CVE Daily
← All tags

Tag: Express

All CVEs associated with "Express". Page 4/6 • 713 CVEs.

Subscribe CVEs: RSS for “Express”  ·  RSS (High+Critical only)

About “Express”

A curated feed of “Express”-related CVEs appears below. We currently track 713 CVEs for this tag (all time). In the last 365 days, 98 were published. Average CVSS is 6.4 (all time; 6.6 over 365d), and 42% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-352 - Cross-Site Request Forgery (CSRF), CWE-306 - Missing Authentication for Critical Function.

In our taxonomy this topic maps to a LOW impact class. Language runtimes and libraries cascade through dependency graphs. Upgrade runtime and toolchain, pin versions, rebuild images, and enable SAST or DAST and linters. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2017-01-26
Medium

CVE-2016-9220

A Denial of Service Vulnerability in 802.11 ingress packet processing of the Cisco Mobility Express 2800 and 3800 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause the co…

CVSS: 4.3 CWE: CWE-399 View on NVD
2016-11-10
High

CVE-2016-7490

The installation script studioexpressinstall for Teradata Studio Express 15.12.00.00 creates files in /tmp insecurely. A malicious local user could create a symlink in /tmp and possibly clobber syste…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2016-10-06
High

CVE-2016-6427

Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote atta…

CVSS: 8.8 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2016-6425

Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers t…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2016-10-05
High

CVE-2016-6426

The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
2016-07-21
Medium

CVE-2016-3467

Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0.4 allows remote attackers to affect availability via unknown vectors.

CVSS: 5.8 CWE: N/A View on NVD
Medium

CVE-2016-3448

Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0.4 allows remote attackers to affect confidentiality and integrity via unknown vectors.

CVSS: 6.1 CWE: N/A View on NVD
2016-03-24
High

CVE-2016-1347

The Wide Area Application Services (WAAS) Express implementation in Cisco IOS 15.1 through 15.5 allows remote attackers to cause a denial of service (device reload) via a crafted TCP segment, aka Bug…

CVSS: 7.5 CWE: CWE-399 View on NVD
2016-03-17
Medium

CVE-2016-1992

HPE ArcSight ESM before 6.8c, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to obtain sensitive information via unspecified vectors.

CVSS: 6.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2016-03-16
High

CVE-2016-1991

HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to conduct unspecified "file download…

CVSS: 8.0 CWE: N/A View on NVD
High

CVE-2016-1990

HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows local users to gain privileges for command execution via unspeci…

CVSS: 7.8 CWE: CWE-264 View on NVD
2016-02-09
Medium

CVE-2016-1319

Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified C…

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2016-02-07
Medium

CVE-2016-1307

The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an…

CVSS: 5.4 CWE: CWE-255 View on NVD
2016-01-26
Medium

CVE-2016-1298

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Contact Center Express 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via ve…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2015-09-21
High

CVE-2015-6923

The ndvbs module in VBox Communications Satellite Express Protocol 2.3.17.3 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x00000ffd ioctl call.

CVSS: 7.2 CWE: N/A View on NVD
2015-07-16
Medium

CVE-2015-2655

Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.3.00.08 allows remote authenticated users to affect confidentiality and integrity via unknown vecto…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2015-2614

Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to NVM Express SSD driver.

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2015-2586

Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.1 allows remote attackers to affect availability via unknown vectors.

CVSS: 4.3 CWE: N/A View on NVD
Low

CVE-2015-2585

Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0 allows remote authenticated users to affect availability via unknown vectors.

CVSS: 2.1 CWE: N/A View on NVD
2015-06-08
Medium

CVE-2015-3001

SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by lever…

CVSS: 5.0 CWE: CWE-255 View on NVD
2015-04-16
Medium

CVE-2015-3319

Hotspot Express hotEx Billing Manager 73 does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script a…

CVSS: 5.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2015-04-14
Medium

CVE-2015-2781

Cross-site scripting (XSS) vulnerability in cgi-bin/hotspotlogin.cgi in Hotspot Express hotEx Billing Manager 73 allows remote attackers to inject arbitrary web script or HTML via the reply parameter.

