CVEs from 2012
Total
5,199
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.7%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-6076 | medium | — | 4.4 | 13y ago | Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and poss… | |||
| CVE-2012-2372 | medium | — | 4.4 | 14y ago | The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG… | |||
| CVE-2012-2252 | medium | — | 4.4 | 14y ago | Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option. | |||
| CVE-2012-2251 | medium | — | 4.4 | 14y ago | rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) "-e" or (2) "--" command line option. | |||
| CVE-2012-5675 | medium | — | 4.4 | 14y ago | Adobe ColdFusion 9.0 through 9.0.2, and 10, allows local users to bypass intended shared-hosting sandbox permissions via unspecified vectors. | |||
| CVE-2012-6036 | medium | — | 4.4 | 14y ago | The (1) memc_save_get_next_page, (2) tmemc_restore_put_page and (3) tmemc_restore_flush_page functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 do not check for negative id pools, w… | |||
| CVE-2012-6034 | medium | — | 4.4 | 14y ago | The (1) tmemc_save_get_next_page and (2) tmemc_save_get_next_inv functions and the (3) TMEMC_SAVE_GET_POOL_UUID sub-operation in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 "do not check … | |||
| CVE-2012-6033 | medium | — | 4.4 | 14y ago | The do_tmem_control function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly check privileges, which allows local guest OS users to access control stack operations via un… | |||
| CVE-2012-4436 | medium | — | 4.4 | 14y ago | Buffer overflow in the run_last_args function in client/fwknop.c in fwknop before 2.0.3, when processing --last, might allow local users to cause a denial of service (client crash) and possibly execu… | |||
| CVE-2012-3466 | medium | — | 4.4 | 14y ago | GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to "idle" or "timeout," does not properly limit the amount of time a passphrase is cached, which allows attackers to have an unsp… | |||
| CVE-2012-5095 | medium | — | 4.4 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to inetd. | |||
| CVE-2012-4677 | medium | — | 4.4 | 14y ago | Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by using a crafted Info.plist file to control the gOkIfNotSecure value. | |||
| CVE-2012-3381 | medium | — | 4.4 | 14y ago | sfcb in sblim-sfcb places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | |||
| CVE-2012-3386 | medium | — | 4.4 | 14y ago | The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local use… | |||
| CVE-2012-2652 | medium | — | 4.4 | 14y ago | The bdrv_open function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink att… | |||
| CVE-2012-3018 | medium | — | 4.4 | 14y ago | The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authen… | |||
| CVE-2012-0305 | medium | — | 4.4 | 14y ago | Untrusted search path vulnerability in Symantec System Recovery 2011 before SP2 and Backup Exec System Recovery 2010 before SP5 allows local users to gain privileges via a Trojan horse DLL in the cur… | |||
| CVE-2012-1750 | medium | — | 4.4 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to mailx. | |||
| CVE-2012-1054 | medium | — | 4.4 | 14y ago | Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local … | |||
| CVE-2012-0110 | medium | — | 4.4 | 15y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect confidentiality, integrity, and availa… | |||
| CVE-2012-3458 | medium | — | 4.3 | 4y ago | Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors. | |||
| CVE-2012-6082 | medium | — | 4.3 | 4y ago | Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the page name in a rss link. | |||
| CVE-2012-5504 | medium | — | 4.3 | 4y ago | Cross-site scripting (XSS) vulnerability in widget_traversal.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-5494 | medium | — | 4.3 | 4y ago | Cross-site scripting (XSS) vulnerability in python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, relat… | |||
| CVE-2012-5500 | medium | — | 4.3 | 4y ago | The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a cr… | |||
| CVE-2012-2654 | medium | — | 4.3 | 4y ago | The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protoc… | |||
| CVE-2012-6132 | medium | — | 4.3 | 4y ago | Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter. | |||
| CVE-2012-5507 | medium | — | 4.3 | 8y ago | AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in pa… | |||
| CVE-2012-6662 | medium | — | 4.3 | 9y ago | jquery-ui Tooltip widget vulnerable to XSS | |||
| CVE-2012-2694 | medium | — | 4.3 | 9y ago | actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request | |||
| CVE-2012-3867 | medium | — | 4.3 | 9y ago | lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Ce… | |||
| CVE-2012-6692 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in js/wp-seo-metabox.js in the WordPress SEO by Yoast plugin before 2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the p… | |||
| CVE-2012-3243 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the SEOgento plugin for Magento allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this informat… | |||
| CVE-2012-2932 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to inject arbitrary web script or HTML via the selitems[] parameter in a (1) copy, (2) … | |||
| CVE-2012-1303 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in amCharts Flash 1 allow remote attackers to inject arbitrary web script or HTML via the (1) data_file or (2) settings_file parameter to ampie.swf… | |||
| CVE-2012-1302 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in amMap 2.6.3 allow remote attackers to inject arbitrary web script or HTML via the (1) data_file or (2) settings_file parameter to ammap.swf, or … | |||
