Vendor CVEs
Ca
All CVEs
260 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-2863 | 0.02 | — | 0.23 | Jun 6, 2007 | Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a long filename in a .CAB file. | |||
| CVE-2007-2522 | 0.02 | — | 0.27 | May 11, 2007 | Stack-based buffer overflow in the inoweb Console Server in CA Anti-Virus for the Enterprise r8, Threat Manager r8, Anti-Spyware for the Enterprise r8, and Protection Suites r3 allows remote attackers to execute arbitrary code via a long (1) username or (2) password. | |||
| CVE-2011-2667 | 0.01 | — | 0.16 | Jul 28, 2011 | Icihttp.exe in CA Gateway Security for HTTP, as used in CA Gateway Security 8.1 before 8.1.0.69 and CA Total Defense r12, does not properly parse URLs, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and daemon crash)… | |||
| CVE-2011-1719 | 0.01 | — | 0.12 | Apr 27, 2011 | Multiple stack-based buffer overflows in the Web Viewer ActiveX controls in CA Output Management Web Viewer 11.0 and 11.5 allow remote attackers to execute arbitrary code via (1) a long SRC property value to the PPSViewer ActiveX control in PPSView.ocx before 1.0.0.7 or (2) a… | |||
| CVE-2011-1655 | 0.01 | — | 0.12 | Apr 18, 2011 | The management.asmx module in the Management Web Service in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 sends a cleartext response to unspecified getDBConfigSettings requests, which makes it easier for remote attackers to obtain database… | |||
| CVE-2011-1654 | 0.01 | — | 0.11 | Apr 18, 2011 | Directory traversal vulnerability in the Heartbeat Web Service in CA.Itm.Server.ManagementWS.dll in the Management Server in CA Total Defense (TD) r12 before SE2 allows remote attackers to execute arbitrary code via directory traversal sequences in the GUID parameter in an… | |||
| CVE-2011-0758 | 0.01 | — | 0.08 | Feb 10, 2011 | The eCS component (ECSQdmn.exe) in CA ETrust Secure Content Manager 8.0 and CA Gateway Security 8.1 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted request to port 1882, involving an incorrect integer calculation and a… | |||
| CVE-2010-1223 | 0.01 | — | 0.17 | Apr 7, 2010 | Multiple buffer overflows in CA XOsoft r12.0 and r12.5 allow remote attackers to execute arbitrary code via (1) a malformed request to the ws_man/xosoapapi.asmx SOAP endpoint or (2) a long string to the entry_point.aspx service. | |||
| CVE-2009-3587 | 0.01 | — | 0.08 | Oct 13, 2009 | Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and… | |||
| CVE-2009-2026 | 0.01 | — | 0.08 | Aug 10, 2009 | Stack-based buffer overflow in a token searching function in the dtscore library in Data Transport Services in CA Software Delivery r11.2 C1, C2, C3, and SP4; Unicenter Software Delivery 4.0 C3; CA Advantage Data Transport 3.0 C1; and CA IT Client Manager r12 allows remote… | |||
| CVE-2008-5415 | 0.01 | — | 0.08 | Dec 11, 2008 | The LDBserver service in the server in CA ARCserve Backup 11.1 through 12.0 on Windows allows remote attackers to execute arbitrary code via a handle_t argument to an RPC endpoint in which the argument refers to an incompatible procedure. | |||
| CVE-2008-4399 | 0.01 | — | 0.08 | Oct 14, 2008 | Unspecified vulnerability in the database engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request, related to "insufficient validation." | |||
| CVE-2008-4398 | 0.01 | — | 0.08 | Oct 14, 2008 | Unspecified vulnerability in the tape engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request. | |||
| CVE-2008-3175 | 0.01 | — | 0.14 | Aug 1, 2008 | Integer underflow in rxRPC.dll in the LGServer service in the server in CA ARCserve Backup for Laptops and Desktops 11.0 through 11.5 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted message that triggers a buffer overflow. | |||
| CVE-2008-2541 | 0.01 | — | 0.10 | Jun 4, 2008 | Multiple stack-based buffer overflows in the HTTP Gateway Service (icihttp.exe) in CA eTrust Secure Content Manager 8.0 allow remote attackers to execute arbitrary code or cause a denial of service via long FTP responses, related to (1) the file month field in a LIST command;… | |||
| CVE-2008-2242 | 0.01 | — | 0.15 | May 21, 2008 | Multiple buffer overflows in xdr functions in the server in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allow remote attackers to execute arbitrary code, as demonstrated by a stack-based buffer overflow via a long parameter to the xdr_rwsstring function. | |||