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2015-04-01
Medium

CVE-2015-2756

QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and…

CVSS: 4.9 CWE: CWE-264 View on NVD
2015-03-12
Medium

CVE-2015-2150

Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable…

CVSS: 4.9 CWE: CWE-264 View on NVD
2015-02-16
High

CVE-2015-0609

Race condition in the Common Classification Engine (CCE) in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to ca…

CVSS: 7.1 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
2015-02-12
Medium

CVE-2015-0610

Race condition in the object-group ACL feature in Cisco IOS 15.5(2)T and earlier allows remote attackers to bypass intended access restrictions via crafted network traffic that triggers improper hand…

CVSS: 4.3 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2015-0608

Race condition in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) vi…

CVSS: 7.1 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
2014-12-31
Medium

CVE-2014-9431

Multiple cross-site request forgery (CSRF) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to hijack the authentication of administrators for requests that change the (1)…

CVSS: 6.8 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2014-9430

Cross-site scripting (XSS) vulnerability in httpd/cgi-bin/vpn.cgi/vpnconfig.dat in Smoothwall Express 3.0 SP3 allows remote attackers to inject arbitrary web script or HTML via the COMMENT parameter…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2014-9429

Multiple cross-site scripting (XSS) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to inject arbitrary web script or HTML via the (1) PROFILENAME parameter in a Save act…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2011-5284

Cross-site request forgery (CSRF) vulnerability in the web management interface in httpd/cgi-bin/shutdown.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to hijack the a…

CVSS: 6.8 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2011-5283

Cross-site scripting (XSS) vulnerability in the web management interface in httpd/cgi-bin/ipinfo.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to inject arbitrary web…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2014-10-15
Medium

CVE-2014-6483

Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.6 allows remote authenticated users to affect confidentiality, integrity, and availability via unkn…

CVSS: 6.0 CWE: N/A View on NVD
2014-10-11
Medium

CVE-2014-6887

The EXPRESS (aka com.gpshopper.express.android) application 2.5.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain…

CVSS: 5.4 CWE: CWE-310 View on NVD
2014-10-02
Medium

CVE-2014-6876

The American Express Serve (aka com.serve.mobile) application @7F0901E4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and…

CVSS: 5.4 CWE: CWE-310 View on NVD
2014-08-20
Low

CVE-2014-4750

IBM PowerVC Express Edition 1.2.0 before FixPack3 establishes an FTP session for transferring files to a managed IVM, which allows remote attackers to discover credentials by sniffing the network.

CVSS: 2.9 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2014-06-18
Medium

CVE-2014-4308

Multiple cross-site scripting (XSS) vulnerabilities in NICE Recording eXpress (aka Cybertech eXpress) before 6.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) USRLNM par…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2014-4305

Multiple SQL injection vulnerabilities in NICE Recording eXpress (aka Cybertech eXpress) 6.5.7 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS: 7.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2014-04-29
Medium

CVE-2014-2180

The Document Management component in Cisco Unified Contact Center Express does not properly validate a parameter, which allows remote authenticated users to upload files to arbitrary pathnames via a…

CVSS: 4.0 CWE: CWE-20 - Improper Input Validation View on NVD
2014-04-02
Critical

CVE-2013-5365

Heap-based buffer overflow in Autodesk SketchBook for Enterprise 2014, Pro, and Express before 6.25, and Copic Edition before 2.0.2 allows remote attackers to execute arbitrary code via RLE-compresse…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2014-03-25
Medium

CVE-2013-5445

IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows local users to obtain sensitive cleartext information by leveraging knowledge of a static dec…

CVSS: 5.0 CWE: CWE-310 View on NVD
Medium

CVE-2013-5444

The server in IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows remote attackers to read encrypted credentials via unspecified vectors.

