NotCVE - vendor:"Ca"

Page 9 of 142 results (0.004 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2014-5866

https://notcve.org/view.php?id=CVE-2014-5866

The CA DMV (aka gov.ca.dmv) application 2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación CA DMV (también conocido como gov.ca.dmv) 2 para Android no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener información sensible a través de un certificado manipulado. • http://www.kb.cert.org/vuls/id/142233 http://www.kb.cert.org/vuls/id/582497 https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing • CWE-310: Cryptographic Issues •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2014-5657

https://notcve.org/view.php?id=CVE-2014-5657

The CA Lottery Results (aka com.matcho0.calotto) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación CA Lottery Results 2.1 (también conocido como com.matcho0.calotto) para Android no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener información sensible a través de un certificado manipulado. • http://www.kb.cert.org/vuls/id/582497 http://www.kb.cert.org/vuls/id/976385 https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing • CWE-310: Cryptographic Issues •

CVSS: 7.8EPSS: 92%CPEs: 1EXPL: 0

CVE-2014-2210 – CA ERwin Web Portal MIMM ProfileIconServlet Multiple Information Disclosure Vulnerabilities

https://notcve.org/view.php?id=CVE-2014-2210

Multiple directory traversal vulnerabilities in CA ERwin Web Portal 9.5 allow remote attackers to obtain sensitive information, bypass intended access restrictions, cause a denial of service, or possibly execute arbitrary code via unspecified vectors. Múltiples vulnerabilidades de salto de directorio en el portal web de CA ERwin 9.5 permiten a atacantes remotos obtener información sensible, evadir restricciones de acceso, causar una denegación de servicio o posiblemente ejecutar código arbitrario a través de vectores no especificados. This vulnerability allows remote attackers to read arbitrary files on a system with vulnerable installations of CA ERwin Web Portal's Meta Integration Metadata Management service. Authentication is not required to exploit this vulnerability. The specific flaw exists within the "Meta Integration Web Server and Services" ProfileIconServlet which is vulnerable to directory traversals in multiple parameters. An attacker can leverage these vulnerabilities to read arbitrary files, including files which store database credentials, under the context of SYSTEM. • http://www.securityfocus.com/bid/66644 http://www.securitytracker.com/id/1030017 https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B7F968A14-7407-4BCF-9EB1-EFE9F0E6D663%7D • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

CVE-2013-5968

https://notcve.org/view.php?id=CVE-2013-5968

Cross-site scripting (XSS) vulnerability in CA SiteMinder 12.0 through 12.51, and SiteMinder 6 Web Agents, allows remote attackers to inject arbitrary web script or HTML via vectors involving a " (double quote) character. Vulnerabilidad cross-site scripting (XSS) en CA SiteMinder de la version 12.0 hasta la 12.51, y SiteMinder 6 Web Agents, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través de vectores que involucran un caracter " (comillas dobles). • http://archives.neohapsis.com/archives/bugtraq/2013-10/0120.html http://osvdb.org/98919 http://seclists.org/fulldisclosure/2013/Oct/230 http://www.securitytracker.com/id/1029237 https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B9B8E7A8A-2A00-4456-A7CC-8C2E74AA7EA5%7D • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0

CVE-2012-6299

https://notcve.org/view.php?id=CVE-2012-6299

Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12.5 before SP15, and r12.6 GA allows remote attackers to bypass intended access restrictions via unknown vectors. Una vulnerabilidad no especificada en CA IdentityMinder r12.0 hasta CR16, r12.5 antes de SP15 y r12.6 GA permite a atacantes remotos evitar las restricciones de acceso a través de vectores desconocidos. • https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7BFBA53B61-3A68-4506-9876-F845F6DD8A93%7D •

1...7 8 9 10 11