| CVE-2008-2241 | 0.01 | — | 0.12 | May 21, 2008 | Directory traversal vulnerability in caloggerd in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allows remote attackers to append arbitrary data to arbitrary files via directory traversal sequences in unspecified input fields, which are used in log messages. NOTE: this can… | |||
| CVE-2008-1786 | 0.01 | — | 0.07 | Apr 16, 2008 | The DSM gui_cm_ctrls ActiveX control (gui_cm_ctrls.ocx), as used in multiple CA products including BrightStor ARCServe Backup for Laptops and Desktops r11.5, Desktop Management Suite r11.1 through r11.2 C2; Unicenter r11.1 through r11.2 C2; and Desktop and Server Management… | |||
| CVE-2007-5328 | 0.01 | — | 0.07 | Oct 13, 2007 | The Message Engine RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows attackers to execute arbitrary code by using certain "insecure method calls" to modify the file system and registry, aka "Privileged function exposure." | |||
| CVE-2007-5325 | 0.01 | — | 0.12 | Oct 13, 2007 | Multiple buffer overflows in (1) the Message Engine and (2) AScore.dll in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allow remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2007-5326 | 0.01 | — | 0.12 | Oct 13, 2007 | Multiple buffer overflows in (1) RPC and (2) rpcx.dll in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allow remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2007-5330 | 0.01 | — | 0.13 | Oct 13, 2007 | The cadbd RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to (1) execute arbitrary code via stack-based buffer overflows in unspecified RPC procedures, and (2) trigger memory corruption related to the use of… | |||
| CVE-2007-5331 | 0.01 | — | 0.10 | Oct 13, 2007 | Queue.dll for the message queuing service (LQserver.exe) in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to execute arbitrary code via a malformed ONRPC protocol request for operation 0x76, which causes ARCserve Backup… | |||
| CVE-2007-5327 | 0.01 | — | 0.16 | Oct 13, 2007 | Stack-based buffer overflow in the RPC interface for the Message Engine (mediasvr.exe) in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to execute arbitrary code via a long argument in the 0x10d opnum. | |||
| CVE-2007-5004 | 0.01 | — | 0.09 | Oct 1, 2007 | Integer overflow in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allows remote attackers to execute arbitrary code via a long username and a certain "useless" password. | |||
| CVE-2007-5083 | 0.01 | — | 0.19 | Oct 1, 2007 | Multiple integer overflows in Computer Associates (CA) BrightStor Hierarchical Storage Manager (HSM) before r11.6 allow remote attackers to execute arbitrary code via unspecified CsAgent service commands that trigger a heap-based buffer overflow. | |||
| CVE-2007-3302 | 0.01 | — | 0.11 | Jul 26, 2007 | The CallCode ActiveX control in caller.dll 3.0 before 20070713, and 3.0 SP1 before 3.0.5.81, in CA (formerly Computer Associates) eTrust Intrusion Detection allows remote attackers to load arbitrary DLLs on a client system, and execute code from these DLLs, via unspecified… | |||
| CVE-2007-3825 | 0.01 | — | 0.14 | Jul 18, 2007 | Multiple stack-based buffer overflows in the RPC implementation in alert.exe before 8.0.255.0 in CA (formerly Computer Associates) Alert Notification Server, as used in Threat Manager for the Enterprise, Protection Suites, certain BrightStor ARCserve products, and BrightStor… | |||
| CVE-2007-3338 | 0.01 | — | 0.07 | Jun 22, 2007 | Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allow remote attackers to execute arbitrary code via the (1) uuid_from_char or (2) duve_get_args functions. | |||
| CVE-2007-1447 | 0.01 | — | 0.14 | Mar 16, 2007 | The Tape Engine in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC procedure arguments, which result in memory corruption, a different… | |||
| CVE-2007-1005 | 0.01 | — | 0.07 | Mar 2, 2007 | Heap-based buffer overflow in SW3eng.exe in the eID Engine service in CA (formerly Computer Associates) eTrust Intrusion Detection 3.0.5.57 and earlier allows remote attackers to cause a denial of service (application crash) via a long key length value to the remote… | |||
| CVE-2006-5171 | 0.01 | — | 0.16 | Jan 16, 2007 | Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the… | |||
| CVE-2006-5172 | 0.01 | — | 0.15 | Jan 16, 2007 | Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the… | |||