CVSS: 5.0 CWE: CWE-310 View on NVD
Medium

CVE-2013-5443

Cross-site request forgery (CSRF) vulnerability in IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows remote attackers to hijack the authenticat…

CVSS: 6.8 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
2014-02-27
Medium

CVE-2014-2102

Cisco Unified Contact Center Express (Unified CCX) does not properly restrict the content of the CCMConfig page, which allows remote authenticated users to obtain sensitive information by examining t…

CVSS: 4.0 CWE: CWE-264 View on NVD
Medium

CVE-2014-0746

The disaster recovery system (DRS) in Cisco Unified Contact Center Express (Unified CCX) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML docu…

CVSS: 4.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2014-0745

Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability subsystem in Cisco Unified Contact Center Express (Unified CCX) allows remote attackers to hijack the authentication of a…

CVSS: 6.8 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
2014-02-14
Medium

CVE-2014-1467

BlackBerry Enterprise Service 10 before 10.2.1, Universal Device Service 6, Enterprise Server Express for Domino through 5.0.4, Enterprise Server Express for Exchange through 5.0.4, Enterprise Server…

CVSS: 5.0 CWE: CWE-255 View on NVD
2013-11-29
Medium

CVE-2013-6706

The Cisco Express Forwarding processing module in Cisco IOS XE allows remote attackers to cause a denial of service (device reload) via crafted MPLS packets that are not properly handled during IP he…

CVSS: 5.4 CWE: CWE-20 - Improper Input Validation View on NVD
2013-09-12
Medium

CVE-2013-5740

Unspecified vulnerability in the Intel Trusted Execution Technology (TXT) SINIT Authenticated Code Modules (ACM) before 1.2, as used by the Intel QM77, QS77, Q77 Express, C216, Q67 Express, C202, C20…

CVSS: 6.9 CWE: N/A View on NVD
2013-07-29
Medium

CVE-2013-4946

Multiple cross-site scripting (XSS) vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to inject arbitrary web script or HTML via the (1) SelTab parameter to QV_admin.…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2013-4945

Multiple SQL injection vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to execute arbitrary SQL commands via the (1) ASPSESSIONIDASSRATTQ, (2) TABLE_WIDGET_1, (3) T…

CVSS: 7.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2013-04-24
Medium

CVE-2013-1214

The scripts editor in Cisco Unified Contact Center Express (aka Unified CCX) does not properly manage privileges for anonymous logins, which allows remote attackers to read arbitrary scripts by visit…

CVSS: 5.0 CWE: CWE-264 View on NVD
2013-04-17
Medium

CVE-2013-1519

Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.1 allows remote attackers to affect integrity via unknown vectors.

CVSS: 5.0 CWE: N/A View on NVD
2013-02-13
Medium

CVE-2013-1114

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unity Express before 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud87527.

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2013-02-06
Medium

CVE-2013-1120

Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown v…

CVSS: 6.8 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
2012-11-04
Medium

CVE-2012-5795

The PayPal Express module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows…

CVSS: 5.8 CWE: CWE-20 - Improper Input Validation View on NVD
2012-10-31
Low

CVE-2012-4934

TomatoCart 1.1.7, when the PayPal Express Checkout module is enabled in sandbox mode, allows remote authenticated users to bypass intended payment requirements by modifying a certain redirection URL.

CVSS: 3.5 CWE: CWE-264 View on NVD
2012-09-15
High

CVE-2011-5174

Buffer overflow in Intel Trusted Execution Technology (TXT) SINIT Authenticated Code Modules (ACM) in Intel Q67 Express, C202, C204, C206 Chipsets, and Mobile Intel QM67, and QS67 Chipset before 2nd_…

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2012-08-13
High

CVE-2012-4281

Multiple SQL injection vulnerabilities in Travelon Express 6.2.2 allow remote attackers to execute arbitrary SQL commands via the hid parameter to (1) holiday.php or (2) holiday_book.php, (3) id para…

CVSS: 7.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2012-07-17
High

CVE-2012-1740

Unspecified vulnerability in the Oracle Application Express Listener component in Oracle Application Express Listener 1.1-ea, 1.1.1, 1.1.2, and 1.1.3 allows remote attackers to affect confidentiality…

CVSS: 7.8 CWE: N/A View on NVD
2012-05-27
Medium

CVE-2012-2939

Multiple unrestricted file upload vulnerabilities in Travelon Express 6.2.2 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) airli…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2012-2938

Multiple cross-site scripting (XSS) vulnerabilities in Travelon Express 6.2.2 allow remote attackers to inject arbitrary web script or HTML via the holiday name field to (1) holiday_add.php or (2) ho…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2012-05-03
Medium

CVE-2012-1708

Unspecified vulnerability in the Application Express component in Oracle Database Server 4.0 and 4.1 allows remote attackers to affect integrity via unknown vectors.

