3598
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17340
Title:
oval:org.mitre.oval:def:17340: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17340
CVE-2011-2356
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:16726
Title:
oval:org.mitre.oval:def:16726: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:16726
CVE-2012-0608
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17009
Title:
oval:org.mitre.oval:def:17009: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17009
CVE-2013-0993
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17559
Title:
oval:org.mitre.oval:def:17559: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17559
CVE-2012-3710
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17539
Title:
oval:org.mitre.oval:def:17539: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17539
CVE-2012-3712
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17212
Title:
oval:org.mitre.oval:def:17212: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17212
CVE-2011-3238
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:16756
Title:
oval:org.mitre.oval:def:16756: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:16756
CVE-2012-0614
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:16983
Title:
oval:org.mitre.oval:def:16983: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:16983
CVE-2012-3614
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17438
Title:
oval:org.mitre.oval:def:17438: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17438
CVE-2011-2872
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:16768
Title:
oval:org.mitre.oval:def:16768: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:16768
CVE-2012-3632
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17161
Title:
oval:org.mitre.oval:def:17161: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17161
CVE-2011-0129
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17247
Title:
oval:org.mitre.oval:def:17247: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17247
CVE-2011-0127
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17070
Title:
oval:org.mitre.oval:def:17070: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17070
CVE-2011-0113
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17384
Title:
oval:org.mitre.oval:def:17384: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17384
CVE-2012-3688
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:16488
Title:
oval:org.mitre.oval:def:16488: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:16488
CVE-2011-0147
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17138
Title:
oval:org.mitre.oval:def:17138: WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17138
CVE-2012-0638
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17367
Title:
oval:org.mitre.oval:def:17367: Heap-based buffer overflow in ImageIO in CoreGraphics in Apple iTunes before 10.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted International Color Consortium...
Type:
Software
Bulletins:
MITRE:17367
CVE-2011-0170
Severity:
Low
Description:
Heap-based buffer overflow in ImageIO in CoreGraphics in Apple iTunes before 10.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted International Color Consortium (ICC) profile in a JPEG image.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17123
Title:
oval:org.mitre.oval:def:17123: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17123
CVE-2013-1010
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17548
Title:
oval:org.mitre.oval:def:17548: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17548
CVE-2012-3687
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:16865
Title:
oval:org.mitre.oval:def:16865: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:16865
CVE-2011-2354
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:16941
Title:
oval:org.mitre.oval:def:16941: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:16941
CVE-2012-0594
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17168
Title:
oval:org.mitre.oval:def:17168: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17168
CVE-2012-0606
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17163
Title:
oval:org.mitre.oval:def:17163: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17163
CVE-2012-3651
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17400
Title:
oval:org.mitre.oval:def:17400: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17400
CVE-2013-0994
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:16994
Title:
oval:org.mitre.oval:def:16994: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:16994
CVE-2011-2867
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17605
Title:
oval:org.mitre.oval:def:17605: Apple iTunes before 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate
Type:
Software
Bulletins:
MITRE:17605
CVE-2013-1014
Severity:
Low
Description:
Apple iTunes before 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:16907
Title:
oval:org.mitre.oval:def:16907: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:16907
CVE-2013-0991
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17331
Title:
oval:org.mitre.oval:def:17331: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17331
CVE-2012-0616
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:16784
Title:
oval:org.mitre.oval:def:16784: Buffer overflow in CoreAudio, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Advanced Audio Coding (AAC) stream
Type:
Software
Bulletins:
MITRE:16784
CVE-2011-3252
Severity:
Low
Description:
Buffer overflow in CoreAudio, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Advanced Audio Coding (AAC) stream.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:16871
Title:
oval:org.mitre.oval:def:16871: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:16871
CVE-2011-0165
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17446
Title:
oval:org.mitre.oval:def:17446: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17446
CVE-2011-0139
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17250
Title:
oval:org.mitre.oval:def:17250: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17250
CVE-2011-0117
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17334
Title:
oval:org.mitre.oval:def:17334: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17334
CVE-2011-2870
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17397
Title:
oval:org.mitre.oval:def:17397: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17397
CVE-2011-0151
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17224
Title:
oval:org.mitre.oval:def:17224: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17224
CVE-2012-3613
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17068
Title:
oval:org.mitre.oval:def:17068: WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17068
CVE-2012-0636
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17445
Title:
oval:org.mitre.oval:def:17445: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17445
CVE-2012-3701
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17342
Title:
oval:org.mitre.oval:def:17342: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17342
CVE-2012-3677
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:16891
Title:
oval:org.mitre.oval:def:16891: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:16891
CVE-2012-3657
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17546
Title:
oval:org.mitre.oval:def:17546: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17546
CVE-2012-3705
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:16879
Title:
oval:org.mitre.oval:def:16879: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:16879
CVE-2012-0597
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17319
Title:
oval:org.mitre.oval:def:17319: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17319
CVE-2012-0624
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17092
Title:
oval:org.mitre.oval:def:17092: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17092
CVE-2011-0125
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17271
Title:
oval:org.mitre.oval:def:17271: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17271
CVE-2012-0620
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17203
Title:
oval:org.mitre.oval:def:17203: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17203
CVE-2011-3233
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17368
Title:
oval:org.mitre.oval:def:17368: WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17368
CVE-2011-2866
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17060
Title:
oval:org.mitre.oval:def:17060: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17060
CVE-2012-0605
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17464
Title:
oval:org.mitre.oval:def:17464: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17464
CVE-2012-0601
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17601
Title:
oval:org.mitre.oval:def:17601: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17601
CVE-2013-1005
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17072
Title:
oval:org.mitre.oval:def:17072: WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly access glyph data during layout actions for floating blocks associated with pseudo-elements, which allows man-in-the-middle attackers to execute arbitrary code or...
Type:
Software
Bulletins:
MITRE:17072
CVE-2011-0133
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly access glyph data during layout actions for floating blocks associated with pseudo-elements, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17156
Title:
oval:org.mitre.oval:def:17156: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17156
CVE-2012-0612
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17471
Title:
oval:org.mitre.oval:def:17471: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17471
CVE-2012-0600
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17507
Title:
oval:org.mitre.oval:def:17507: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17507
CVE-2012-3623
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:16980
Title:
oval:org.mitre.oval:def:16980: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:16980
CVE-2012-0633
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17475
Title:
oval:org.mitre.oval:def:17475: WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17475
CVE-2012-0648
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17317
Title:
oval:org.mitre.oval:def:17317: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17317
CVE-2011-2831
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17143
Title:
oval:org.mitre.oval:def:17143: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17143
CVE-2013-1006
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17094
Title:
oval:org.mitre.oval:def:17094: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17094
CVE-2011-0131
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17082
Title:
oval:org.mitre.oval:def:17082: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17082
CVE-2012-0630
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17241
Title:
oval:org.mitre.oval:def:17241: WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly parse HTML elements associated with document namespaces, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory...
Type:
Software
Bulletins:
MITRE:17241
CVE-2011-0149
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly parse HTML elements associated with document namespaces, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to a "dangling pointer" and iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17364
Title:
oval:org.mitre.oval:def:17364: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17364
CVE-2012-0625
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17308
Title:
oval:org.mitre.oval:def:17308: WebKit, as used in Apple iTunes before 10.2 on Windows and Apple iOS, does not properly implement the .sort function for JavaScript arrays, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service...
Type:
Software
Bulletins:
MITRE:17308
CVE-2011-0154
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows and Apple iOS, does not properly implement the .sort function for JavaScript arrays, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17366
Title:
oval:org.mitre.oval:def:17366: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17366
CVE-2012-0611
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17433
Title:
oval:org.mitre.oval:def:17433: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17433
CVE-2012-3702
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:16959
Title:
oval:org.mitre.oval:def:16959: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:16959
CVE-2011-0112
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17254
Title:
oval:org.mitre.oval:def:17254: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17254
CVE-2011-0119
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17269
Title:
oval:org.mitre.oval:def:17269: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17269
CVE-2012-3607
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17365
Title:
oval:org.mitre.oval:def:17365: WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17365
CVE-2012-0634
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17211
Title:
oval:org.mitre.oval:def:17211: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17211
CVE-2011-2820
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17604
Title:
oval:org.mitre.oval:def:17604: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17604
CVE-2013-1004
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17303
Title:
oval:org.mitre.oval:def:17303: Heap-based buffer overflow in Apple iTunes before 7.4 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted album cover art in the covr atom of an MP4/AAC file
Type:
Software
Bulletins:
MITRE:17303
CVE-2007-3752
Severity:
Low
Description:
Heap-based buffer overflow in Apple iTunes before 7.4 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted album cover art in the covr atom of an MP4/AAC file.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17152
Title:
oval:org.mitre.oval:def:17152: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17152
CVE-2012-0610
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17482
Title:
oval:org.mitre.oval:def:17482: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17482
CVE-2011-0164
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:16638
Title:
oval:org.mitre.oval:def:16638: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:16638
CVE-2012-3711
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17478
Title:
oval:org.mitre.oval:def:17478: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17478
CVE-2012-3703
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17469
Title:
oval:org.mitre.oval:def:17469: WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17469
CVE-2012-0637
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17158
Title:
oval:org.mitre.oval:def:17158: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17158
CVE-2012-0591
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17059
Title:
oval:org.mitre.oval:def:17059: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17059
CVE-2011-0134
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17263
Title:
oval:org.mitre.oval:def:17263: WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17263
CVE-2012-0639
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17264
Title:
oval:org.mitre.oval:def:17264: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17264
CVE-2012-3652
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17383
Title:
oval:org.mitre.oval:def:17383: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17383
CVE-2011-2814
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17582
Title:
oval:org.mitre.oval:def:17582: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17582
CVE-2012-3704
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17127
Title:
oval:org.mitre.oval:def:17127: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17127
CVE-2011-0145
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:16626
Title:
oval:org.mitre.oval:def:16626: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:16626
CVE-2012-3671
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:16974
Title:
oval:org.mitre.oval:def:16974: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:16974
CVE-2012-0596
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17370
Title:
oval:org.mitre.oval:def:17370: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17370
CVE-2011-2815
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17561
Title:
oval:org.mitre.oval:def:17561: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17561
CVE-2013-0995
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17393
Title:
oval:org.mitre.oval:def:17393: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17393
CVE-2012-3684
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17020
Title:
oval:org.mitre.oval:def:17020: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17020
CVE-2011-2339
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17441
Title:
oval:org.mitre.oval:def:17441: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17441
CVE-2013-1007
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17174
Title:
oval:org.mitre.oval:def:17174: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17174
CVE-2012-0607
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17518
Title:
oval:org.mitre.oval:def:17518: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17518
CVE-2012-3706
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17218
Title:
oval:org.mitre.oval:def:17218: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17218
CVE-2011-0153
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17312
Title:
oval:org.mitre.oval:def:17312: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17312
CVE-2011-0144
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17172
Title:
oval:org.mitre.oval:def:17172: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17172
CVE-2011-0111
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17444
Title:
oval:org.mitre.oval:def:17444: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17444
CVE-2011-2813
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17374
Title:
oval:org.mitre.oval:def:17374: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17374
CVE-2011-0121
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:16532
Title:
oval:org.mitre.oval:def:16532: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:16532
CVE-2012-3602
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17282
Title:
oval:org.mitre.oval:def:17282: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17282
CVE-2012-0622
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17184
Title:
oval:org.mitre.oval:def:17184: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17184
CVE-2012-3617
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17199
Title:
oval:org.mitre.oval:def:17199: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17199
CVE-2012-3616
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17276
Title:
oval:org.mitre.oval:def:17276: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17276
CVE-2011-2833
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:16714
Title:
oval:org.mitre.oval:def:16714: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:16714
CVE-2011-3236
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:16795
Title:
oval:org.mitre.oval:def:16795: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:16795
CVE-2011-2869
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:16678
Title:
oval:org.mitre.oval:def:16678: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:16678
CVE-2012-0632
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17467
Title:
oval:org.mitre.oval:def:17467: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17467
CVE-2012-3658
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17437
Title:
oval:org.mitre.oval:def:17437: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17437
CVE-2012-3612
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17057
Title:
oval:org.mitre.oval:def:17057: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17057
CVE-2012-0595
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17523
Title:
oval:org.mitre.oval:def:17523: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17523
CVE-2012-3621
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17128
Title:
oval:org.mitre.oval:def:17128: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17128
CVE-2012-0618
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17432
Title:
oval:org.mitre.oval:def:17432: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17432
CVE-2012-0621
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17401
Title:
oval:org.mitre.oval:def:17401: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17401
CVE-2011-3241
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17463
Title:
oval:org.mitre.oval:def:17463: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17463
CVE-2012-3692
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17339
Title:
oval:org.mitre.oval:def:17339: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17339
CVE-2011-0150
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:16986
Title:
oval:org.mitre.oval:def:16986: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:16986
CVE-2012-3700
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:16730
Title:
oval:org.mitre.oval:def:16730: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:16730
CVE-2011-0141
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17524
Title:
oval:org.mitre.oval:def:17524: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17524
CVE-2012-3685
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:16588
Title:
oval:org.mitre.oval:def:16588: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:16588
CVE-2012-3624
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17481
Title:
oval:org.mitre.oval:def:17481: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17481
CVE-2012-3709
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17352
Title:
oval:org.mitre.oval:def:17352: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17352
CVE-2012-3676
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17084
Title:
oval:org.mitre.oval:def:17084: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17084
CVE-2011-2341
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17228
Title:
oval:org.mitre.oval:def:17228: Buffer overflow in CoreMedia, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding
Type:
Software
Bulletins:
MITRE:17228
CVE-2011-3219
Severity:
Low
Description:
Buffer overflow in CoreMedia, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17375
Title:
oval:org.mitre.oval:def:17375: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17375
CVE-2012-0598
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17387
Title:
oval:org.mitre.oval:def:17387: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17387
CVE-2012-0603
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17187
Title:
oval:org.mitre.oval:def:17187: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17187
CVE-2013-1002
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17099
Title:
oval:org.mitre.oval:def:17099: Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an itms: URL with a long URL component after a colon
Type:
Software
Bulletins:
MITRE:17099
CVE-2009-0950
Severity:
Low
Description:
Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an itms: URL with a long URL component after a colon.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17434
Title:
oval:org.mitre.oval:def:17434: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17434
CVE-2012-0609
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:16903
Title:
oval:org.mitre.oval:def:16903: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:16903
CVE-2011-0114
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:16724
Title:
oval:org.mitre.oval:def:16724: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:16724
CVE-2011-2809
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17429
Title:
oval:org.mitre.oval:def:17429: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17429
CVE-2012-0627
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17562
Title:
oval:org.mitre.oval:def:17562: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17562
CVE-2012-3659
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17222
Title:
oval:org.mitre.oval:def:17222: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17222
CVE-2011-0136
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17191
Title:
oval:org.mitre.oval:def:17191: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17191
CVE-2011-0156
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17252
Title:
oval:org.mitre.oval:def:17252: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17252
CVE-2013-1003
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:16874
Title:
oval:org.mitre.oval:def:16874: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:16874
CVE-2012-3606
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17204
Title:
oval:org.mitre.oval:def:17204: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17204
CVE-2012-0599
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17287
Title:
oval:org.mitre.oval:def:17287: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17287
CVE-2012-0602
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17373
Title:
oval:org.mitre.oval:def:17373: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17373
CVE-2011-0120
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17169
Title:
oval:org.mitre.oval:def:17169: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17169
CVE-2012-0635
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:16916
Title:
oval:org.mitre.oval:def:16916: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:16916
CVE-2011-0148
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:16762
Title:
oval:org.mitre.oval:def:16762: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:16762
CVE-2013-0999
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17064
Title:
oval:org.mitre.oval:def:17064: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17064
CVE-2012-3707
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17378
Title:
oval:org.mitre.oval:def:17378: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17378
CVE-2011-0140
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17208
Title:
oval:org.mitre.oval:def:17208: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17208
CVE-2011-2817
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17304
Title:
oval:org.mitre.oval:def:17304: Buffer overflow in Apple iTunes before 4.8 allows remote attackers to execute arbitrary code via a crafted MPEG4 file
Type:
Software
Bulletins:
MITRE:17304
CVE-2005-1248
Severity:
Low
Description:
Buffer overflow in Apple iTunes before 4.8 allows remote attackers to execute arbitrary code via a crafted MPEG4 file.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:16457
Title:
oval:org.mitre.oval:def:16457: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:16457
CVE-2011-0137
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17431
Title:
oval:org.mitre.oval:def:17431: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17431
CVE-2012-0623
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:16862
Title:
oval:org.mitre.oval:def:16862: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:16862
CVE-2012-0626
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17544
Title:
oval:org.mitre.oval:def:17544: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit...
Type:
Software
Bulletins:
MITRE:17544
CVE-2012-3654
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17133
Title:
oval:org.mitre.oval:def:17133: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17133
CVE-2011-2352
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17362
Title:
oval:org.mitre.oval:def:17362: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17362
CVE-2011-2338
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17076
Title:
oval:org.mitre.oval:def:17076: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17076
CVE-2011-2816
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17051
Title:
oval:org.mitre.oval:def:17051: WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17051
CVE-2011-2811
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17396
Title:
oval:org.mitre.oval:def:17396: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17396
CVE-2013-1000
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17185
Title:
oval:org.mitre.oval:def:17185: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability...
Type:
Software
Bulletins:
MITRE:17185
CVE-2012-0615
Severity:
Low
Description:
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17280
Title:
oval:org.mitre.oval:def:17280: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17280
CVE-2011-0124
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17300
Title:
oval:org.mitre.oval:def:17300: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Software
Bulletins:
MITRE:17300
CVE-2013-0998
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
MITRE:17452
Title:
oval:org.mitre.oval:def:17452: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a...
Type:
Software
Bulletins:
MITRE:17452
CVE-2011-0138
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2013-07-30
Updated:
2015-06-22

