aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6640 items

CVE-2011-3553: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and ear

infovulnerability
security
Oct 19, 2011
CVE-2011-3553

CVE-2011-3553 is a vulnerability in Oracle Java SE (the Java programming language and runtime environment) affecting versions JDK and JRE 7, 6 Update 27 and earlier, as well as JRockit R28.1.4 and earlier. The vulnerability is related to JAXWS (a Java component for web services) and allows remote authenticated users (those with login credentials) to compromise confidentiality (the secrecy of data). The exact details of the vulnerability are not publicly specified in this disclosure.

NVD/CVE Database

CVE-2011-1209: IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.17 uses a weak WS-Security XML encryptio

infovulnerability
security
May 4, 2011
CVE-2011-1209

IBM WebSphere Application Server (WAS) versions 6.1 before 6.1.0.39 and 7.0 before 7.0.0.17 use a weak encryption algorithm in WS-Security (a security standard for XML-based web services). This weakness allows remote attackers to decrypt sensitive data from web service requests through a decryption attack, potentially exposing plaintext information.

CVE-2010-4470: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23, and

infovulnerability
security
Feb 17, 2011
CVE-2010-4470

CVE-2010-4470 is an unspecified vulnerability in Oracle Java SE and Java for Business version 6 Update 23 and earlier that allows remote attackers to cause availability problems (making systems unavailable or unresponsive) through unknown attack methods related to JAXP (Java API for XML Processing, a tool for handling XML files) and unspecified APIs (pre-built functions). The exact details of how the vulnerability works remain unclear.

CVE-2010-0786: The Web Services Security component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 does not properly impl

infovulnerability
security
Nov 9, 2010
CVE-2010-0786

A flaw in the Web Services Security component of IBM WebSphere Application Server (WAS) version 7.0 before 7.0.0.13 fails to properly implement JAX-WS (Java API for XML Web Services, a standard for building web services in Java). Remote attackers can exploit this by sending a specially crafted JAX-WS request to cause a denial of service attack (a disruption where the system becomes unavailable or corrupts data).

CVE-2010-3186: IBM WebSphere Application Server (WAS) 7.x before 7.0.0.13, and WebSphere Application Server Feature Pack for Web Servic

infovulnerability
security
Aug 30, 2010
CVE-2010-3186

IBM WebSphere Application Server (WAS) versions 7.x before 7.0.0.13 and the Web Services Feature Pack versions 6.1.0.9 through 6.1.0.32 have a vulnerability in how they handle the IncludeTimestamp setting in WS-Security policy (a security standard for web services) when JAX-WS applications are used. This vulnerability can be exploited remotely, though the exact impact is not specified.

CVE-2010-1797: Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpr

infovulnerability
security
Aug 16, 2010
CVE-2010-1797EPSS: 48.4%

CVE-2010-2973: Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone and iPod touch, and before 3.2.2 on the iPad, allo

infovulnerability
security
Aug 5, 2010
CVE-2010-2973

An integer overflow (a bug where a number gets too large for its storage space, causing unexpected behavior) in IOSurface (a system component that manages graphics memory) affects Apple iOS versions before 4.0.2 on iPhone and iPod touch, and before 3.2.2 on iPad. This vulnerability allows local users (those with access to the device) to gain elevated privileges (higher-level control) through IOSurface properties, as demonstrated by the JailbreakMe exploit.

CVE-2010-2594: Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare A

infovulnerability
security
Jul 2, 2010
CVE-2010-2594

InterSect Alliance Snare Agent and Snare Epilog software contain multiple CSRF vulnerabilities (cross-site request forgery, a type of attack where an attacker tricks a logged-in user into performing unwanted actions). These vulnerabilities in the web management interface allow attackers to hijack administrator authentication to change passwords or listening ports across multiple versions on different operating systems.