| CVE-2012-5866 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in include.php in Achievo 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter. | |||
| CVE-2012-2413 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web script or HTML via the Mod* cookie parameter to html/… | |||
| CVE-2012-6316 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK TL-WR841N router with firmware 3.13.9 Build 120201 Rel.54965n and earlier allow remote administrators to inject arbitrary web script… | |||
| CVE-2012-5491 | medium | — | 4.3 | 12y ago | z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id. | |||
| CVE-2012-5490 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in kssdevel.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-6107 | medium | — | 4.3 | 12y ago | Apache Axis2/C does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attack… | |||
| CVE-2012-6659 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the admin interface in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2012-1032 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Euroling SiteSeeker module 3.x before 3.4.5 for EPiServer allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE… | |||
| CVE-2012-6153 | medium | — | 4.3 | 12y ago | Improper certificate validation in org.apache.httpcomponents:httpclient | |||
| CVE-2012-4226 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Quick Post Widget plugin 1.9.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) Title, (2) Content, or (3… | |||
| CVE-2012-4241 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Microcart 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO or (2) query string to _admin/index.php or (3)… | |||
| CVE-2012-1621 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.02 allow remote attackers to inject arbitrary web script or HTML via (1) a par… | |||
| CVE-2012-3522 | medium | — | 4.3 | 12y ago | GeSHi vulnerable to Cross-site Scripting | |||
| CVE-2012-4728 | medium | — | 4.3 | 12y ago | The (1) QProGetNotebookWindowHandle and (2) Ordinal132 functions in QPW160.dll in Corel Quattro Pro X6 Standard Edition 16.0.0.388 and earlier allows remote attackers to cause a denial of service (NU… | |||
| CVE-2012-5057 | medium | — | 4.3 | 12y ago | CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter. | |||
| CVE-2012-5056 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) readyCallback parameter to apps/files_odf… | |||
| CVE-2012-3333 | medium | — | 4.3 | 12y ago | CRLF injection vulnerability in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote attackers to inject arbitrary HT… | |||
| CVE-2012-1600 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in functions.php in phpPgAdmin before 5.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) type of a functio… | |||
| CVE-2012-4230 | medium | — | 4.3 | 12y ago | The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the (1) encoding directive and (2) valid_elements attribute, which allows attackers to conduct cross-site … | |||
| CVE-2012-5039 | medium | — | 4.3 | 12y ago | The BGP Router process in Cisco IOS before 12.2(50)SY1 allows remote attackers to cause a denial of service (memory consumption) via vectors involving BGP path attributes, aka Bug ID CSCsw63003. | |||
| CVE-2012-4651 | medium | — | 4.3 | 12y ago | Cisco IOS before 15.3(2)T, when scansafe is enabled, allows remote attackers to cause a denial of service (latency) via SYN packets that are not accompanied by SYN-ACK packets from the Scan Safe Towe… | |||
| CVE-2012-3918 | medium | — | 4.3 | 12y ago | Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certa… | |||
| CVE-2012-0214 | medium | — | 4.3 | 12y ago | The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16~exp13, when updating from repositories that use InRel… | |||
| CVE-2012-6131 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1. | |||
| CVE-2012-6130 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link. | |||
| CVE-2012-6645 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the autocomplete functionality in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers … | |||
| CVE-2012-6642 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in ClipBucket 2.6 allows remote attackers to inject arbitrary web script or HTML via the type parameter to view_channel.php. NOTE: the provenance of this inf… | |||
| CVE-2012-1561 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or … | |||
| CVE-2012-6641 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in redirect.php in the Socolissimo module (modules/socolissimo/) in PrestaShop before 1.4.7.2 allows remote attackers to inject arbitrary web script or HTML v… | |||
| CVE-2012-1834 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the cms_tpv_admin_head function in functions.php in the CMS Tree Page View plugin before 0.8.9 for WordPress allows remote attackers to inject arbitrary we… | |||
| CVE-2012-6640 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Horde Internet Mail Program (IMP) before 5.0.22, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web s… | |||
| CVE-2012-5567 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.18, as used in Horde Groupware Webmail Edition before 4.0.9, allow remote attackers to inject… | |||
| CVE-2012-5566 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.17, as used in Horde Groupware Webmail Edition before 4.0.8, allow remote attackers to inject… | |||
| CVE-2012-5565 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in js/compose-dimp.js in Horde Internet Mail Program (IMP) before 5.0.24, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to … | |||
| CVE-2012-5650 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via … | |||
| CVE-2012-0891 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 before 1.2.5 and Enterprise 1.0 before 1.2.5 and 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or … | |||