ID:
CVE-2013-3414
Title:
Cross-site scripting (XSS) vulnerability in the WebVPN portal login page on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCug83080.
Type:
Hardware
Bulletins:
CVE-2013-3414
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in the WebVPN portal login page on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCug83080.
Applies to:
Created:
2013-07-25
Updated:
2017-11-10

ID:
CVE-2013-3436
Title:
The default configuration of the Group Encrypted Transport VPN (GET VPN) feature on Cisco IOS uses an improper mechanism for enabling Group Domain of Interpretation (GDOI) traffic flow, which allows remote attackers to bypass the encryption policy...
Type:
Hardware
Bulletins:
CVE-2013-3436
Severity:
Medium
Description:
The default configuration of the Group Encrypted Transport VPN (GET VPN) feature on Cisco IOS uses an improper mechanism for enabling Group Domain of Interpretation (GDOI) traffic flow, which allows remote attackers to bypass the encryption policy via certain uses of UDP port 848, aka Bug ID CSCui07698.
Applies to:
Created:
2013-07-19
Updated:
2017-11-10

ID:
CVE-2013-3402
Title:
An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440.
Type:
Hardware
Bulletins:
CVE-2013-3402
Severity:
Medium
Description:
An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440.
Applies to:
Unified Communications Manager
Created:
2013-07-18
Updated:
2017-11-10

ID:
CVE-2013-3403
Title:
Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allow local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged...
Type:
Hardware
Bulletins:
CVE-2013-3403
Severity:
Medium
Description:
Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allow local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCuh73454.
Applies to:
Unified Communications Manager
Created:
2013-07-18
Updated:
2017-11-10

ID:
CVE-2013-3404
Title:
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging...
Type:
Hardware
Bulletins:
CVE-2013-3404
Severity:
High
Description:
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051.
Applies to:
Unified Communications Manager
Created:
2013-07-18
Updated:
2017-11-10

ID:
CVE-2013-3412
Title:
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuh81766.
Type:
Hardware
Bulletins:
CVE-2013-3412
Severity:
Medium
Description:
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuh81766.
Applies to:
Unified Communications Manager
Created:
2013-07-18
Updated:
2017-11-10