| CVE-2006-5142 | 0.01 | — | 0.12 | Oct 10, 2006 | Stack-based buffer overflow in CA BrightStor ARCserve Backup R11.5 client and server allows remote attackers to execute arbitrary code via long messages to the CheyenneDS Mailslot. | |||
| CVE-2005-3653 | 0.01 | — | 0.19 | Dec 31, 2005 | Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field. | |||
| CVE-2005-2669 | 0.01 | — | 0.07 | Aug 23, 2005 | Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows remote attackers to execute arbitrary commands via spoofed CAFT packets. | |||
| CVE-2005-1693 | 0.01 | — | 0.07 | May 24, 2005 | Integer overflow in Computer Associates Vet Antivirus library, as used by CA InoculateIT 6.0, eTrust Antivirus r6.0 through 7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, BrightStor ARCserve Backup (BAB) r11.1, Vet… | |||
| CVE-2023-21391 | 0.00 | — | 0.00 | Oct 30, 2023 | In Messaging, there is a possible way to disable the messaging application due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2023-1492 | 0.00 | — | 0.00 | Mar 18, 2023 | A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It has been declared as problematic. This vulnerability affects the function 0x220019 in the library MaxProc64.sys of the component IoControlCode Handler. The manipulation of the argument SystemBuffer leads to… | |||
| CVE-2023-1491 | 0.00 | — | 0.00 | Mar 18, 2023 | A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It has been classified as critical. This affects the function 0x220020 in the library MaxCryptMon.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. Local access is… | |||
| CVE-2023-1490 | 0.00 | — | 0.00 | Mar 18, 2023 | A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1 and classified as critical. Affected by this issue is the function 0x220020 in the library SDActMon.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. An attack has to… | |||
| CVE-2022-1400 | 0.00 | — | 0.01 | Aug 16, 2022 | Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00. | |||
| CVE-2022-1399 | 0.00 | — | 0.01 | Aug 16, 2022 | An Argument Injection or Modification vulnerability in the "Change Secret" username field as used in the Discovery component of Device42 CMDB allows a local attacker to run arbitrary code on the appliance with root privileges. This issue affects: Device42 CMDB version 18.01.00… | |||
| CVE-2005-10001 | 0.00 | — | 0.01 | Mar 28, 2022 | A vulnerability was found in Netegrity SiteMinder up to 4.5.1 and classified as critical. Affected by this issue is the file /siteminderagent/pwcgi/smpwservicescgi.exe of the component Login. The manipulation of the argument target leads to an open redirect. The exploit has been… | |||
| CVE-2022-23992 | 0.00 | — | 0.02 | Feb 14, 2022 | XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated privileges. | |||
| CVE-2021-28250 | 0.00 | — | 0.00 | Mar 26, 2021 | CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid (and/or setgid) file. When a component is run as an argument of the runpicEhealth executable, the script code will be executed as the ehealth user. NOTE: This vulnerability only… | |||
| CVE-2021-28248 | 0.00 | — | 0.01 | Mar 26, 2021 | CA eHealth Performance Manager through 6.3.2.12 is affected by Improper Restriction of Excessive Authentication Attempts. An attacker is able to perform an arbitrary number of /web/frames/ authentication attempts using different passwords, and eventually gain access to a… | |||
| CVE-2021-28249 | 0.00 | — | 0.00 | Mar 26, 2021 | CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. To exploit the vulnerability, the ehealth user must create a malicious library in the writable RPATH, to be dynamically linked when the… | |||
| CVE-2021-28247 | 0.00 | — | 0.01 | Mar 26, 2021 | CA eHealth Performance Manager through 6.3.2.12 is affected by Cross Site Scripting (XSS). The impact is: An authenticated remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and perform a Reflected Cross-Site Scripting… | |||
| CVE-2021-28246 | 0.00 | — | 0.00 | Mar 26, 2021 | CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user must create a malicious library in the writable RPATH, to be dynamically linked when the emtgtctl2 executable is run. The code in… |
- CVE-2007-2863Jun 6, 2007risk 0.02cvss —epss 0.23
Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a long filename in a .CAB file.
