Lucene search
K

3542 matches found

Cvelist
Cvelist
added 2014/01/15 2:50 a.m.24 views

CVE-2014-0434

Unspecified vulnerability in the Oracle Agile Product Lifecycle Management for Process component in Oracle Supply Chain Products Suite 6.0, 6.1, and 6.1.1 allows remote attackers to affect integrity via unknown vectors related to Installation...

5.8AI score0.01357EPSS
Exploits0References6
Cvelist
Cvelist
added 2014/01/15 1:33 a.m.24 views

CVE-2013-5897

Unspecified vulnerability in the Oracle Agile Product Lifecycle Management for Process component in Oracle Supply Chain Products Suite 6.0, 6.1, and 6.1.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Manage Data Cache...

5.1AI score0.01558EPSS
Exploits0References6
CVE
CVE
added 2014/01/15 1:33 a.m.50 views

CVE-2013-5897

Technical details for CVE-2013-5897 are not publicly provided in the supplied documents. No concrete information on affected components, root cause, or remediation is present here. Monitor official advisories for updates.

5.5CVSS5.2AI score0.01558EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2013/12/10 4:55 p.m.12 views

CVE-2013-3710

SUSE Lifecycle Management Server SLMS before 1.3.7 does not generate a new secret key when the service starts, which allows remote attackers to defeat intended cryptographic protection mechanisms by leveraging knowledge of this key from a product installation elsewhere...

4.3CVSS6.6AI score0.01303EPSS
Exploits0References3
Cvelist
Cvelist
added 2013/12/10 3:0 p.m.17 views

CVE-2013-3710

SUSE Lifecycle Management Server SLMS before 1.3.7 does not generate a new secret key when the service starts, which allows remote attackers to defeat intended cryptographic protection mechanisms by leveraging knowledge of this key from a product installation elsewhere...

6.6AI score0.01303EPSS
Exploits0References3
CVE
CVE
added 2013/12/10 3:0 p.m.42 views

CVE-2013-3710

The provided documents identify CVE-2013-3710 as affecting SUSE Lifecycle Management Server (SLMS) before version 1.3.7. The root cause is that SLMS does not generate a new secret key when the service starts, enabling remote attackers to defeat intended cryptographic protections by deriving knowl...

4.3CVSS6.8AI score0.01303EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2013/12/10 3:0 p.m.49 views

CVE-2013-7042

CVE-2013-7042 affects SUSE Lifecycle Management Server (SLMS) prior to version 1.3.7. The issue is that secret keys are stored with world-readable permissions, enabling local users to gain privileges through unspecified vectors. The affected component is the SLMS secret key storage mechanism; roo...

4.6CVSS6.8AI score0.00338EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2013/12/10 3:0 p.m.13 views

CVE-2013-7042

SUSE Lifecycle Management Server SLMS before 1.3.7 uses world-readable permissions for the secret keys, which allows local users to gain privileges via unspecified vectors...

6.6AI score0.00338EPSS
Exploits0References4
Zero Day Initiative
Zero Day Initiative
added 2013/11/24 12:0 a.m.25 views

HP Application Lifecycle Management GossipService SOAP Request Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Application Lifecycle Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service named GossipServiceSoapBinding. This web service i...

7.5CVSS3.3AI score0.05536EPSS
Exploits0References1
securityvulns
securityvulns
added 2013/11/05 12:0 a.m.64 views

[security bulletin] HPSBMU02934 rev.1 - HP Application LifeCycle Management, GossipService SOAP Request, Remote Code Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03969436 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03969436 Version: 1 HPSBMU02934 rev....

7.5CVSS0.3AI score0.05536EPSS
Exploits0
securityvulns
securityvulns
added 2013/11/05 12:0 a.m.64 views

[security bulletin] HPSBMU02932 rev.1 - HP Application LifeCycle Management, ALM client component, Remote Execution of Arbitrary Code

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03969433 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03969433 Version: 1 HPSBMU02932 rev....

7.5CVSS0.5AI score0.05536EPSS
Exploits0
Prion
Prion
added 2013/11/04 4:55 p.m.12 views

Design/Logic Flaw

Unspecified vulnerability in the client component in HP Application LifeCycle Management ALM before 11 p11 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1327...

7.5CVSS8.2AI score0.05536EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2013/11/04 3:0 p.m.27 views

CVE-2013-4836

Unspecified vulnerability in the GossipService SOAP Request implementation in the Synchronizer component before 1.4.2 in HP Application LifeCycle Management ALM allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1759...

7.6AI score0.05536EPSS
Exploits0References1
NVD
NVD
added 2013/09/16 1:1 p.m.38 views

CVE-2013-4810

HP ProCurve Manager PCM 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager IDM 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to 1 EJBInvokerServlet or 2 JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplica...

10CVSS7.5AI score0.79003EPSS
Exploits5References8
Prion
Prion
added 2013/09/16 1:1 p.m.39 views

Design/Logic Flaw

HP ProCurve Manager PCM 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager IDM 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to 1 EJBInvokerServlet or 2 JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplica...

10CVSS7.8AI score0.81832EPSS
Exploits38References7Affected Software2
Vulnrichment
Vulnrichment
added 2013/09/13 6:0 p.m.11 views

CVE-2013-4810

HP ProCurve Manager PCM 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager IDM 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to 1 EJBInvokerServlet or 2 JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplica...

7.8AI score0.79003EPSS
Exploits5References7
Positive Technologies
Positive Technologies
added 2013/09/11 12:0 a.m.10 views

PT-2013-5209 · Hewlett Packard +1 · Hp Application Lifecycle Management +3

Name of the Vulnerable Software and Affected Versions: HP Multiple Products versions affected versions not specified HP PCM+ and Application Lifecycle Management affected versions not specified Description: The issue allows for remote code execution. It involves the JBoss Invoker Servlets and...

10CVSS7.5AI score0.79003EPSS
Exploits5References11
Zero Day Initiative
Zero Day Initiative
added 2013/09/11 12:0 a.m.67 views

HP PCM+ and Application Lifecycle Management JBoss Invoker Servlets Marshalled Object Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP PCM Plus and Application Lifecycle Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within the exposed EJBInvokerServlet and JMXInvokerServlet. ...

10CVSS5AI score0.79003EPSS
Exploits5References2
OSV
OSV
added 2013/08/23 4:55 p.m.2 views

DEBIAN-CVE-2012-4733

Request Tracker RT 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors...

6CVSS8.4AI score0.01634EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2013/08/23 4:55 p.m.16 views

CVE-2012-4733

Request Tracker RT 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors...

6CVSS7.2AI score0.01634EPSS
Exploits0References1
Rows per page
Query Builder