CVE-2010-0774: The (1) JAX-RPC WS-Security 1.0 and (2) JAX-WS runtime implementations in IBM WebSphere Application Server (WAS) 6.0 bef

infovulnerability
security
May 17, 2010
CVE-2010-0774

IBM WebSphere Application Server (WAS, a Java application server platform) versions 6.0, 6.1, and 7.0 contain a vulnerability in how they handle WebServices PKCS#7 and PKIPath tokens (digital security credentials used to verify identity). This flaw allows remote attackers (people accessing the system from the internet) to bypass access restrictions that should protect the system.

CVE-2010-1874: SQL injection vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote a

infovulnerability
security
May 12, 2010
CVE-2010-1874

A SQL injection vulnerability (CWE-89, a weakness where attackers insert malicious SQL commands into user input) was found in the Real Estate Property component version 3.1.22-03 for Joomla! (a website building platform). Remote attackers could exploit this by sending specially crafted requests to the aid parameter in an agentlisting action, allowing them to execute arbitrary SQL commands on the server.

CVE-2010-1873: SQL injection vulnerability in the Jvehicles (com_jvehicles) component 1.0, 2.0, and 2.1111 for Joomla! allows remote at

infovulnerability
security
May 12, 2010
CVE-2010-1873

A SQL injection vulnerability (CWE-89, a flaw where attackers insert malicious SQL code into input fields) was found in the Jvehicles component versions 1.0, 2.0, and 2.1111 for Joomla, a website building platform. Attackers could exploit this by sending specially crafted input through the 'aid' parameter to execute arbitrary SQL commands (direct database instructions) on affected servers.

CVE-2010-0888: Unspecified vulnerability in the Sun Ray Server Software component in Oracle Sun Product Suite 4.0, 4.1, and 4.2 allows

infovulnerability
security
Apr 13, 2010
CVE-2010-0888

CVE-2010-0888 is an unspecified vulnerability in Sun Ray Server Software (a component of Oracle Sun Product Suite versions 4.0, 4.1, and 4.2) that allows remote attackers to compromise confidentiality (keeping data secret), integrity (keeping data accurate), and availability (keeping services running) through unknown methods related to Device Services. The vulnerability details are not fully documented, and a CVSS score (a 0-10 rating of how severe a vulnerability is) has not been assigned by NIST.

CVE-2010-1347: Director Agent 6.1 before 6.1.2.3 in IBM Systems Director on AIX and Linux uses incorrect permissions for the (1) diruni

infovulnerability
security
Apr 12, 2010
CVE-2010-1347

CVE-2010-1347 is a privilege escalation vulnerability (a security flaw that lets an attacker gain higher-level access to a system) in IBM Systems Director version 6.1 before 6.1.2.3 on AIX and Linux systems. The vulnerability exists because two scripts, diruninstall and opt/ibm/director/bin/wcitinst, have incorrect file permissions (settings that control who can access or run files), allowing local users to execute these scripts and gain elevated privileges.

CVE-2010-1043: Directory traversal vulnerability in index.php in jaxCMS 1.0 allows remote attackers to include and execute arbitrary lo

infovulnerability
security
Mar 23, 2010
CVE-2010-1043

CVE-2010-1043 is a directory traversal vulnerability (a flaw where attackers can navigate outside intended directories using sequences like "../") in jaxCMS 1.0 that allows remote attackers to include and execute arbitrary local files through the p parameter in index.php. This vulnerability has a CVSS score of 4.0 (a 0-10 rating of how severe a vulnerability is), indicating moderate severity.

CVE-2010-0971: Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.6.4 allow remote authenticated users, with Instructor pr

infovulnerability
security
Mar 16, 2010
CVE-2010-0971

ATutor version 1.6.4 has multiple XSS vulnerabilities (cross-site scripting, where an attacker injects malicious code into web pages). Users with Instructor privileges can inject arbitrary scripts or HTML through several input fields in different parts of the application, including polls, groups, and assignments.

CVE-2009-4447: Jax Guestbook 3.5.0 allows remote attackers to bypass authentication and modify administrator settings via a direct requ

infovulnerability
security
Dec 29, 2009
CVE-2009-4447

Jax Guestbook version 3.5.0 has a vulnerability that allows attackers to skip authentication (the process of verifying who you are) and change administrator settings by directly accessing the admin/guestbook.admin.php file. This is classified as a CWE-287 weakness, meaning the software's authentication mechanism is broken.