| CVE-2012-2134 | medium | — | 4.3 | 12y ago | The handle_connection_error function in ldap_helper.c in bind-dyndb-ldap before 1.1.0rc1 does not properly handle LDAP query errors, which allows remote attackers to cause a denial of service (infini… | |||
| CVE-2012-5524 | medium | — | 4.3 | 13y ago | The _ssl_verify_callback function in tls_nb.py in Gajim before 0.15.3 does not properly verify SSL certificates, which allows remote attackers to conduct man-in-the-middle (MITM) attacks and spoof se… | |||
| CVE-2012-1095 | medium | — | 4.3 | 13y ago | osc before 0.134 might allow remote OBS repository servers or package maintainers to execute arbitrary commands via a crafted (1) build log or (2) build status that contains an escape sequence for a … | |||
| CVE-2012-6086 | medium | — | 4.3 | 13y ago | libs/zbxmedia/eztexting.c in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.8rc1, and 2.1.x before 2.1.2 does not properly set the CURLOPT_SSL_VERIFYHOST option for libcurl, which allows man-in-the-… | |||
| CVE-2012-6447 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 5.0.0 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-6633 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php in WordPress before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via an editable slug field. | |||
| CVE-2012-6632 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Vessio NetBill 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) file title to accounts/admin/index… | |||
| CVE-2012-6630 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Media Library Categories plugin 1.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) bulk parameter… | |||
| CVE-2012-6628 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Newsletter Manager plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) xyz_em_campNa… | |||
| CVE-2012-6627 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in admin/test_mail.php in the Newsletter Manager plugin 1.0.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the… | |||
| CVE-2012-6623 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in fs-admin/wpf-add-forum.php in the ForumPress WP Forum Server plugin before 1.7.5 for WordPress allows remote attackers to inject arbitrary web script or HT… | |||
| CVE-2012-6621 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1, 3.1.2, 3.2.3, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Email Address or (2) Cust… | |||
| CVE-2012-6620 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in the (1) tasks and (2) search views in Horde Kronolith H4 before 3.0.17 allow remote attackers to inject arbitrary web script or HTML via unspeci… | |||
| CVE-2012-2899 | medium | — | 4.3 | 13y ago | Google Chrome before 21.0.1180.82 on iOS makes certain incorrect calls to WebView methods that trigger use of an applewebdata: URL, which allows remote attackers to bypass the Same Origin Policy and … | |||
| CVE-2012-6617 | medium | — | 4.3 | 13y ago | The prepare_sdp_description function in ffserver.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (crash) via vectors related to the rtp format. | |||
| CVE-2012-6615 | medium | — | 4.3 | 13y ago | The ff_ass_split_override_codes function in libavcodec/ass_split.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a subtitle dial… | |||
| CVE-2012-3047 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the web-wizard setup page on Cisco Scientific Atlanta D20 and D30 cable modems allows remote attackers to inject arbitrary web script or HTML via unspecifi… | |||
| CVE-2012-0414 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Spacewalk service in SUSE Manager 1.2 for SUSE Linux Enterprise (SLE) 11 SP1 allows remote attackers to inject arbitrary web script or HTML via an imag… | |||
| CVE-2012-4529 | medium | — | 4.3 | 13y ago | The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a… | |||
| CVE-2012-4116 | medium | — | 4.3 | 13y ago | The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM media traffic, which allows remote attackers to obtain sensitive information, and consequently complete … | |||
| CVE-2012-4099 | medium | — | 4.3 | 13y ago | The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka … | |||
| CVE-2012-4097 | medium | — | 4.3 | 13y ago | The BGP implementation in Cisco NX-OS does not properly filter segment types in AS paths, which allows remote attackers to cause a denial of service (BGP service reset) via a malformed UPDATE message… | |||
| CVE-2012-4088 | medium | — | 4.3 | 13y ago | The FTP server in Cisco Unified Computing System (UCS) has a hardcoded password for an unspecified user account, which makes it easier for remote attackers to read or modify files by leveraging knowl… | |||
| CVE-2012-2624 | medium | — | 4.3 | 13y ago | Stack-based buffer overflow in Logica HotScan allows remote attackers to cause a denial of service (crash) via a crafted packet. | |||
| CVE-2012-4072 | medium | — | 4.3 | 13y ago | The KVM subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers, and read keyboard and mouse events, b… | |||
| CVE-2012-4067 | medium | — | 4.3 | 13y ago | Walrus in Eucalyptus before 3.2.2 allows remote attackers to cause a denial of service (memory, thread, and CPU consumption) via a crafted XML message containing a DTD, as demonstrated by a bucket-lo… | |||
| CVE-2012-5990 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Health Monitor Login pages in Cisco Prime Network Control System (NCS) and Wireless Control System (WCS) allow remote attackers to inject arbitr… | |||
| CVE-2012-6590 | medium | — | 4.3 | 13y ago | The web-based management UI in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 allows remote attackers to obtain verbose error information via crafted input, aka Ref ID 33139. |