ID:
CVE-2013-3433
Title:
Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka...
Type:
Hardware
Bulletins:
CVE-2013-3433
Severity:
Medium
Description:
Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02276.
Applies to:
Unified Communications Manager
Created:
2013-07-18
Updated:
2017-11-10

ID:
CVE-2013-3434
Title:
Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka...
Type:
Hardware
Bulletins:
CVE-2013-3434
Severity:
Medium
Description:
Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02242.
Applies to:
Unified Communications Manager
Created:
2013-07-18
Updated:
2017-11-10

ID:
MITRE:17341
Title:
oval:org.mitre.oval:def:17341: TrueType Font Parsing Vulnerability
Type:
Software
Bulletins:
MITRE:17341
CVE-2013-3129
Severity:
Low
Description:
Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight 5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and GDI+, DirectWrite, and Journal, in Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT; GDI+ in Office 2003 SP3, 2007 SP3, and 2010 SP1; GDI+ in Visual Studio .NET 2003 SP1; and GDI+ in Lync 2010, 2010 Attendee, 2013, and Basic 2013 allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."
Applies to:
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.0
Microsoft .NET Framework 4.5
Microsoft Office 2003
Microsoft Office 2007
Microsoft Office 2010
Microsoft Silverlight 5
Created:
2013-07-15
Updated:
2015-02-23

ID:
MITRE:16998
Title:
oval:org.mitre.oval:def:16998: WMV Video Decoder remote code execution vulnerability - MS13-057
Type:
Miscellaneous
Bulletins:
MITRE:16998
CVE-2013-3127
Severity:
Low
Description:
The Microsoft WMV video codec in wmv9vcm.dll, wmvdmod.dll in Windows Media Format Runtime 9 and 9.5, and wmvdecod.dll in Windows Media Format Runtime 11 and Windows Media Player 11 and 12 allows remote attackers to execute arbitrary code via a crafted media file, aka "WMV Video Decoder Remote Code Execution Vulnerability."
Applies to:
Windows Media Format Runtime 11
Windows Media Format Runtime 9.0
Windows Media Format Runtime 9.5
Windows Media Player 12
Created:
2013-07-12
Updated:
2015-08-10

ID:
MITRE:17253
Title:
oval:org.mitre.oval:def:17253: Microsoft Windows Defender Improper Pathname Vulnerability - MS13-058
Type:
Software
Bulletins:
MITRE:17253
CVE-2013-3154
Severity:
Low
Description:
The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory, aka "Microsoft Windows 7 Defender Improper Pathname Vulnerability."
Applies to:
Created:
2013-07-11
Updated:
2015-08-17

ID:
CVE-2013-4684
Title:
flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R8, 12.1 before 12.1R7, and 12.1X44 before 12.1X44-D15 on SRX devices, when PIM and NAT are enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted PIM...
Type:
Hardware
Bulletins:
CVE-2013-4684
SFBID61127
Severity:
High
Description:
flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R8, 12.1 before 12.1R7, and 12.1X44 before 12.1X44-D15 on SRX devices, when PIM and NAT are enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted PIM packets, aka PR 842253.
Applies to:
Juniper SRX100
Juniper SRX110
Juniper SRX1400
Juniper SRX210
Juniper SRX220
Juniper SRX240
Juniper SRX3400
Juniper SRX3600
Juniper SRX550
Juniper SRX5600
Juniper SRX5800
Juniper SRX650
Created:
2013-07-11
Updated:
2017-11-10

ID:
CVE-2013-4685
Title:
Buffer overflow in flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7, 12.1 before 12.1R6, and 12.1X44 before 12.1X44-D15 on SRX devices, when Captive Portal is enabled with the UAC enforcer role, allows remote attackers to execute...
Type:
Hardware
Bulletins:
CVE-2013-4685
SFBID61125
Severity:
High
Description:
Buffer overflow in flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7, 12.1 before 12.1R6, and 12.1X44 before 12.1X44-D15 on SRX devices, when Captive Portal is enabled with the UAC enforcer role, allows remote attackers to execute arbitrary code via crafted HTTP requests, aka PR 849100.
Applies to:
Juniper SRX100
Juniper SRX110
Juniper SRX1400
Juniper SRX210
Juniper SRX220
Juniper SRX240
Juniper SRX3400
Juniper SRX3600
Juniper SRX550
Juniper SRX5600
Juniper SRX5800
Juniper SRX650
Created:
2013-07-11
Updated:
2017-11-10

ID:
CVE-2013-4686
Title:
The kernel in Juniper Junos 10.4 before 10.4R14, 11.4 before 11.4R8, 11.4X27 before 11.4X27.43, 12.1 before 12.1R6, 12.1X44 before 12.1X44-D20, 12.2 before 12.2R4, and 12.3 before 12.3R2, in certain VLAN configurations with unrestricted arp-resp and...
Type:
Hardware
Bulletins:
CVE-2013-4686
SFBID61126
Severity:
High
Description:
The kernel in Juniper Junos 10.4 before 10.4R14, 11.4 before 11.4R8, 11.4X27 before 11.4X27.43, 12.1 before 12.1R6, 12.1X44 before 12.1X44-D20, 12.2 before 12.2R4, and 12.3 before 12.3R2, in certain VLAN configurations with unrestricted arp-resp and proxy-arp settings, allows remote attackers to cause a denial of service (device crash) via a crafted ARP request, aka PR 842091.
Applies to:
Created:
2013-07-11
Updated:
2017-11-10

ID:
CVE-2013-4687
Title:
flowd in Juniper Junos 10.4 before 10.4S14, 11.2 and 11.4 before 11.4R6-S2, and 12.1 before 12.1R6 on SRX devices, when certain Application Layer Gateways (ALGs) are enabled, allows remote attackers to cause a denial of service (daemon crash) via...
Type:
Hardware
Bulletins:
CVE-2013-4687
SFBID61122
Severity:
High
Description:
flowd in Juniper Junos 10.4 before 10.4S14, 11.2 and 11.4 before 11.4R6-S2, and 12.1 before 12.1R6 on SRX devices, when certain Application Layer Gateways (ALGs) are enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted TCP packets, aka PRs 727980, 806269, and 835593.
Applies to:
Juniper SRX100
Juniper SRX110
Juniper SRX1400
Juniper SRX210
Juniper SRX220
Juniper SRX240
Juniper SRX3400
Juniper SRX3600
Juniper SRX550
Juniper SRX5600
Juniper SRX5800
Juniper SRX650
Created:
2013-07-11
Updated:
2017-11-10

ID:
CVE-2013-4688
Title:
flowd in Juniper Junos 10.4 before 10.4R11 on SRX devices, when the MSRPC Application Layer Gateway (ALG) is enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted MSRPC requests, aka PR 772834.
Type:
Hardware
Bulletins:
CVE-2013-4688
SFBID61124
Severity:
High
Description:
flowd in Juniper Junos 10.4 before 10.4R11 on SRX devices, when the MSRPC Application Layer Gateway (ALG) is enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted MSRPC requests, aka PR 772834.
Applies to:
Juniper SRX100
Juniper SRX110
Juniper SRX1400
Juniper SRX210
Juniper SRX220
Juniper SRX240
Juniper SRX3400
Juniper SRX3600
Juniper SRX550
Juniper SRX5600
Juniper SRX5800
Juniper SRX650
Created:
2013-07-11
Updated:
2017-11-10

ID:
CVE-2013-4690
Title:
Juniper Junos 10.4 before 10.4S13, 11.4 before 11.4R7-S1, 12.1 before 12.1R5-S3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on the SRX1400, SRX3400, and SRX3600 does not properly initialize memory locations used during padding of...
Type:
Hardware
Bulletins:
CVE-2013-4690
SFBID61123
Severity:
Medium
Description:
Juniper Junos 10.4 before 10.4S13, 11.4 before 11.4R7-S1, 12.1 before 12.1R5-S3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on the SRX1400, SRX3400, and SRX3600 does not properly initialize memory locations used during padding of Ethernet packets, which allows remote attackers to obtain sensitive information by reading packet data, aka PR 829536, a related issue to CVE-2003-0001.
Applies to:
Juniper SRX1400
Juniper SRX3400
Juniper SRX3600
Created:
2013-07-11
Updated:
2017-11-10

ID:
CVE-2013-3400
Title:
The license-installation module in Cisco NX-OS on Nexus 1000V devices allows local users to execute arbitrary commands via crafted "install license" arguments, aka Bug ID CSCuh30824.
Type:
Hardware
Bulletins:
CVE-2013-3400
Severity:
Medium
Description:
The license-installation module in Cisco NX-OS on Nexus 1000V devices allows local users to execute arbitrary commands via crafted "install license" arguments, aka Bug ID CSCuh30824.
Applies to:
Cisco Nexus 1000V VSM
Created:
2013-07-10
Updated:
2017-11-10

ID:
CVE-2013-4787
Title:
Android 1.6 Donut through 4.2 Jelly Bean does not properly check cryptographic signatures for applications, which allows attackers to execute arbitrary code via an application package file (APK) that is modified in a way that does...
Type:
Mobile Devices
Bulletins:
CVE-2013-4787
SFBID60952
Severity:
High
Description:
Android 1.6 Donut through 4.2 Jelly Bean does not properly check cryptographic signatures for applications, which allows attackers to execute arbitrary code via an application package file (APK) that is modified in a way that does not violate the cryptographic signature, probably involving multiple entries in a Zip file with the same name in which one entry is validated but the other entry is installed, aka Android security bug 8219321 and the "Master Key" vulnerability.
Applies to:
Created:
2013-07-09
Updated:
2017-11-10

ID:
CVE-2013-2341
Title:
Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and switches allows remote authenticated users to...
Type:
Hardware
Bulletins:
CVE-2013-2341
Severity:
High
Description:
Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and switches allows remote authenticated users to execute arbitrary code or obtain sensitive information via unknown vectors.
Applies to:
3Com Router 3012
3Com Router 3013
3Com Router 3016
3Com Router 3036
3Com Router 3040
3Com Router 3041
3Com Router 5009
3Com Router 5012
3Com Router 5231
3Com Router 5232
3Com Router 5640
3Com Router 5642
3Com Router...
Created:
2013-07-06
Updated:
2017-11-10