CVE-2009-4314: Sun Ray Server Software 4.1 on Solaris 10, when Automatic Multi-Group Hotdesking (AMGH) is enabled, responds to a logout

infovulnerability
security
Dec 14, 2009
CVE-2009-4314

Sun Ray Server Software 4.1 on Solaris 10 has a vulnerability where enabling Automatic Multi-Group Hotdesking (AMGH, a feature that automatically logs users back in after logout) causes users to be immediately logged in again after logging out. This makes it easier for an attacker who is physically near an unattended device to gain access to someone else's session.

CVE-2009-4295: Sun Ray Server Software 4.0 and 4.1 does not generate a unique DSA private key for the firmware on each Sun Ray 1, 1g, 1

infovulnerability
security
Dec 11, 2009
CVE-2009-4295

Sun Ray Server Software versions 4.0 and 4.1 fail to create unique DSA private keys (cryptographic codes used to encrypt data) for each Sun Ray device, making it easier for attackers to predict these keys and decrypt network traffic they intercept. This vulnerability affects Sun Ray 1, 1g, 100, and 150 DTU (desktop terminal unit, a thin client device) models.

CVE-2009-4294: Unspecified vulnerability in the Authentication Manager (aka utauthd) in Sun Ray Server Software 4.0 and 4.1 allows remo

infovulnerability
security
Dec 11, 2009
CVE-2009-4294

CVE-2009-4294 is a vulnerability in Sun Ray Server Software versions 4.0 and 4.1 that affects the Authentication Manager (a service called utauthd, which verifies user identities). Remote attackers could exploit this flaw through unknown methods to either run arbitrary code (commands they choose) on the affected system or crash it.

CVE-2008-7024: admin.php in Arz Development The Gemini Portal 4.7 and earlier allows remote attackers to bypass authentication and gain

infovulnerability
security
Aug 21, 2009
CVE-2008-7024

CVE-2008-7024 is a critical authentication bypass vulnerability in Arz Development The Gemini Portal version 4.7 and earlier. An attacker can gain administrator privileges by manipulating cookies (small files that store user information) and parameters, specifically by setting the user cookie to "admin" and the name parameter to "users." This allows unauthorized access to admin functions without needing a valid password.

Previous330 / 332Next

Fix: Upgrade IBM WebSphere Application Server to version 6.1.0.39 or later (for version 6.1 users) or version 7.0.0.17 or later (for version 7.0 users).

NVD/CVE Database

Fix: Oracle released patches in February 2011 and April 2011 CPU (critical patch updates, regular security fix packages). Users should update to patched versions available through Oracle's security advisories at http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html and http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html, or apply vendor-specific patches from distributors like Red Hat, Debian, Mandriva, Fedora, and Gentoo referenced in the source.

NVD/CVE Database

Fix: Update IBM WebSphere Application Server 7.0 to version 7.0.0.13 or later.

NVD/CVE Database
NVD/CVE Database

A vulnerability existed in FreeType (a font-rendering library) where specially crafted CFF fonts (a type of compressed font format) embedded in PDF documents could cause stack-based buffer overflows (when data written to memory exceeds allocated space and corrupts adjacent data), potentially allowing attackers to run arbitrary code or crash systems. This affected Apple iOS devices before version 4.0.2 on iPhones and iPod touches, and before 3.2.2 on iPads.

Fix: Update FreeType to version 2.4.2 or later. Update Apple iOS to version 4.0.2 or later on iPhone and iPod touch, or version 3.2.2 or later on iPad.

NVD/CVE Database

Fix: Update to iOS 4.0.2 or later on iPhone and iPod touch, or iOS 3.2.2 or later on iPad.

NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database

Fix: Patches are available at http://sunsolve.sun.com/search/document.do?assetkey=1-21-139548-03-1 and http://sunsolve.sun.com/search/document.do?assetkey=1-66-268228-1.

NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database