CVSS: 4.3 CWE: N/A View on NVD
2012-05-02
Medium

CVE-2011-2583

Cisco Unified Contact Center Express (aka CCX) 8.0 and 8.5 allows remote attackers to cause a denial of service via network traffic, as demonstrated by an SEC-BE-STABLE test case, aka Bug ID CSCth338…

CVSS: 5.0 CWE: CWE-20 - Improper Input Validation View on NVD
2012-03-29
High

CVE-2012-1314

The WAAS Express feature in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit traffic, aka Bug ID CSCtt45381.

CVSS: 7.8 CWE: CWE-399 View on NVD
2012-03-14
Critical

CVE-2012-0124

Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2012-0123

Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2012-0122

Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2012-0121

Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service…

CVSS: 10.0 CWE: N/A View on NVD
2012-03-13
Medium

CVE-2012-0687

TIBCO ActiveMatrix Runtime Platform in Service Grid and Service Bus 2.x before 2.3.2 and BusinessWorks Service Engine before 5.8.2; TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Ser…

CVSS: 5.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2012-03-06
High

CVE-2012-0199

Multiple SQL injection vulnerabilities in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allow remote attackers to execute arbitrary SQL commands via (1) a SOAP message to th…

CVSS: 7.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
Critical

CVE-2012-0198

Stack-based buffer overflow in the RunAndUploadFile method in the Isig.isigCtl.1 ActiveX control in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allows remote attackers to…

CVSS: 9.3 CWE: N/A View on NVD
2012-01-18
Low

CVE-2012-0109

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality and availability, related to TCP/IP.

CVSS: 3.6 CWE: N/A View on NVD
Medium

CVE-2012-0103

Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to Kernel.

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2012-0100

Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kerberos.

CVSS: 6.8 CWE: N/A View on NVD
Low

CVE-2012-0099

Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to sshd.

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2012-0098

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2011-0813.

CVSS: 1.9 CWE: N/A View on NVD
Low

CVE-2012-0097

Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect confidentiality via unknown vectors related to ksh93 Shell.

CVSS: 2.1 CWE: N/A View on NVD
Medium

CVE-2012-0096

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Network.

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2012-0094

Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows remote attackers to affect availability, related to TCP/IP.

CVSS: 7.8 CWE: N/A View on NVD
2011-10-30
Critical

CVE-2011-1367

Unspecified vulnerability in the File Load feature in IBM Rational AppScan Standard and Express 7.8.x, 7.9.x, and 8.0.x before 8.0.0.3 allows remote attackers to execute arbitrary commands via a craf…

CVSS: 9.3 CWE: N/A View on NVD
2011-10-27
High

CVE-2011-3315

Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (…

CVSS: 7.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-10-18
High

CVE-2011-3543

Unspecified vulnerability in Oracle Solaris 11 Express allows remote attackers to affect availability, related to iSCSI DataMover (IDM).

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2011-3542

Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability via unknown vectors related to Kernel/Performance Counter BackEnd Module (pcbe).

CVSS: 4.9 CWE: N/A View on NVD
Low

CVE-2011-3539

Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability via unknown vectors related to Zones.

CVSS: 1.7 CWE: N/A View on NVD
High

CVE-2011-3537

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel/Filesystem.

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2011-3535

Unspecified vulnerability in the Solaris component in Oracle Sun Products Suite 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Remote Quota Ser…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2011-3534

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Network Status Monitor (statd).

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2011-3525

Unspecified vulnerability in the Application Express component in Oracle Database Server 3.2 and 4.0 allows remote authenticated users to affect confidentiality, integrity, and availability, related…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2011-3515

Unspecified vulnerability in the Oracle Solaris 10 and 11 Express allows local users to affect integrity and availability via unknown vectors related to Process File System (procfs).

CVSS: 5.6 CWE: N/A View on NVD
Critical

CVE-2011-3508

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect confidentiality, integrity, and availability, related to LDAP library.