ID:
CVE-2013-2340
Title:
Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and switches allows remote attackers to execute...
Type:
Hardware
Bulletins:
CVE-2013-2340
Severity:
High
Description:
Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and switches allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors.
Applies to:
3Com Router 3012
3Com Router 3013
3Com Router 3016
3Com Router 3036
3Com Router 3040
3Com Router 3041
3Com Router 5009
3Com Router 5012
3Com Router 5231
3Com Router 5232
3Com Router 5640
3Com Router 5642
3Com Router...
Created:
2013-07-06
Updated:
2017-11-10

ID:
CVE-2013-3382
Title:
The Next-Generation Firewall (aka NGFW, formerly CX Context-Aware Security) module 9.x before 9.1.1.9 and 9.1.2.x before 9.1.2.12 for Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (device...
Type:
Hardware
Bulletins:
CVE-2013-3382
Severity:
High
Description:
The Next-Generation Firewall (aka NGFW, formerly CX Context-Aware Security) module 9.x before 9.1.1.9 and 9.1.2.x before 9.1.2.12 for Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (device reload or traffic-processing outage) via fragmented (1) IPv4 or (2) IPv6 traffic, aka Bug ID CSCue88387.
Applies to:
Created:
2013-06-26
Updated:
2017-11-10

ID:
CVE-2013-3397
Title:
Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability component in Cisco Unified Communications Manager (CUCM) allows remote attackers to hijack the authentication of arbitrary users for requests that perform Unified...
Type:
Hardware
Bulletins:
CVE-2013-3397
Severity:
Medium
Description:
Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability component in Cisco Unified Communications Manager (CUCM) allows remote attackers to hijack the authentication of arbitrary users for requests that perform Unified Serviceability actions, aka Bug ID CSCuh10298.
Applies to:
Unified Communications Manager
Created:
2013-06-26
Updated:
2017-11-10

ID:
CVE-2013-3377
Title:
Cisco TelePresence TC Software before 5.1.7 and TE Software before 4.1.3 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCue01743.
Type:
Hardware
Bulletins:
CVE-2013-3377
Severity:
High
Description:
Cisco TelePresence TC Software before 5.1.7 and TE Software before 4.1.3 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCue01743.
Applies to:
Cisco Codec C40
Cisco Codec C60
Cisco Codec C90
Cisco Codec EX60
Cisco Codec EX90
Created:
2013-06-21
Updated:
2017-11-10

ID:
MITRE:17149
Title:
oval:org.mitre.oval:def:17149: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:17149
CVE-2013-2463
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image attribute verification" in 2D.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
MITRE:17069
Title:
oval:org.mitre.oval:def:17069: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to...
Type:
Software
Bulletins:
MITRE:17069
CVE-2013-2458
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via "an error related to method handles."
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
MITRE:17192
Title:
oval:org.mitre.oval:def:17192: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
Type:
Software
Bulletins:
MITRE:17192
CVE-2013-2449
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to GnomeFileTypeDetector and a missing check for read permissions for a path.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
MITRE:16806
Title:
oval:org.mitre.oval:def:16806: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:16806
CVE-2013-2470
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "ImagingLib byte lookup processing."
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
MITRE:17294
Title:
oval:org.mitre.oval:def:17294: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:17294
CVE-2013-2456
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper access checks for subclasses in the ObjectOutputStream class.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
MITRE:17116
Title:
oval:org.mitre.oval:def:17116: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown...
Type:
Software
Bulletins:
MITRE:17116
CVE-2013-2460
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "insufficient access checks" in the tracing component.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
MITRE:16617
Title:
oval:org.mitre.oval:def:16617: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality via unknown vectors...
Type:
Software
Bulletins:
MITRE:16617
CVE-2013-2437
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
MITRE:16545
Title:
oval:org.mitre.oval:def:16545: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect integrity via vectors related to...
Type:
Software
Bulletins:
MITRE:16545
CVE-2013-2453
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to a missing check for "package access" by the MBeanServer Introspector.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
MITRE:17265
Title:
oval:org.mitre.oval:def:17265: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows local users to affect confidentiality, integrity, and...
Type:
Software
Bulletins:
MITRE:17265
CVE-2013-2451
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper enforcement of exclusive port binds when running on Windows, which allows attackers to bind to ports that are already in use.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
MITRE:17189
Title:
oval:org.mitre.oval:def:17189: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:17189
CVE-2013-2473
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ByteBandedRaster size checks" in 2D.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
MITRE:17230
Title:
oval:org.mitre.oval:def:17230: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:17230
CVE-2013-2443
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2452 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect "checking order" within the AccessControlContext class.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
MITRE:17052
Title:
oval:org.mitre.oval:def:17052: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:17052
CVE-2013-2448
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to insufficient "access restrictions" and "robustness of sound classes."
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
MITRE:17195
Title:
oval:org.mitre.oval:def:17195: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality and availability...
Type:
Software
Bulletins:
MITRE:17195
CVE-2013-2407
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "XML security and the class loader."
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
MITRE:17257
Title:
oval:org.mitre.oval:def:17257: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown...
Type:
Software
Bulletins:
MITRE:17257
CVE-2013-2462
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
MITRE:17202
Title:
oval:org.mitre.oval:def:17202: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 45 and earlier and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and...
Type:
Software
Bulletins:
MITRE:17202
CVE-2013-3743
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 45 and earlier and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
MITRE:17176
Title:
oval:org.mitre.oval:def:17176: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:17176
CVE-2013-2450
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper handling of circular references in ObjectStreamClass.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
MITRE:17221
Title:
oval:org.mitre.oval:def:17221: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows local users to affect...
Type:
Software
Bulletins:
MITRE:17221
CVE-2013-1500
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality and integrity via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to weak permissions for shared memory.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
MITRE:17090
Title:
oval:org.mitre.oval:def:17090: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:17090
CVE-2013-2445
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vectors related to Hotspot. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "handling of memory allocation errors."
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
MITRE:17206
Title:
oval:org.mitre.oval:def:17206: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and...
Type:
Software
Bulletins:
MITRE:17206
CVE-2013-2468
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2442 and CVE-2013-2466.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
MITRE:17214
Title:
oval:org.mitre.oval:def:17214: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:17214
CVE-2013-2455
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and CVE-2013-2452. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect access checks by the (1) getEnclosingClass, (2) getEnclosingMethod, and (3) getEnclosingConstructor methods.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
MITRE:16389
Title:
oval:org.mitre.oval:def:16389: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:16389
CVE-2013-2464
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2463, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, and CVE-2013-2473.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
MITRE:16982
Title:
oval:org.mitre.oval:def:16982: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and...
Type:
Software
Bulletins:
MITRE:16982
CVE-2013-2466
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2442 and CVE-2013-2468.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
MITRE:16580
Title:
oval:org.mitre.oval:def:16580: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:16580
CVE-2013-2452
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "network address handling in virtual machine identifiers" and the lack of "unique and unpredictable IDs" in the java.rmi.dgc.VMID class.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
MITRE:16770
Title:
oval:org.mitre.oval:def:16770: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:16770
CVE-2013-2447
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to obtain a socket's local address via vectors involving inconsistencies between Socket.getLocalAddress and InetAddress.getLocalHost.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
MITRE:16840
Title:
oval:org.mitre.oval:def:16840: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:16840
CVE-2013-2471
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect IntegerComponentRaster size checks."
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
MITRE:17106
Title:
oval:org.mitre.oval:def:17106: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:17106
CVE-2013-2465
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
MITRE:17181
Title:
oval:org.mitre.oval:def:17181: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:17181
CVE-2013-2459
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "integer overflow checks."
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
MITRE:16712
Title:
oval:org.mitre.oval:def:16712: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:16712
CVE-2013-2472
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ShortBandedRaster size checks" in 2D.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
MITRE:17256
Title:
oval:org.mitre.oval:def:17256: Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect integrity...
Type:
Software
Bulletins:
MITRE:17256
CVE-2013-2457
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect implementation of "certain class checks" that allows remote attackers to bypass intended class restrictions.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
MITRE:17098
Title:
oval:org.mitre.oval:def:17098: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality via unknown vectors...
Type:
Software
Bulletins:
MITRE:17098
CVE-2013-2412
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serviceability. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient indication of an SSL connection failure by JConsole, related to RMI connection dialog box.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
MITRE:17014
Title:
oval:org.mitre.oval:def:17014: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 5.0 Update 45 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors...
Type:
Software
Bulletins:
MITRE:17014
CVE-2013-2467
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 5.0 Update 45 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Java installer.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
MITRE:16899
Title:
oval:org.mitre.oval:def:16899: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.
Type:
Software
Bulletins:
MITRE:16899
CVE-2013-2400
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-3744.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
MITRE:16311
Title:
oval:org.mitre.oval:def:16311: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:16311
CVE-2013-2446
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via vectors related to CORBA. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly enforce access restrictions for CORBA output streams.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
MITRE:17180
Title:
oval:org.mitre.oval:def:17180: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.
Type:
Software
Bulletins:
MITRE:17180
CVE-2013-3744
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2400.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
MITRE:16803
Title:
oval:org.mitre.oval:def:16803: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and...
Type:
Software
Bulletins:
MITRE:16803
CVE-2013-2442
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2466 and CVE-2013-2468.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
MITRE:16887
Title:
oval:org.mitre.oval:def:16887: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and...
Type:
Software
Bulletins:
MITRE:16887
CVE-2013-2461
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June and July 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass verification of XML signatures via vectors related to a "Missing check for [a] valid DOMCanonicalizationMethod canonicalization algorithm."
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
MITRE:17236
Title:
oval:org.mitre.oval:def:17236: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:17236
CVE-2013-2454
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via vectors related to JDBC. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly restrict access to certain class packages in the SerialJavaObject class, which allows remote attackers to bypass the Java sandbox.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
MITRE:17042
Title:
oval:org.mitre.oval:def:17042: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:17042
CVE-2013-2469
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image layout verification" in 2D.
Applies to:
Java Runtime Environment
Created:
2013-06-19
Updated:
2015-03-23