- CVE-2007-2522May 11, 2007risk 0.02cvss —epss 0.27
Stack-based buffer overflow in the inoweb Console Server in CA Anti-Virus for the Enterprise r8, Threat Manager r8, Anti-Spyware for the Enterprise r8, and Protection Suites r3 allows remote attackers to execute arbitrary code via a long (1) username or (2) password.
- CVE-2011-2667Jul 28, 2011risk 0.01cvss —epss 0.16
Icihttp.exe in CA Gateway Security for HTTP, as used in CA Gateway Security 8.1 before 8.1.0.69 and CA Total Defense r12, does not properly parse URLs, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and daemon crash)…
- CVE-2011-1719Apr 27, 2011risk 0.01cvss —epss 0.12
Multiple stack-based buffer overflows in the Web Viewer ActiveX controls in CA Output Management Web Viewer 11.0 and 11.5 allow remote attackers to execute arbitrary code via (1) a long SRC property value to the PPSViewer ActiveX control in PPSView.ocx before 1.0.0.7 or (2) a…
- CVE-2011-1655Apr 18, 2011risk 0.01cvss —epss 0.12
The management.asmx module in the Management Web Service in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 sends a cleartext response to unspecified getDBConfigSettings requests, which makes it easier for remote attackers to obtain database…
- CVE-2011-1654Apr 18, 2011risk 0.01cvss —epss 0.11
Directory traversal vulnerability in the Heartbeat Web Service in CA.Itm.Server.ManagementWS.dll in the Management Server in CA Total Defense (TD) r12 before SE2 allows remote attackers to execute arbitrary code via directory traversal sequences in the GUID parameter in an…
- CVE-2011-0758Feb 10, 2011risk 0.01cvss —epss 0.08
The eCS component (ECSQdmn.exe) in CA ETrust Secure Content Manager 8.0 and CA Gateway Security 8.1 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted request to port 1882, involving an incorrect integer calculation and a…
- CVE-2010-1223Apr 7, 2010risk 0.01cvss —epss 0.17
Multiple buffer overflows in CA XOsoft r12.0 and r12.5 allow remote attackers to execute arbitrary code via (1) a malformed request to the ws_man/xosoapapi.asmx SOAP endpoint or (2) a long string to the entry_point.aspx service.
- CVE-2009-3587Oct 13, 2009risk 0.01cvss —epss 0.08
Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and…
- CVE-2009-2026Aug 10, 2009risk 0.01cvss —epss 0.08
Stack-based buffer overflow in a token searching function in the dtscore library in Data Transport Services in CA Software Delivery r11.2 C1, C2, C3, and SP4; Unicenter Software Delivery 4.0 C3; CA Advantage Data Transport 3.0 C1; and CA IT Client Manager r12 allows remote…
- CVE-2008-5415Dec 11, 2008risk 0.01cvss —epss 0.08
The LDBserver service in the server in CA ARCserve Backup 11.1 through 12.0 on Windows allows remote attackers to execute arbitrary code via a handle_t argument to an RPC endpoint in which the argument refers to an incompatible procedure.
- CVE-2008-4399Oct 14, 2008risk 0.01cvss —epss 0.08
Unspecified vulnerability in the database engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request, related to "insufficient validation."
- CVE-2008-4398Oct 14, 2008risk 0.01cvss —epss 0.08
Unspecified vulnerability in the tape engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request.
- CVE-2008-3175Aug 1, 2008risk 0.01cvss —epss 0.14
Integer underflow in rxRPC.dll in the LGServer service in the server in CA ARCserve Backup for Laptops and Desktops 11.0 through 11.5 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted message that triggers a buffer overflow.
