CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-5866
https://notcve.org/view.php?id=CVE-2014-5866
11 Sep 2014 — The CA DMV (aka gov.ca.dmv) application 2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación CA DMV (también conocido como gov.ca.dmv) 2 para Android no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener información sensible a través de un certificado manipulado. • http://www.kb.cert.org/vuls/id/142233 • CWE-310: Cryptographic Issues •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-5657
https://notcve.org/view.php?id=CVE-2014-5657
09 Sep 2014 — The CA Lottery Results (aka com.matcho0.calotto) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación CA Lottery Results 2.1 (también conocido como com.matcho0.calotto) para Android no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener información sensible a través de un... • http://www.kb.cert.org/vuls/id/582497 • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 15%CPEs: 1EXPL: 0CVE-2014-2210 – CA ERwin Web Portal MIMM ProfileIconServlet Multiple Information Disclosure Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-2210
03 Apr 2014 — Multiple directory traversal vulnerabilities in CA ERwin Web Portal 9.5 allow remote attackers to obtain sensitive information, bypass intended access restrictions, cause a denial of service, or possibly execute arbitrary code via unspecified vectors. Múltiples vulnerabilidades de salto de directorio en el portal web de CA ERwin 9.5 permiten a atacantes remotos obtener información sensible, evadir restricciones de acceso, causar una denegación de servicio o posiblemente ejecutar código arbitrario a través d... • http://www.securityfocus.com/bid/66644 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2013-5968 – CA SiteMinder Cross Site Scripting
https://notcve.org/view.php?id=CVE-2013-5968
25 Oct 2013 — Cross-site scripting (XSS) vulnerability in CA SiteMinder 12.0 through 12.51, and SiteMinder 6 Web Agents, allows remote attackers to inject arbitrary web script or HTML via vectors involving a " (double quote) character. Vulnerabilidad cross-site scripting (XSS) en CA SiteMinder de la version 12.0 hasta la 12.51, y SiteMinder 6 Web Agents, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través de vectores que involucran un caracter " (comillas dobles). CA Technologies S... • http://archives.neohapsis.com/archives/bugtraq/2013-10/0120.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 2%CPEs: 4EXPL: 0CVE-2012-6298
https://notcve.org/view.php?id=CVE-2012-6298
26 Dec 2012 — Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12.5 before SP15, and r12.6 GA allows remote attackers to execute arbitrary commands or modify data via unknown vectors. Una vulnerabilidad no especificada en CA IdentityMinder r12.0 hasta CR16, r12.5 antes de SP15 y r12.6 GA permite a atacantes remotos ejecutar comandos de su elección o modificar datos a través de vectores desconocidos. • https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7BFBA53B61-3A68-4506-9876-F845F6DD8A93%7D •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2012-6299
https://notcve.org/view.php?id=CVE-2012-6299
26 Dec 2012 — Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12.5 before SP15, and r12.6 GA allows remote attackers to bypass intended access restrictions via unknown vectors. Una vulnerabilidad no especificada en CA IdentityMinder r12.0 hasta CR16, r12.5 antes de SP15 y r12.6 GA permite a atacantes remotos evitar las restricciones de acceso a través de vectores desconocidos. • https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7BFBA53B61-3A68-4506-9876-F845F6DD8A93%7D •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2012-5973
https://notcve.org/view.php?id=CVE-2012-5973
10 Dec 2012 — CA XCOM Data Transport r11.0 and r11.5 on UNIX and Linux allows remote attackers to execute arbitrary commands via a crafted request. CA XCOM Data Transport r11.0 y r11.5 para UNIX y Linux, permite a atacantes remotos ejecutar código arbitrario a través de una petición manipulada. • http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B358F44CA-6354-4427-9088-C57138E9EE11%7D • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2010-5156
https://notcve.org/view.php?id=CVE-2010-5156
25 Aug 2012 — Race condition in CA Internet Security Suite Plus 2010 6.0.0.272 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted prog... • http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2012-1440
https://notcve.org/view.php?id=CVE-2012-1440
21 Mar 2012 — The ELF file parser in Norman Antivirus 6.06.12, eSafe 7.0.17.0, CA eTrust Vet Antivirus 36.1.8511, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified identsize field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. El analizador de archivos ELF en Norman Antivirus 6.6.12, eSafe 7.0.17.0, CA ... • http://www.ieee-security.org/TC/SP2012/program.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 3%CPEs: 14EXPL: 0CVE-2012-1446
https://notcve.org/view.php?id=CVE-2012-1446
21 Mar 2012 — The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Norman Antivirus 6.06.12, eSafe 7.0.17.0, Kaspersky Anti-Virus 7.0.0.125, McAfee Gateway (formerly Webwasher) 2010.1C, Sophos Anti-Virus 4.61.0, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attac... • http://osvdb.org/80426 • CWE-264: Permissions, Privileges, and Access Controls •