ID:
MITRE:17030
Title:
oval:org.mitre.oval:def:17030: Adobe Flash Player before 10.3.183.90 and 11.x before 11.7.700.224 on Windows; Adobe AIR before 3.7.0.2090 on Windows; and Adobe AIR SDK and Compiler before 3.7.0.2090 on Windows allow attackers to execute arbitrary code or cause a...
Type:
Web
Bulletins:
MITRE:17030
CVE-2013-3343
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.90 and 11.x before 11.7.700.224 on Windows, before 10.3.183.90 and 11.x before 11.7.700.225 on Mac OS X, before 10.3.183.90 and 11.x before 11.2.202.291 on Linux, before 11.1.111.59 on Android 2.x and 3.x, and before 11.1.115.63 on Android 4.x; Adobe AIR before 3.7.0.2090 on Windows and Android and before 3.7.0.2100 on Mac OS X; and Adobe AIR SDK & Compiler before 3.7.0.2090 on Windows and before 3.7.0.2100 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-06-18
Updated:
2015-08-03

ID:
CVE-2013-4616
Title:
The WifiPasswordController generateDefaultPassword method in Preferences in Apple iOS 6 and earlier relies on the UITextChecker suggestWordInLanguage method for selection of Wi-Fi hotspot WPA2 PSK passphrases, which makes it easier...
Type:
Mobile Devices
Bulletins:
CVE-2013-4616
Severity:
Medium
Description:
The WifiPasswordController generateDefaultPassword method in Preferences in Apple iOS 6 and earlier relies on the UITextChecker suggestWordInLanguage method for selection of Wi-Fi hotspot WPA2 PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack that leverages the insufficient number of possible passphrases.
Applies to:
Created:
2013-06-18
Updated:
2017-11-10

ID:
MITRE:16897
Title:
oval:org.mitre.oval:def:16897: Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe...
Type:
Web
Bulletins:
MITRE:16897
CVE-2013-3327
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-06-13
Updated:
2015-08-03

ID:
MITRE:17118
Title:
oval:org.mitre.oval:def:17118: Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe...
Type:
Web
Bulletins:
MITRE:17118
CVE-2013-3325
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-06-13
Updated:
2015-08-03

ID:
MITRE:16407
Title:
oval:org.mitre.oval:def:16407: Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe...
Type:
Web
Bulletins:
MITRE:16407
CVE-2013-3334
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, and CVE-2013-3335.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-06-13
Updated:
2015-08-03

ID:
MITRE:17050
Title:
oval:org.mitre.oval:def:17050: Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe...
Type:
Web
Bulletins:
MITRE:17050
CVE-2013-3326
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-06-13
Updated:
2015-08-03

ID:
MITRE:16913
Title:
oval:org.mitre.oval:def:16913: Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe...
Type:
Web
Bulletins:
MITRE:16913
CVE-2013-3329
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-06-13
Updated:
2015-08-03

ID:
MITRE:17083
Title:
oval:org.mitre.oval:def:17083: Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe...
Type:
Web
Bulletins:
MITRE:17083
CVE-2013-3330
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-06-13
Updated:
2015-08-03

ID:
MITRE:16995
Title:
oval:org.mitre.oval:def:16995: Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe...
Type:
Web
Bulletins:
MITRE:16995
CVE-2013-3328
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-06-13
Updated:
2015-08-03

ID:
MITRE:16846
Title:
oval:org.mitre.oval:def:16846: Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe...
Type:
Web
Bulletins:
MITRE:16846
CVE-2013-3331
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-06-13
Updated:
2015-08-03

ID:
MITRE:17141
Title:
oval:org.mitre.oval:def:17141: Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe...
Type:
Web
Bulletins:
MITRE:17141
CVE-2013-3332
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-06-13
Updated:
2015-08-03

ID:
MITRE:16932
Title:
oval:org.mitre.oval:def:16932: Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe...
Type:
Web
Bulletins:
MITRE:16932
CVE-2013-2728
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-06-13
Updated:
2015-08-03

ID:
MITRE:16921
Title:
oval:org.mitre.oval:def:16921: Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe...
Type:
Web
Bulletins:
MITRE:16921
CVE-2013-3335
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, and CVE-2013-3334.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-06-13
Updated:
2015-08-03

ID:
MITRE:16804
Title:
oval:org.mitre.oval:def:16804: Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe...
Type:
Web
Bulletins:
MITRE:16804
CVE-2013-3333
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3334, and CVE-2013-3335.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-06-13
Updated:
2015-08-03

ID:
MITRE:16969
Title:
oval:org.mitre.oval:def:16969: Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe...
Type:
Web
Bulletins:
MITRE:16969
CVE-2013-3324
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.
Applies to:
Adobe Air
Adobe Flash Player
Created:
2013-06-13
Updated:
2015-08-03

ID:
MITRE:16375
Title:
oval:org.mitre.oval:def:16375: The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to...
Type:
Software
Bulletins:
MITRE:16375
CVE-2013-4083
Severity:
Low
Description:
The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Applies to:
Wireshark
Created:
2013-06-10
Updated:
2015-08-17

ID:
CVE-2013-3948
Title:
Apple iOS 6.1.3 does not follow redirects during determination of the hostname to display in an iOS Enterprise Deployment installation dialog, which makes it easier for remote attackers to trigger installation of arbitrary...
Type:
Mobile Devices
Bulletins:
CVE-2013-3948
Severity:
Medium
Description:
Apple iOS 6.1.3 does not follow redirects during determination of the hostname to display in an iOS Enterprise Deployment installation dialog, which makes it easier for remote attackers to trigger installation of arbitrary applications via a download-manifest itms-services:// URL that leverages an open redirect vulnerability within a trusted domain.
Applies to:
Created:
2013-06-05
Updated:
2017-11-10

ID:
CVE-2013-3950
Title:
Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLD_SHARED_CACHE_DIR...
Type:
Mobile Devices
Bulletins:
CVE-2013-3950
Severity:
Medium
Description:
Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLD_SHARED_CACHE_DIR environment variable.
Applies to:
Created:
2013-06-05
Updated:
2017-11-10

ID:
CVE-2013-3953
Title:
The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory...
Type:
Mobile Devices
Bulletins:
CVE-2013-3953
Severity:
Medium
Description:
The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted call.
Applies to:
Created:
2013-06-05
Updated:
2017-11-10

ID:
CVE-2013-3954
Title:
The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is...
Type:
Mobile Devices
Bulletins:
CVE-2013-3954
Severity:
Medium
Description:
The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is inconsistent with a header count field, or (2) obtain sensitive information from kernel heap memory via a certain size value in conjunction with a crafted buffer.
Applies to:
Created:
2013-06-05
Updated:
2017-11-10

ID:
CVE-2013-1208
Title:
The encryption functionality in Cisco NX-OS on the Nexus 1000V does not properly handle Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication, which allows remote attackers to intercept or modify network traffic by...
Type:
Hardware
Bulletins:
CVE-2013-1208
Severity:
Medium
Description:
The encryption functionality in Cisco NX-OS on the Nexus 1000V does not properly handle Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication, which allows remote attackers to intercept or modify network traffic by leveraging certain Layer 2 or Layer 3 access, aka Bug ID CSCud14691.
Applies to:
Created:
2013-05-29
Updated:
2017-11-10

ID:
CVE-2013-1209
Title:
The encryption functionality in the Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication component in Cisco NX-OS on the Nexus 1000V does not properly authenticate VSM/VEM packets, which allows remote attackers to disable...
Type:
Hardware
Bulletins:
CVE-2013-1209
Severity:
Medium
Description:
The encryption functionality in the Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication component in Cisco NX-OS on the Nexus 1000V does not properly authenticate VSM/VEM packets, which allows remote attackers to disable packet-level encryption and integrity protection via crafted packets, aka Bug ID CSCud14710.
Applies to:
Created:
2013-05-29
Updated:
2017-11-10

ID:
CVE-2013-1210
Title:
Array index error in the Virtual Ethernet Module (VEM) kernel driver for VMware ESXi in Cisco NX-OS on the Nexus 1000V, when STUN debugging is enabled, allows remote attackers to cause a denial of service (ESXi crash and purple screen of death) by...
Type:
Hardware
Bulletins:
CVE-2013-1210
Severity:
Medium
Description:
Array index error in the Virtual Ethernet Module (VEM) kernel driver for VMware ESXi in Cisco NX-OS on the Nexus 1000V, when STUN debugging is enabled, allows remote attackers to cause a denial of service (ESXi crash and purple screen of death) by sending crafted STUN packets to a VEM, aka Bug ID CSCud14825.
Applies to:
Created:
2013-05-29
Updated:
2017-11-10

ID:
CVE-2013-1211
Title:
Cisco NX-OS on the Nexus 1000V does not properly handle authentication for Virtual Ethernet Module (VEM) to Virtual Supervisor Module (VSM) communication, which allows remote attackers to obtain VEM access via (1) spoofed STUN packets or (2) a...
Type:
Hardware
Bulletins:
CVE-2013-1211
Severity:
Medium
Description:
Cisco NX-OS on the Nexus 1000V does not properly handle authentication for Virtual Ethernet Module (VEM) to Virtual Supervisor Module (VSM) communication, which allows remote attackers to obtain VEM access via (1) spoofed STUN packets or (2) a crafted VMware ESXi instance, aka Bug ID CSCud14832.
Applies to:
Created:
2013-05-29
Updated:
2017-11-10

ID:
CVE-2013-1212
Title:
The SSL functionality in Cisco NX-OS on the Nexus 1000V does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof servers, and intercept or modify Virtual Supervisor Module (VSM) to VMware vCenter communication,...
Type:
Hardware
Bulletins:
CVE-2013-1212
Severity:
Medium
Description:
The SSL functionality in Cisco NX-OS on the Nexus 1000V does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof servers, and intercept or modify Virtual Supervisor Module (VSM) to VMware vCenter communication, via a crafted certificate, aka Bug ID CSCud14837.
Applies to:
Cisco Nexus 1000V VSM
Created:
2013-05-29
Updated:
2017-11-10

