Filtered by vendor Ca
Subscribe
Total
138 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-5156 | 2 Ca, Microsoft | 2 Internet Security Suite 2010, Windows Xp | 2024-08-07 | 6.2 MEDIUM | N/A |
| Race condition in CA Internet Security Suite Plus 2010 6.0.0.272 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute | |||||
| CVE-2021-28250 | 1 Ca | 1 Ehealth Performance Manager | 2024-08-03 | 4.6 MEDIUM | 7.8 HIGH |
| CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid (and/or setgid) file. When a component is run as an argument of the runpicEhealth executable, the script code will be executed as the ehealth user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2021-28249 | 1 Ca | 1 Ehealth Performance Manager | 2024-08-03 | 7.2 HIGH | 8.8 HIGH |
| CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. To exploit the vulnerability, the ehealth user must create a malicious library in the writable RPATH, to be dynamically linked when the FtpCollector executable is run. The code in the library will be executed as the root user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2021-28247 | 1 Ca | 1 Ehealth Performance Manager | 2024-08-03 | 3.5 LOW | 5.4 MEDIUM |
| CA eHealth Performance Manager through 6.3.2.12 is affected by Cross Site Scripting (XSS). The impact is: An authenticated remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and perform a Reflected Cross-Site Scripting attack against the platform users. The affected endpoints are: cgi/nhWeb with the parameter report, aviewbin/filtermibobjects.pl with the parameter namefilter, and aviewbin/query.pl with the parameters System, SystemText, Group, and GroupText. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2009-3588 | 4 Broadcom, Ca, Linux and 1 more | 35 Anti-virus, Anti-virus For The Enterprise, Anti-virus Sdk and 32 more | 2024-05-17 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service via a crafted RAR archive file that triggers stack corruption, a different vulnerability than CVE-2009-3587. | |||||
| CVE-2009-3587 | 3 Broadcom, Ca, Linux | 33 Anti-virus, Anti-virus For The Enterprise, Anti-virus Sdk and 30 more | 2024-05-17 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted RAR archive file that triggers heap corruption, a different vulnerability than CVE-2009-3588. | |||||
| CVE-2019-7394 | 1 Ca | 2 Risk Authentication, Strong Authentication | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges. | |||||
| CVE-2019-7393 | 1 Ca | 2 Risk Authentication, Strong Authentication | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases. | |||||
| CVE-2018-13825 | 2 Broadcom, Ca | 2 Project Portfolio Management, Project Portfolio Management | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks. | |||||
| CVE-2018-19635 | 2 Broadcom, Ca | 2 Service Desk Manager, Service Desk Manager | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to escalate privileges in the user interface. | |||||
| CVE-2018-19634 | 2 Broadcom, Ca | 2 Service Desk Manager, Service Desk Manager | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to access survey information. | |||||
| CVE-2018-13826 | 2 Broadcom, Ca | 2 Project Portfolio Management, Project Portfolio Management | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks. | |||||
| CVE-2018-13819 | 1 Ca | 1 Unified Infrastructure Management | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. | |||||
| CVE-2018-13821 | 1 Ca | 1 Unified Infrastructure Management | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing. | |||||
| CVE-2018-13820 | 1 Ca | 1 Unified Infrastructure Management | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. | |||||
| CVE-2018-13824 | 2 Broadcom, Ca | 2 Project Portfolio Management, Project Portfolio Management | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks. | |||||
| CVE-2018-13823 | 2 Broadcom, Ca | 2 Project Portfolio Management, Project Portfolio Management | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information. | |||||
| CVE-2018-9027 | 1 Ca | 1 Ca Privileged Access Manager | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link. | |||||
| CVE-2018-6588 | 1 Ca | 1 Api Developer Portal | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the apiExplorer. | |||||
| CVE-2018-6587 | 1 Ca | 1 Api Developer Portal | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID variable. | |||||