- CVE-2008-2541Jun 4, 2008risk 0.01cvss —epss 0.10
Multiple stack-based buffer overflows in the HTTP Gateway Service (icihttp.exe) in CA eTrust Secure Content Manager 8.0 allow remote attackers to execute arbitrary code or cause a denial of service via long FTP responses, related to (1) the file month field in a LIST command;…
- CVE-2008-2242May 21, 2008risk 0.01cvss —epss 0.15
Multiple buffer overflows in xdr functions in the server in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allow remote attackers to execute arbitrary code, as demonstrated by a stack-based buffer overflow via a long parameter to the xdr_rwsstring function.
- CVE-2008-2241May 21, 2008risk 0.01cvss —epss 0.12
Directory traversal vulnerability in caloggerd in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allows remote attackers to append arbitrary data to arbitrary files via directory traversal sequences in unspecified input fields, which are used in log messages. NOTE: this can…
- CVE-2008-1786Apr 16, 2008risk 0.01cvss —epss 0.07
The DSM gui_cm_ctrls ActiveX control (gui_cm_ctrls.ocx), as used in multiple CA products including BrightStor ARCServe Backup for Laptops and Desktops r11.5, Desktop Management Suite r11.1 through r11.2 C2; Unicenter r11.1 through r11.2 C2; and Desktop and Server Management…
- CVE-2007-5328Oct 13, 2007risk 0.01cvss —epss 0.07
The Message Engine RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows attackers to execute arbitrary code by using certain "insecure method calls" to modify the file system and registry, aka "Privileged function exposure."
- CVE-2007-5325Oct 13, 2007risk 0.01cvss —epss 0.12
Multiple buffer overflows in (1) the Message Engine and (2) AScore.dll in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allow remote attackers to execute arbitrary code via unspecified vectors.
- CVE-2007-5326Oct 13, 2007risk 0.01cvss —epss 0.12
Multiple buffer overflows in (1) RPC and (2) rpcx.dll in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allow remote attackers to execute arbitrary code via unspecified vectors.
- CVE-2007-5330Oct 13, 2007risk 0.01cvss —epss 0.13
The cadbd RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to (1) execute arbitrary code via stack-based buffer overflows in unspecified RPC procedures, and (2) trigger memory corruption related to the use of…
- CVE-2007-5331Oct 13, 2007risk 0.01cvss —epss 0.10
Queue.dll for the message queuing service (LQserver.exe) in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to execute arbitrary code via a malformed ONRPC protocol request for operation 0x76, which causes ARCserve Backup…
- CVE-2007-5327Oct 13, 2007risk 0.01cvss —epss 0.16
Stack-based buffer overflow in the RPC interface for the Message Engine (mediasvr.exe) in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to execute arbitrary code via a long argument in the 0x10d opnum.
- CVE-2007-5004Oct 1, 2007risk 0.01cvss —epss 0.09
Integer overflow in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allows remote attackers to execute arbitrary code via a long username and a certain "useless" password.
- CVE-2007-5083Oct 1, 2007risk 0.01cvss —epss 0.19
Multiple integer overflows in Computer Associates (CA) BrightStor Hierarchical Storage Manager (HSM) before r11.6 allow remote attackers to execute arbitrary code via unspecified CsAgent service commands that trigger a heap-based buffer overflow.
- CVE-2007-3302Jul 26, 2007risk 0.01cvss —epss 0.11
The CallCode ActiveX control in caller.dll 3.0 before 20070713, and 3.0 SP1 before 3.0.5.81, in CA (formerly Computer Associates) eTrust Intrusion Detection allows remote attackers to load arbitrary DLLs on a client system, and execute code from these DLLs, via unspecified…
- CVE-2007-3825Jul 18, 2007risk 0.01cvss —epss 0.14
Multiple stack-based buffer overflows in the RPC implementation in alert.exe before 8.0.255.0 in CA (formerly Computer Associates) Alert Notification Server, as used in Threat Manager for the Enterprise, Protection Suites, certain BrightStor ARCserve products, and BrightStor…
- CVE-2007-3338Jun 22, 2007risk 0.01cvss —epss 0.07
Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allow remote attackers to execute arbitrary code via the (1) uuid_from_char or (2) duve_get_args functions.