CVSS: 9.3 CWE: N/A View on NVD
Low

CVE-2011-2292

Unspecified vulnerability in Oracle Solaris 9 and 11 Express allows local users to affect confidentiality and integrity via unknown vectors related to xscreensaver.

CVSS: 2.4 CWE: N/A View on NVD
Low

CVE-2011-2286

Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows remote authenticated users to affect availability, related to ZFS.

CVSS: 2.1 CWE: N/A View on NVD
Medium

CVE-2011-4061

Multiple untrusted search path vulnerabilities in (1) db2rspgn and (2) kbbacf1 in IBM DB2 Express Edition 9.7, as used in the IBM Tivoli Monitoring for Databases: DB2 Agent, allow local users to gain…

CVSS: 6.9 CWE: N/A View on NVD
2011-07-21
Medium

CVE-2011-2298

Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows remote attackers to affect availability, related to KSSL.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2011-2296

Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability, related to Kernel/SCTP.

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2011-2295

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability, related to Driver/USB.

CVSS: 4.7 CWE: N/A View on NVD
Medium

CVE-2011-2294

Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows remote attackers to affect availability, related to SSH.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2011-2293

Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to Zones.

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2011-2290

Unspecified vulnerability in Oracle Solaris 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel/sockfs.

CVSS: 4.9 CWE: N/A View on NVD
High

CVE-2011-2287

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to fingerd.

CVSS: 7.8 CWE: N/A View on NVD
2011-07-20
Medium

CVE-2011-2259

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability, related to UFS.

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2011-2258

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to rksh.

CVSS: 4.6 CWE: N/A View on NVD
2011-07-14
Medium

CVE-2011-0287

Unspecified vulnerability in the BlackBerry Administration API in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 5.0.1 through 5.0.3, and BlackBerry Enterprise Server Express so…

CVSS: 6.4 CWE: N/A View on NVD
2011-06-16
Medium

CVE-2011-1280

The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1,…

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2011-04-20
High

CVE-2011-0841

Unspecified vulnerability in Oracle Solaris 11 Express allows remote attackers to affect availability, related to TCP/IP.

CVSS: 7.8 CWE: N/A View on NVD
Low

CVE-2011-0839

Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows local users to affect availability, related to LOFS.

CVSS: 3.7 CWE: N/A View on NVD
Medium

CVE-2011-0829

Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability, related to Kernel/SPARC.

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2011-0820

Unspecified vulnerability in Oracle Solaris 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Kernel.

CVSS: 5.4 CWE: N/A View on NVD
Medium

CVE-2011-0813

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2012-0098.

CVSS: 4.9 CWE: N/A View on NVD
Low

CVE-2011-0812

Unspecified vulnerability in the Solaris component in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel.

CVSS: 3.7 CWE: N/A View on NVD
Low

CVE-2011-0801

Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect confidentiality and integrity via unknown vectors related to cp.

CVSS: 3.6 CWE: N/A View on NVD
Medium

CVE-2011-0800

Unspecified vulnerability in the Solaris component in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to…

CVSS: 6.5 CWE: N/A View on NVD
2011-04-18
Medium

CVE-2011-0286

Cross-site scripting (XSS) vulnerability in webdesktop/app in the BlackBerry Web Desktop Manager component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software before 5.0.2 MR5 and…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2011-03-07
Medium

CVE-2009-3028

The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x expos…

CVSS: 6.8 CWE: N/A View on NVD
2011-01-19
Medium

CVE-2010-4459

Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to SCTP and Kernel/sockfs.

CVSS: 4.6 CWE: N/A View on NVD
Medium

CVE-2010-4458

Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability, related to ZFS.

CVSS: 4.1 CWE: N/A View on NVD
High

CVE-2010-4457

Unspecified vulnerability in Oracle Solaris 11 Express allows remote attackers to affect availability, related to SMB and CIFS.

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2010-4456

Unspecified vulnerability in Oracle Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to affect integrity via unknown vectors related to Web Mail.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2010-4446

Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to RDS and Kernel/InfiniBand.

CVSS: 4.6 CWE: N/A View on NVD