ID:
CVE-2013-1213
Title:
Cisco NX-OS on the Nexus 1000V does not assign the proper priority to heartbeat messages from a Virtual Ethernet Module (VEM) to a Virtual Supervisor Module (VSM), which allows remote attackers to cause a denial of service (false VEM unavailability...
Type:
Hardware
Bulletins:
CVE-2013-1213
Severity:
Medium
Description:
Cisco NX-OS on the Nexus 1000V does not assign the proper priority to heartbeat messages from a Virtual Ethernet Module (VEM) to a Virtual Supervisor Module (VSM), which allows remote attackers to cause a denial of service (false VEM unavailability report) via a flood of UDP packets, aka Bug ID CSCud14840.
Applies to:
Cisco Nexus 1000V VSM
Created:
2013-05-29
Updated:
2017-11-10

ID:
CVE-2013-1019
Title:
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.
Type:
Mobile Devices
Bulletins:
CVE-2013-1019
Severity:
High
Description:
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.
Applies to:
Created:
2013-05-24
Updated:
2017-11-10

ID:
CVE-2013-1204
Title:
Memory leak in the SNMP process in Cisco IOS XR allows remote attackers to cause a denial of service (memory consumption or process reload) by sending many port-162 UDP packets, aka Bug ID CSCug80345.
Type:
Hardware
Bulletins:
CVE-2013-1204
Severity:
Medium
Description:
Memory leak in the SNMP process in Cisco IOS XR allows remote attackers to cause a denial of service (memory consumption or process reload) by sending many port-162 UDP packets, aka Bug ID CSCug80345.
Applies to:
Created:
2013-05-23
Updated:
2017-11-10

ID:
CVE-2013-2842
Title:
Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets.
Type:
Mobile Devices
Bulletins:
CVE-2013-2842
Severity:
High
Description:
Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets.
Applies to:
Created:
2013-05-22
Updated:
2017-11-10

ID:
CVE-2013-1005
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Mobile Devices
Bulletins:
CVE-2013-1005
Severity:
High
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Created:
2013-05-20
Updated:
2017-11-10

ID:
CVE-2013-1006
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Mobile Devices
Bulletins:
CVE-2013-1006
Severity:
High
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Created:
2013-05-20
Updated:
2017-11-10

ID:
CVE-2013-1007
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Mobile Devices
Bulletins:
CVE-2013-1007
Severity:
High
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Created:
2013-05-20
Updated:
2017-11-10

ID:
CVE-2013-1008
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Mobile Devices
Bulletins:
CVE-2013-1008
Severity:
High
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Created:
2013-05-20
Updated:
2017-11-10

ID:
CVE-2013-0999
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Mobile Devices
Bulletins:
CVE-2013-0999
Severity:
High
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Created:
2013-05-20
Updated:
2017-11-10

ID:
CVE-2013-1000
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Mobile Devices
Bulletins:
CVE-2013-1000
Severity:
High
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Created:
2013-05-20
Updated:
2017-11-10

ID:
CVE-2013-1001
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Mobile Devices
Bulletins:
CVE-2013-1001
Severity:
High
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Created:
2013-05-20
Updated:
2017-11-10

ID:
CVE-2013-1002
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Mobile Devices
Bulletins:
CVE-2013-1002
Severity:
High
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Created:
2013-05-20
Updated:
2017-11-10

ID:
CVE-2013-1003
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Mobile Devices
Bulletins:
CVE-2013-1003
Severity:
High
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Created:
2013-05-20
Updated:
2017-11-10

ID:
CVE-2013-1004
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Mobile Devices
Bulletins:
CVE-2013-1004
Severity:
High
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Created:
2013-05-20
Updated:
2017-11-10

ID:
CVE-2013-1010
Title:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different...
Type:
Mobile Devices
Bulletins:
CVE-2013-1010
Severity:
High
Description:
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Applies to:
Created:
2013-05-20
Updated:
2017-11-10

ID:
CVE-2013-1188
Title:
Cisco Unified Communications Manager (CUCM) does not properly limit the rate of authentication attempts, which allows remote attackers to cause a denial of service (application slowdown) via a series of requests, aka Bug ID CSCud39515.
Type:
Hardware
Bulletins:
CVE-2013-1188
Severity:
Medium
Description:
Cisco Unified Communications Manager (CUCM) does not properly limit the rate of authentication attempts, which allows remote attackers to cause a denial of service (application slowdown) via a series of requests, aka Bug ID CSCud39515.
Applies to:
Unified Communications Manager
Created:
2013-05-15
Updated:
2017-11-10

ID:
CVE-2013-1136
Title:
The crypto engine process in Cisco IOS on Aggregation Services Router (ASR) Route Processor 2 does not properly manage memory, which allows local users to cause a denial of service (route processor crash) by creating multiple tunnels and then...
Type:
Hardware
Bulletins:
CVE-2013-1136
Severity:
Medium
Description:
The crypto engine process in Cisco IOS on Aggregation Services Router (ASR) Route Processor 2 does not properly manage memory, which allows local users to cause a denial of service (route processor crash) by creating multiple tunnels and then examining encryption statistics, aka Bug ID CSCuc52193.
Applies to:
Created:
2013-05-13
Updated:
2017-11-10

ID:
CVE-2013-1234
Title:
The SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (process restart) via crafted SNMP packets, aka Bug ID CSCue69472.
Type:
Hardware
Bulletins:
CVE-2013-1234
Severity:
Medium
Description:
The SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (process restart) via crafted SNMP packets, aka Bug ID CSCue69472.
Applies to:
Created:
2013-05-03
Updated:
2017-11-10

ID:
CVE-2013-1235
Title:
Cisco Wireless LAN Controller (WLC) devices do not properly address the resource consumption of terminated TELNET sessions, which allows remote attackers to cause a denial of service (TELNET outage) by making many TELNET connections and improperly...
Type:
Hardware
Bulletins:
CVE-2013-1235
Severity:
Medium
Description:
Cisco Wireless LAN Controller (WLC) devices do not properly address the resource consumption of terminated TELNET sessions, which allows remote attackers to cause a denial of service (TELNET outage) by making many TELNET connections and improperly ending these connections, aka Bug ID CSCug35507.
Applies to:
Cisco WLC 2000
Cisco WLC 2100
Cisco WLC 4100
Cisco WLC 4400
Created:
2013-05-03
Updated:
2017-11-10

ID:
CVE-2013-1240
Title:
The command-line interface in Cisco Unified Communications Manager (CUCM) does not properly validate input, which allows local users to read arbitrary files via unspecified vectors, aka Bug ID CSCue25770.
Type:
Hardware
Bulletins:
CVE-2013-1240
Severity:
Medium
Description:
The command-line interface in Cisco Unified Communications Manager (CUCM) does not properly validate input, which allows local users to read arbitrary files via unspecified vectors, aka Bug ID CSCue25770.
Applies to:
Unified Communications Manager
Created:
2013-05-03
Updated:
2017-11-10

ID:
MITRE:17175
Title:
oval:org.mitre.oval:def:17175: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Replication). Supported versions that are affected are 5.1.66 and earlier and 5.1.28 and earlier. Easily exploitable vulnerability allows successful...
Type:
Services
Bulletins:
MITRE:17175
CVE-2013-0375
Severity:
Low
Description:
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.
Applies to:
MySQL Server 5.1
MySQL Server 5.5
Created:
2013-04-29
Updated:
2015-06-01

ID:
MITRE:16395
Title:
oval:org.mitre.oval:def:16395: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Privileges). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful...
Type:
Services
Bulletins:
MITRE:16395
CVE-2012-5611
Severity:
Low
Description:
Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.
Applies to:
MySQL Server 5.1
MySQL Server 5.5
Created:
2013-04-29
Updated:
2015-06-01

ID:
MITRE:16825
Title:
oval:org.mitre.oval:def:16825: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful...
Type:
Services
Bulletins:
MITRE:16825
CVE-2013-0389
Severity:
Low
Description:
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Applies to:
MySQL Server 5.1
MySQL Server 5.5
Created:
2013-04-29
Updated:
2015-06-01

ID:
MITRE:16835
Title:
oval:org.mitre.oval:def:16835: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks...
Type:
Software
Bulletins:
MITRE:16835
CVE-2013-0386
Severity:
Low
Description:
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.
Applies to:
MySQL Server 5.5
Created:
2013-04-29
Updated:
2015-06-01

ID:
MITRE:17077
Title:
oval:org.mitre.oval:def:17077: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Partition). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks...
Type:
Software
Bulletins:
MITRE:17077
CVE-2013-0367
Severity:
Low
Description:
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition.
Applies to:
MySQL Server 5.5
Created:
2013-04-29
Updated:
2015-06-01

ID:
MITRE:16877
Title:
oval:org.mitre.oval:def:16877: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Privileges). Supported versions that are affected are 5.5.28 and earlier. Difficult to exploit vulnerability allows successful authenticated network...
Type:
Software
Bulletins:
MITRE:16877
CVE-2012-5096
Severity:
Low
Description:
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors.
Applies to:
MySQL Server 5.5
Created:
2013-04-29
Updated:
2015-06-01

ID:
MITRE:16758
Title:
oval:org.mitre.oval:def:16758: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Locking). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Difficult to exploit vulnerability allows successful...
Type:
Services
Bulletins:
MITRE:16758
CVE-2013-0383
Severity:
Low
Description:
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking.
Applies to:
MySQL Server 5.1
MySQL Server 5.5
Created:
2013-04-29
Updated:
2015-06-01

ID:
MITRE:16267
Title:
oval:org.mitre.oval:def:16267: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Replication). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability requiring logon to...
Type:
Services
Bulletins:
MITRE:16267
CVE-2013-0385
Severity:
Low
Description:
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.
Applies to:
MySQL Server 5.1
MySQL Server 5.5
Created:
2013-04-29
Updated:
2015-06-01

ID:
MITRE:17268
Title:
oval:org.mitre.oval:def:17268: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful...
Type:
Services
Bulletins:
MITRE:17268
CVE-2012-1705
Severity:
Low
Description:
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Applies to:
MySQL Server 5.1
MySQL Server 5.5
Created:
2013-04-29
Updated:
2015-06-01