- CVE-2007-1447Mar 16, 2007risk 0.01cvss —epss 0.14
The Tape Engine in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC procedure arguments, which result in memory corruption, a different…
- CVE-2007-1005Mar 2, 2007risk 0.01cvss —epss 0.07
Heap-based buffer overflow in SW3eng.exe in the eID Engine service in CA (formerly Computer Associates) eTrust Intrusion Detection 3.0.5.57 and earlier allows remote attackers to cause a denial of service (application crash) via a long key length value to the remote…
- CVE-2006-5171Jan 16, 2007risk 0.01cvss —epss 0.16
Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the…
- CVE-2006-5172Jan 16, 2007risk 0.01cvss —epss 0.15
Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the…
- CVE-2006-5142Oct 10, 2006risk 0.01cvss —epss 0.12
Stack-based buffer overflow in CA BrightStor ARCserve Backup R11.5 client and server allows remote attackers to execute arbitrary code via long messages to the CheyenneDS Mailslot.
- CVE-2005-3653Dec 31, 2005risk 0.01cvss —epss 0.19
Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field.
- CVE-2005-2669Aug 23, 2005risk 0.01cvss —epss 0.07
Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows remote attackers to execute arbitrary commands via spoofed CAFT packets.
- CVE-2005-1693May 24, 2005risk 0.01cvss —epss 0.07
Integer overflow in Computer Associates Vet Antivirus library, as used by CA InoculateIT 6.0, eTrust Antivirus r6.0 through 7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, BrightStor ARCserve Backup (BAB) r11.1, Vet…
- CVE-2023-21391Oct 30, 2023risk 0.00cvss —epss 0.00
In Messaging, there is a possible way to disable the messaging application due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2023-1492Mar 18, 2023risk 0.00cvss —epss 0.00
A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It has been declared as problematic. This vulnerability affects the function 0x220019 in the library MaxProc64.sys of the component IoControlCode Handler. The manipulation of the argument SystemBuffer leads to…
- CVE-2023-1491Mar 18, 2023risk 0.00cvss —epss 0.00
A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It has been classified as critical. This affects the function 0x220020 in the library MaxCryptMon.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. Local access is…
- CVE-2023-1490Mar 18, 2023risk 0.00cvss —epss 0.00
A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1 and classified as critical. Affected by this issue is the function 0x220020 in the library SDActMon.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. An attack has to…
- CVE-2022-1400Aug 16, 2022risk 0.00cvss —epss 0.01
Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00.
- CVE-2022-1399Aug 16, 2022risk 0.00cvss —epss 0.01
An Argument Injection or Modification vulnerability in the "Change Secret" username field as used in the Discovery component of Device42 CMDB allows a local attacker to run arbitrary code on the appliance with root privileges. This issue affects: Device42 CMDB version 18.01.00…
- CVE-2005-10001Mar 28, 2022risk 0.00cvss —epss 0.01
A vulnerability was found in Netegrity SiteMinder up to 4.5.1 and classified as critical. Affected by this issue is the file /siteminderagent/pwcgi/smpwservicescgi.exe of the component Login. The manipulation of the argument target leads to an open redirect. The exploit has been…
- CVE-2022-23992Feb 14, 2022risk 0.00cvss —epss 0.02
XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated privileges.
- CVE-2021-28250Mar 26, 2021risk 0.00cvss —epss 0.00
CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid (and/or setgid) file. When a component is run as an argument of the runpicEhealth executable, the script code will be executed as the ehealth user. NOTE: This vulnerability only…
- CVE-2021-28248Mar 26, 2021risk 0.00cvss —epss 0.01
CA eHealth Performance Manager through 6.3.2.12 is affected by Improper Restriction of Excessive Authentication Attempts. An attacker is able to perform an arbitrary number of /web/frames/ authentication attempts using different passwords, and eventually gain access to a…
- CVE-2021-28249Mar 26, 2021risk 0.00cvss —epss 0.00
CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. To exploit the vulnerability, the ehealth user must create a malicious library in the writable RPATH, to be dynamically linked when the…
- CVE-2021-28247Mar 26, 2021risk 0.00cvss —epss 0.01
CA eHealth Performance Manager through 6.3.2.12 is affected by Cross Site Scripting (XSS). The impact is: An authenticated remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and perform a Reflected Cross-Site Scripting…
- CVE-2021-28246Mar 26, 2021risk 0.00cvss —epss 0.00
CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user must create a malicious library in the writable RPATH, to be dynamically linked when the emtgtctl2 executable is run. The code in…
Page 3 of 6