VYPR

Vendor CVEs

Ca

All CVEs

260 total · sorted by risk
  • CVE-2008-2926Aug 12, 2008
    risk 0.00cvss epss 0.00

    The kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, does not properly verify IOCTL requests, which allows local users to cause a denial of service (system crash) or possibly gain privileges via…

  • CVE-2008-3174Aug 12, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, allows remote attackers to cause a denial of service via unknown vectors, related to "insufficient validation."

  • CVE-2008-1984Apr 27, 2008
    risk 0.00cvss epss 0.03

    The eTrust Common Services (Transport) Daemon (eCSqdmn) in CA Secure Content Manager 8.0.28000.511 and earlier allows remote attackers to cause a denial of service (crash or CPU consumption) via a malformed packet to TCP port 1882.

  • CVE-2008-1329Apr 7, 2008
    risk 0.00cvss epss 0.06

    Unspecified vulnerability in the NetBackup service in CA ARCserve Backup for Laptops and Desktops r11.0 through r11.5, and Suite 11.1 and 11.2, allows remote attackers to execute arbitrary commands, related to "insufficient verification of file uploads."

  • CVE-2007-6406Dec 17, 2007
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in CA (formerly Computer Associates) eTrust Threat Management Console allow remote attackers to inject arbitrary web script or HTML via the IP Address field and other unspecified fields.

  • CVE-2007-5472Oct 22, 2007
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the Server component in CA Host-Based Intrusion Prevention System (HIPS) before 8.0.0.93 allows remote attackers to inject arbitrary web script or HTML via requests that are written to logs for later display in the log viewer.

  • CVE-2007-5435Oct 13, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in CA ERwin Process Modeler (formerly AllFusion Process Modeler) 7.2 might allow user-assisted remote attackers to cause a denial of service via a crafted Data Standards File (Datatype Standards File).

  • CVE-2007-5439Oct 13, 2007
    risk 0.00cvss epss 0.02

    CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 stores sensitive user information in log files with predictable names, which allows remote attackers to obtain this information via unspecified vectors.

  • CVE-2007-5437Oct 13, 2007
    risk 0.00cvss epss 0.03

    The web console in CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 allows remote attackers to redirect users to arbitrary web sites via a crafted HTTP URL on port 6689.

  • CVE-2007-5329Oct 13, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in dbasvr in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, has unknown impact and attack vectors related to memory corruption.

  • CVE-2007-5005Oct 1, 2007
    risk 0.00cvss epss 0.05

    Directory traversal vulnerability in rxRPC.dll in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allows remote attackers to upload and overwrite arbitrary files via a ..\ (dot dot backslash) sequence in the destination filename…

  • CVE-2007-5084Oct 1, 2007
    risk 0.00cvss epss 0.02

    Multiple SQL injection vulnerabilities in Computer Associates (CA) BrightStor Hierarchical Storage Manager (HSM) before r11.6 allow remote attackers to execute arbitrary SQL commands via CsAgent service commands with opcodes (1) 0x07, (2) 0x08, (3) 0x09, (4) 0x1E, (5) 0x32, (6)…

  • CVE-2007-3875Jul 26, 2007
    risk 0.00cvss epss 0.04

    arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) 8 and certain other CA products allows remote attackers to cause a denial of service (infinite loop and loss of antivirus functionality) via an invalid "previous listing chunk number" field in a CHM file.

  • CVE-2007-3696Jul 11, 2007
    risk 0.00cvss epss 0.02

    CA ERwin Data Model Validator (formerly AllFusion Data Model Validator) allows remote attackers to (1) cause a denial of service (application hang) via a malformed .EXP database file and (2) cause a denial of service (aaplication crash) via a crafted .EXP database file, which…

  • CVE-2007-3695Jul 11, 2007
    risk 0.00cvss epss 0.04

    Buffer overflow in LICRCMD.EXE in CA ERwin Process Modeler (formerly AllFusion Process Modeler) 7.1 allows attackers to execute arbitrary code via a long filename. NOTE: the researcher does not suggest any circumstances in which the filename would come from an untrusted source,…

  • CVE-2007-2230Apr 25, 2007
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in CA Clever Path Portal allows remote authenticated users to execute limited SQL commands and retrieve arbitrary database contents via (1) the ofinterest parameter in a light search query, (2) description parameter in the advanced search query, and…

  • CVE-2007-1448Mar 16, 2007
    risk 0.00cvss epss 0.01

    The Tape Engine in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to cause a denial of service (disabled interface) by calling an unspecified RPC function.