ID:
MITRE:16792
Title:
oval:org.mitre.oval:def:16792: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated...
Type:
Services
Bulletins:
MITRE:16792
CVE-2012-0572
Severity:
Low
Description:
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
Applies to:
MySQL Server 5.1
MySQL Server 5.5
Created:
2013-04-29
Updated:
2015-06-01

ID:
MITRE:16947
Title:
oval:org.mitre.oval:def:16947: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks...
Type:
Software
Bulletins:
MITRE:16947
CVE-2012-0578
Severity:
Low
Description:
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Applies to:
MySQL Server 5.5
Created:
2013-04-29
Updated:
2015-06-01

ID:
MITRE:16632
Title:
oval:org.mitre.oval:def:16632: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Information Schema). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful...
Type:
Services
Bulletins:
MITRE:16632
CVE-2013-0384
Severity:
Low
Description:
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Information Schema.
Applies to:
MySQL Server 5.1
MySQL Server 5.5
Created:
2013-04-29
Updated:
2015-06-01

ID:
MITRE:17186
Title:
oval:org.mitre.oval:def:17186: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful unauthenticated...
Type:
Services
Bulletins:
MITRE:17186
CVE-2012-1702
Severity:
Low
Description:
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.
Applies to:
MySQL Server 5.1
MySQL Server 5.5
Created:
2013-04-29
Updated:
2015-06-01

ID:
MITRE:16960
Title:
oval:org.mitre.oval:def:16960: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Parser). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via...
Type:
Software
Bulletins:
MITRE:16960
CVE-2012-5612
Severity:
Low
Description:
Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands.
Applies to:
MySQL Server 5.5
Created:
2013-04-29
Updated:
2015-06-01

ID:
MITRE:16451
Title:
oval:org.mitre.oval:def:16451: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via...
Type:
Software
Bulletins:
MITRE:16451
CVE-2013-0371
Severity:
Low
Description:
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability, related to MyISAM.
Applies to:
MySQL Server 5.5
Created:
2013-04-29
Updated:
2015-06-01

ID:
MITRE:17255
Title:
oval:org.mitre.oval:def:17255: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via...
Type:
Software
Bulletins:
MITRE:17255
CVE-2013-0368
Severity:
Low
Description:
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
Applies to:
MySQL Server 5.5
Created:
2013-04-29
Updated:
2015-06-01

ID:
MITRE:17266
Title:
oval:org.mitre.oval:def:17266: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated...
Type:
Services
Bulletins:
MITRE:17266
CVE-2012-0574
Severity:
Low
Description:
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors.
Applies to:
MySQL Server 5.1
MySQL Server 5.5
Created:
2013-04-29
Updated:
2015-06-01

ID:
CVE-2013-1216
Title:
Memory leak in the SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (memory consumption and process restart) via crafted SNMP packets, aka Bug ID CSCue31546.
Type:
Hardware
Bulletins:
CVE-2013-1216
Severity:
Medium
Description:
Memory leak in the SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (memory consumption and process restart) via crafted SNMP packets, aka Bug ID CSCue31546.
Applies to:
Created:
2013-04-29
Updated:
2017-11-10

ID:
CVE-2013-1226
Title:
The Ethernet frame-forwarding implementation in Cisco NX-OS on Nexus 7000 devices allows remote attackers to cause a denial of service (forwarding loop and service outage) via a crafted frame, aka Bug ID CSCug47098.
Type:
Hardware
Bulletins:
CVE-2013-1226
Severity:
Medium
Description:
The Ethernet frame-forwarding implementation in Cisco NX-OS on Nexus 7000 devices allows remote attackers to cause a denial of service (forwarding loop and service outage) via a crafted frame, aka Bug ID CSCug47098.
Applies to:
Cisco Nexus 7000
Cisco Nexus 7000-9slot
Cisco Nexus 7010
Cisco Nexus 7018
Created:
2013-04-29
Updated:
2017-11-10

ID:
CVE-2013-1178
Title:
Multiple buffer overflows in the Cisco Discovery Protocol (CDP) implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(4) and 6.x before 6.1(1), Nexus 5000 and 5500 devices 4.x and 5.x before 5.1(3)N1(1), Nexus 4000 devices...
Type:
Hardware
Bulletins:
CVE-2013-1178
Severity:
High
Description:
Multiple buffer overflows in the Cisco Discovery Protocol (CDP) implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(4) and 6.x before 6.1(1), Nexus 5000 and 5500 devices 4.x and 5.x before 5.1(3)N1(1), Nexus 4000 devices before 4.1(2)E1(1h), Nexus 3000 devices 5.x before 5.0(3)U3(1), Nexus 1000V devices 4.x before 4.2(1)SV1(5.1), MDS 9000 devices 4.x and 5.x before 5.2(4), Unified Computing System (UCS) 6100 and 6200 devices before 2.0(2m), and Connected Grid Router (CGR) 1000 devices before CG4(1) allow remote attackers to execute arbitrary code via malformed CDP packets, aka Bug IDs CSCtu10630, CSCtu10551, CSCtu10550, CSCtw56581, CSCtu10548, CSCtu10544, and CSCuf61275.
Applies to:
Cisco Nexus 1000V VSM
Cisco Nexus 5000 Series
Cisco Nexus 5010
Cisco Nexus 5020
Cisco Nexus 5548p
Cisco Nexus 5548up
Cisco Nexus 5596UP
Cisco Nexus 7000
Cisco Nexus 7000-9slot
Cisco Nexus 7010
Cisco Nexus 7018
Created:
2013-04-25
Updated:
2017-11-10

ID:
CVE-2013-1179
Title:
Multiple buffer overflows in the (1) SNMP and (2) License Manager implementations in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(5) and 6.x before 6.1(1) and MDS 9000 devices 4.x and 5.x before 5.2(5) allow remote authenticated users to...
Type:
Hardware
Bulletins:
CVE-2013-1179
Severity:
High
Description:
Multiple buffer overflows in the (1) SNMP and (2) License Manager implementations in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(5) and 6.x before 6.1(1) and MDS 9000 devices 4.x and 5.x before 5.2(5) allow remote authenticated users to execute arbitrary code via a crafted SNMP request, aka Bug ID CSCtx54830.
Applies to:
Cisco Nexus 7000
Cisco Nexus 7000-9slot
Cisco Nexus 7010
Cisco Nexus 7018
Created:
2013-04-25
Updated:
2017-11-10

ID:
CVE-2013-1180
Title:
Buffer overflow in the SNMP implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(5) and 6.x before 6.1(1) and MDS 9000 devices 4.x and 5.x before 5.2(5) allows remote authenticated users to execute arbitrary code via a crafted...
Type:
Hardware
Bulletins:
CVE-2013-1180
Severity:
High
Description:
Buffer overflow in the SNMP implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(5) and 6.x before 6.1(1) and MDS 9000 devices 4.x and 5.x before 5.2(5) allows remote authenticated users to execute arbitrary code via a crafted SNMP request, aka Bug ID CSCtx54822.
Applies to:
Cisco Nexus 7000
Cisco Nexus 7000-9slot
Cisco Nexus 7010
Cisco Nexus 7018
Created:
2013-04-25
Updated:
2017-11-10

ID:
CVE-2013-1181
Title:
Cisco NX-OS on Nexus 5500 devices 4.x and 5.x before 5.0(3)N2(2), Nexus 3000 devices 5.x before 5.0(3)U3(2), and Unified Computing System (UCS) 6200 devices before 2.0(1w) allows remote attackers to cause a denial of service (device reload) by...
Type:
Hardware
Bulletins:
CVE-2013-1181
Severity:
High
Description:
Cisco NX-OS on Nexus 5500 devices 4.x and 5.x before 5.0(3)N2(2), Nexus 3000 devices 5.x before 5.0(3)U3(2), and Unified Computing System (UCS) 6200 devices before 2.0(1w) allows remote attackers to cause a denial of service (device reload) by sending a jumbo packet to the management interface, aka Bug IDs CSCtx17544, CSCts10593, and CSCtx95389.
Applies to:
Cisco Nexus 5548Up
Cisco Nexus 5548p
Cisco Nexus 5548up
Cisco Nexus 5596UP
Created:
2013-04-25
Updated:
2017-11-10

ID:
CVE-2013-1192
Title:
The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5.2.8, and Cisco Device Manager for Cisco Nexus 5000 devices, allow remote attackers to execute arbitrary commands on Windows client machines via a crafted element-manager.jnlp...
Type:
Hardware
Bulletins:
CVE-2013-1192
Severity:
High
Description:
The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5.2.8, and Cisco Device Manager for Cisco Nexus 5000 devices, allow remote attackers to execute arbitrary commands on Windows client machines via a crafted element-manager.jnlp file, aka Bug IDs CSCty17417 and CSCty10802.
Applies to:
Cisco Nexus 5000 Series
Cisco Nexus 5010
Cisco Nexus 5020
Cisco Nexus 5020p
Cisco Nexus 5548Up
Cisco Nexus 5548p
Cisco Nexus 5548up
Cisco Nexus 5596UP
Cisco Nexus C5010P-BF
Created:
2013-04-25
Updated:
2017-11-10

ID:
CVE-2013-1215
Title:
The vpnclient program in the Easy VPN component on Cisco Adaptive Security Appliances (ASA) 5505 devices allows local users to gain privileges via unspecified vectors, aka Bug ID CSCuf85295.
Type:
Hardware
Bulletins:
CVE-2013-1215
Severity:
Medium
Description:
The vpnclient program in the Easy VPN component on Cisco Adaptive Security Appliances (ASA) 5505 devices allows local users to gain privileges via unspecified vectors, aka Bug ID CSCuf85295.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Created:
2013-04-25
Updated:
2017-11-10

ID:
CVE-2013-1217
Title:
The generic input/output control implementation in Cisco IOS does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) by sending many SNMP requests at the same time, aka Bug ID CSCub41105.
Type:
Hardware
Bulletins:
CVE-2013-1217
Severity:
Medium
Description:
The generic input/output control implementation in Cisco IOS does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) by sending many SNMP requests at the same time, aka Bug ID CSCub41105.
Applies to:
Created:
2013-04-24
Updated:
2017-11-10