  • CVE-2007-1345Mar 10, 2007
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in cube.exe in the GINA component for CA (Computer Associates) eTrust Admin 8.1.0 through 8.1.2 allows attackers with physical interactive or Remote Desktop access to bypass authentication and gain privileges via the password reset interface.

  • CVE-2007-0673Feb 3, 2007
    risk 0.00cvss epss 0.03

    LGSERVER.EXE in BrightStor ARCserve Backup for Laptops & Desktops r11.1 allows remote attackers to cause a denial of service (daemon crash) via a value of 0xFFFFFFFF at a certain point in an authentication negotiation packet, which results in an out-of-bounds read.

  • CVE-2007-0672Feb 3, 2007
    risk 0.00cvss epss 0.03

    LGSERVER.EXE in BrightStor Mobile Backup 4.0 allows remote attackers to cause a denial of service (disk consumption and daemon hang) via a value of 0xFFFFFF7F at a certain point in an authentication negotiation packet, which writes a large amount of data to a .USX file in…

  • CVE-2006-6641Dec 20, 2006
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in CA CleverPath Portal before maintenance version 4.71.001_179_060830, as used in multiple products including BrightStor Portal r11.1, CleverPath Aion BPM r10 through r10.2, eTrust Security Command Center r1 and r8, and Unicenter, does not properly…

  • CVE-2006-6496Dec 13, 2006
    risk 0.00cvss epss 0.00

    The (1) VetMONNT.sys and (2) VetFDDNT.sys drivers in CA Anti-Virus 2007 8.1, Anti-Virus for Vista Beta 8.2, and CA Internet Security Suite 2007 v3.0 do not properly handle NULL buffers, which allows local users with administrative access to cause a denial of service (system…

  • CVE-2006-3975Aug 4, 2006
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in CA eTrust Antivirus WebScan allows remote attackers to execute arbitrary code due to "improper bounds checking when processing certain user input."

  • CVE-2006-3977Aug 4, 2006
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0.1048 has unknown impact and remote attackers related to "improper processing of outdated WebScan components."

  • CVE-2006-3976Aug 4, 2006
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0.1048 allows remote attackers to install arbitrary files.

  • CVE-2006-3725Jul 21, 2006
    risk 0.00cvss epss 0.00

    Norton Personal Firewall 2006 9.1.0.33 allows local users to cause a denial of service (crash) via certain RegSaveKey, RegRestoreKey and RegDeleteKey operations on the (1) HKLM\SYSTEM\CurrentControlSet\Services\SNDSrvc and (2) HKLM\SYSTEM\CurrentControlSet\Services\SymEvent…

  • CVE-2006-2201May 4, 2006
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in CA Resource Initialization Manager (CAIRIM) 1.x before 20060502, as used in z/OS Common Services and the LMP component in multiple products, allows attackers to violate integrity via a certain "problem state program" that uses SVC to gain access to…

  • CVE-2006-0529Feb 2, 2006
    risk 0.00cvss epss 0.03

    Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 Build 220_16 and 1.11 Build 29_20, as used in multiple CA products, allows remote attackers to cause a denial of service via a crafted message to TCP port 4105.

  • CVE-2006-0530Feb 2, 2006
    risk 0.00cvss epss 0.03

    Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 Build 220_16 and 1.11 Build 29_20, as used in multiple CA products, allows remote attackers to cause a denial of service via spoofed CAM control messages.

  • CVE-2006-0307Jan 19, 2006
    risk 0.00cvss epss 0.04

    The DM Primer in the DM Deployment Common Component in Computer Associates (CA) BrightStor Mobile Backup r4.0, BrightStor ARCserve Backup for Laptops & Desktops r11.0, r11.1, r11.1 SP1, Unicenter Remote Control 6.0, 6.0 SP1, CA Desktop Protection Suite r2, CA Server Protection…

  • CVE-2005-4150Dec 10, 2005
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the portal login page in Computer Associates CleverPath 4.7 allows remote attackers to execute Javascript via unknown vectors.