ID:
MITRE:16652
Title:
oval:org.mitre.oval:def:16652: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to...
Type:
Software
Bulletins:
MITRE:16652
CVE-2013-1476
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-0441 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via "certain value handler constructors."
Applies to:
Java Runtime Environment
Created:
2013-04-22
Updated:
2015-03-23

ID:
MITRE:16496
Title:
oval:org.mitre.oval:def:16496: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to...
Type:
Software
Bulletins:
MITRE:16496
CVE-2013-0428
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "incorrect checks for proxy classes" in the Reflection API.
Applies to:
Java Runtime Environment
Created:
2013-04-22
Updated:
2015-03-23

ID:
MITRE:16045
Title:
oval:org.mitre.oval:def:16045: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:16045
CVE-2013-1480
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption.
Applies to:
Java Runtime Environment
Created:
2013-04-22
Updated:
2015-03-23

ID:
MITRE:15923
Title:
oval:org.mitre.oval:def:15923: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Security) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote...
Type:
Software
Bulletins:
MITRE:15923
CVE-2012-1718
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect availability via unknown vectors related to Security.
Applies to:
Java Runtime Environment
Created:
2013-04-22
Updated:
2015-03-23

ID:
MITRE:16058
Title:
oval:org.mitre.oval:def:16058: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to...
Type:
Software
Bulletins:
MITRE:16058
CVE-2013-0425
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions.
Applies to:
Java Runtime Environment
Created:
2013-04-22
Updated:
2015-03-23

ID:
MITRE:16558
Title:
oval:org.mitre.oval:def:16558: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JSSE) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:16558
CVE-2013-0440
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the the SSL/TLS implementation via a large number of ClientHello packets that are not properly handled by (1) ClientHandshaker.java and (2) ServerHandshaker.java.
Applies to:
Java Runtime Environment
Created:
2013-04-22
Updated:
2015-03-23

ID:
MITRE:16013
Title:
oval:org.mitre.oval:def:16013: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect integrity via...
Type:
Software
Bulletins:
MITRE:16013
CVE-2013-0427
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Libraries. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to interrupt certain threads that should not be interrupted.
Applies to:
Java Runtime Environment
Created:
2013-04-22
Updated:
2015-03-23

ID:
MITRE:16530
Title:
oval:org.mitre.oval:def:16530: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JMX) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality via...
Type:
Software
Bulletins:
MITRE:16530
CVE-2013-0409
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality via vectors related to JMX.
Applies to:
Java Runtime Environment
Created:
2013-04-22
Updated:
2015-03-23

ID:
MITRE:16680
Title:
oval:org.mitre.oval:def:16680: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect confidentiality,...
Type:
Software
Bulletins:
MITRE:16680
CVE-2013-0445
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox.
Applies to:
Java Runtime Environment
Created:
2013-04-22
Updated:
2015-03-23

ID:
MITRE:16649
Title:
oval:org.mitre.oval:def:16649: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect confidentiality,...
Type:
Software
Bulletins:
MITRE:16649
CVE-2013-0429
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue involves the creation of a single PresentationManager that is shared across multiple thread groups, which allows remote attackers to bypass Java sandbox restrictions.
Applies to:
Java Runtime Environment
Created:
2013-04-22
Updated:
2015-03-23

ID:
MITRE:15996
Title:
oval:org.mitre.oval:def:15996: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers...
Type:
Software
Bulletins:
MITRE:15996
CVE-2012-1711
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to CORBA.
Applies to:
Java Runtime Environment
Created:
2013-04-22
Updated:
2015-03-23

ID:
MITRE:16537
Title:
oval:org.mitre.oval:def:16537: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Networking) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect integrity via...
Type:
Software
Bulletins:
MITRE:16537
CVE-2013-0433
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to avoid triggering an exception during the deserialization of invalid InetSocketAddress data.
Applies to:
Java Runtime Environment
Created:
2013-04-22
Updated:
2015-03-23

ID:
MITRE:16035
Title:
oval:org.mitre.oval:def:16035: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:16035
CVE-2013-0442
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox.
Applies to:
Java Runtime Environment
Created:
2013-04-22
Updated:
2015-03-23

ID:
MITRE:16502
Title:
oval:org.mitre.oval:def:16502: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: 2D) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, 1.4.2_37 and earlier, and JavaFX 2.1 and earlier...
Type:
Software
Bulletins:
MITRE:16502
CVE-2012-1713
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, 1.4.2_37 and earlier, and JavaFX 2.1 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Applies to:
Java Runtime Environment
JavaFX
Created:
2013-04-22
Updated:
2015-03-23

ID:
MITRE:16567
Title:
oval:org.mitre.oval:def:16567: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:16567
CVE-2013-0432
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient clipboard access premission checks."
Applies to:
Java Runtime Environment
Created:
2013-04-22
Updated:
2015-03-23

ID:
MITRE:16613
Title:
oval:org.mitre.oval:def:16613: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to...
Type:
Software
Bulletins:
MITRE:16613
CVE-2013-1475
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java.
Applies to:
Java Runtime Environment
Created:
2013-04-22
Updated:
2015-03-23

ID:
MITRE:16566
Title:
oval:org.mitre.oval:def:16566: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to...
Type:
Software
Bulletins:
MITRE:16566
CVE-2013-0441
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-1476 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via certain methods that should not be serialized, aka "missing serialization restriction."
Applies to:
Java Runtime Environment
Created:
2013-04-22
Updated:
2015-03-23

ID:
MITRE:16513
Title:
oval:org.mitre.oval:def:16513: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Hotspot) 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:16513
CVE-2012-1725
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Applies to:
Java Runtime Environment
Created:
2013-04-22
Updated:
2015-03-23

ID:
MITRE:16519
Title:
oval:org.mitre.oval:def:16519: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: RMI) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:16519
CVE-2013-0424
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to cross-site scripting (XSS) in the sun.rmi.transport.proxy CGIHandler class that does not properly handle error messages in a (1) command or (2) port number.
Applies to:
Java Runtime Environment
Created:
2013-04-22
Updated:
2015-03-23

ID:
MITRE:15888
Title:
oval:org.mitre.oval:def:15888: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to...
Type:
Software
Bulletins:
MITRE:15888
CVE-2013-0426
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions.
Applies to:
Java Runtime Environment
Created:
2013-04-22
Updated:
2015-03-23

ID:
MITRE:15832
Title:
oval:org.mitre.oval:def:15832: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JSSE) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:15832
CVE-2013-0443
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a "small subgroup attack" to force the use of weak session keys or obtain sensitive information about the private key.
Applies to:
Java Runtime Environment
Created:
2013-04-22
Updated:
2015-03-23

ID:
MITRE:16430
Title:
oval:org.mitre.oval:def:16430: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Sound) 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality,...
Type:
Software
Bulletins:
MITRE:16430
CVE-2013-1481
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.
Applies to:
Java Runtime Environment
Created:
2013-04-22
Updated:
2015-03-23

ID:
MITRE:16550
Title:
oval:org.mitre.oval:def:16550: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JMX) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect confidentiality,...
Type:
Software
Bulletins:
MITRE:16550
CVE-2013-0450
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper checks of "access control context" in the JMX RequiredModelMBean class.
Applies to:
Java Runtime Environment
Created:
2013-04-22
Updated:
2015-03-23

ID:
MITRE:16528
Title:
oval:org.mitre.oval:def:16528: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JAXP) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:16528
CVE-2013-0434
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information.
Applies to:
Java Runtime Environment
Created:
2013-04-22
Updated:
2015-03-23

ID:
MITRE:16581
Title:
oval:org.mitre.oval:def:16581: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Networking) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier, when running on...
Type:
Software
Bulletins:
MITRE:16581
CVE-2012-1720
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier, when running on Solaris, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking.
Applies to:
Java Runtime Environment
Created:
2013-04-22
Updated:
2015-03-23

ID:
MITRE:16312
Title:
oval:org.mitre.oval:def:16312: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers...
Type:
Software
Bulletins:
MITRE:16312
CVE-2012-1719
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect integrity, related to CORBA.
Applies to:
Java Runtime Environment
Created:
2013-04-22
Updated:
2015-03-23

ID:
MITRE:16259
Title:
oval:org.mitre.oval:def:16259: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Hotspot) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote...
Type:
Software
Bulletins:
MITRE:16259
CVE-2012-1723
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Applies to:
Java Runtime Environment
Created:
2013-04-22
Updated:
2015-03-23

ID:
MITRE:15733
Title:
oval:org.mitre.oval:def:15733: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: 2D) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:15733
CVE-2013-1478
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" that can trigger an integer overflow and memory corruption.
Applies to:
Java Runtime Environment
Created:
2013-04-22
Updated:
2015-03-23

ID:
MITRE:16168
Title:
oval:org.mitre.oval:def:16168: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Swing) 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect...
Type:
Software
Bulletins:
MITRE:16168
CVE-2012-1716
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing.
Applies to:
Java Runtime Environment
Created:
2013-04-22
Updated:
2015-03-23

ID:
CVE-2013-1194
Title:
The ISAKMP implementation on Cisco Adaptive Security Appliances (ASA) devices generates different responses for IKE aggressive-mode messages depending on whether invalid VPN groups are specified, which allows remote attackers to enumerate groups via...
Type:
Hardware
Bulletins:
CVE-2013-1194
Severity:
Medium
Description:
The ISAKMP implementation on Cisco Adaptive Security Appliances (ASA) devices generates different responses for IKE aggressive-mode messages depending on whether invalid VPN groups are specified, which allows remote attackers to enumerate groups via a series of messages, aka Bug ID CSCue73708.
Applies to:
Created:
2013-04-18
Updated:
2017-11-10

ID:
CVE-2013-1199
Title:
Race condition in the CIFS implementation in the rewriter module in the Clientless SSL VPN component on Cisco Adaptive Security Appliances (ASA) devices allows remote au