  • CVE-2005-3372Oct 30, 2005
    risk 0.00cvss epss 0.01

    Multiple interpretation error in eTrust CA 7.0.1.4 with the 11.9.1 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe…

  • CVE-2005-3225Oct 14, 2005
    risk 0.00cvss epss 0.02

    Multiple interpretation error in unspecified versions of (1) eTrust-Iris and (2) eTrust-Vet Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened…

  • CVE-2005-2667Aug 23, 2005
    risk 0.00cvss epss 0.03

    Unknown vulnerability in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows attackers to cause a denial of service via unknown vectors, aka the "CAM TCP port vulnerability."

  • CVE-2005-2204Jul 11, 2005
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Computer Associates (CA) eTrust SiteMinder 5.5, when the "CSSChecking" parameter is set to "NO," allows remote attackers to inject arbitrary web script or HTML via the (1) PASSWORD or (2) BUFFER parameters to smpwservicescgi.exe, (3)…

  • CVE-2005-0642May 2, 2005
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the Query Designer for Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 allows remote attackers to execute arbitrary SQL via an imported file.

  • CVE-2005-0583May 2, 2005
    risk 0.00cvss epss 0.04

    Directory traversal vulnerability in Computer Associates (CA) License Client 0.1.0.15 allows remote attackers to create arbitrary files via .. (dot dot) sequences in a PUTOLF request.

  • CVE-2005-0349May 2, 2005
    risk 0.00cvss epss 0.03

    The production release of the UniversalAgent for UNIX in BrightStor ARCserve Backup 11.1 contains hard-coded credentials, which allows remote attackers to access the file system and possibly execute arbitrary commands.

  • CVE-2005-0968May 2, 2005
    risk 0.00cvss epss 0.02

    Computer Associates (CA) eTrust Intrusion Detection 3.0 allows remote attackers to cause a denial of service via large size values that are not properly validated before calling the CPImportKey function in the Crypto API.

  • CVE-2005-0640Mar 2, 2005
    risk 0.00cvss epss 0.00

    Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 does not properly initialize the "Change Credentials for Database" window, which allows local users to recover the SQL Admin password via certain methods.

  • CVE-2005-0641Mar 2, 2005
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Reporter for Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 allows remote attackers to inject arbitrary HTML or web script via the (1) name or (2) description in a report template.

  • CVE-2004-1149Jan 10, 2005
    risk 0.00cvss epss 0.00

    Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including 7.0.1.4, installs its files with insecure permissions (ACLs), which allows local users to gain privileges by replacing critical programs with malicious ones, as demonstrated using VetMsg.exe.

  • CVE-2004-2305Dec 31, 2004
    risk 0.00cvss epss 0.03

    Computer Associates eTrust Antivirus EE 6.0 through 7.0 allows remote attackers to bypass virus scanning by including a password-protected file in a ZIP file, which causes eTrust to scan only the password protected file and skip the other files.

  • CVE-2004-2478Dec 31, 2004
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot)…

  • CVE-2004-2436Dec 31, 2004
    risk 0.00cvss epss 0.00

    Computer Associates Unicenter Common Services 3.0 and earlier stores the database "SA" password in cleartext in the TndAddNspTmp.bat file, which could allow local users to gain privileges.

  • CVE-2004-1697Sep 21, 2004
    risk 0.00cvss epss 0.02

    The "Forgot your Password" link in Computer Associates (CA) Unicenter Management Portal 2.0 and 3.1 displays different error messages for users that exist and users that do not exist, which could allow remote attackers to guess valid usernames.

  • CVE-2004-0425Aug 18, 2004
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in SiteMinder Affiliate Agent 4.x allows remote attackers to execute arbitrary code via a large SMPROFILE cookie.

  • CVE-2003-0998Jan 5, 2004
    risk 0.00cvss epss 0.00

    Unknown "potential system security vulnerability" in Computer Associates (CA) Unicenter Remote Control 5.0 through 5.2, and ControlIT 5.0 and 5.1, may allow attackers to gain privileges to the local system account.

  • CVE-2003-0997Jan 5, 2004
    risk 0.00cvss epss 0.01

    Unknown "Denial of Service Attack" vulnerability in Computer Associates (CA) Unicenter Remote Control (URC) 6.0 allows attackers to cause a denial of service (CPU consumption in URC host service).

  • CVE-2003-0996Jan 5, 2004
    risk 0.00cvss epss 0.00

    Unknown "System Security Vulnerability" in Computer Associates (CA) Unicenter Remote Control (URC) 6.0 allows attackers to gain privileges via the help interface.

Page 5 of 6