CVEs from 2012
Total
5,199
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.7%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-0770 | medium | — | 5.0 | 14y ago | Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a d… | |||
| CVE-2012-0006 | medium | — | 5.0 | 14y ago | The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denia… | |||
| CVE-2012-0690 | medium | — | 5.0 | 14y ago | TIBCO Spotfire Web Application, Web Player Application, Automation Services Application, and Analytics Client Application in Spotfire Analytics Server before 10.1.2; Server before 3.3.3; and Web Play… | |||
| CVE-2012-0689 | medium | — | 5.0 | 14y ago | The server in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before… | |||
| CVE-2012-0687 | medium | — | 5.0 | 14y ago | TIBCO ActiveMatrix Runtime Platform in Service Grid and Service Bus 2.x before 2.3.2 and BusinessWorks Service Engine before 5.8.2; TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Ser… | |||
| CVE-2012-0884 | medium | — | 5.0 | 14y ago | The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for conte… | |||
| CVE-2012-0647 | medium | — | 5.0 | 14y ago | WebKit in Apple Safari before 5.1.4 does not properly handle redirects in conjunction with HTTP authentication, which might allow remote web servers to capture credentials by logging the Authorizatio… | |||
| CVE-2012-0640 | medium | — | 5.0 | 14y ago | WebKit in Apple Safari before 5.1.4 does not properly implement "From third parties and advertisers" cookie blocking, which makes it easier for remote web servers to track users via a cookie. | |||
| CVE-2012-1558 | medium | — | 5.0 | 14y ago | yaSSL CyaSSL before 2.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted X.509 certificate. | |||
| CVE-2012-0641 | medium | — | 5.0 | 14y ago | CFNetwork in Apple iOS before 5.1 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL, a different vu… | |||
| CVE-2012-0585 | medium | — | 5.0 | 14y ago | The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the (1) pushState … | |||
| CVE-2012-0769 | medium | — | 5.0 | 14y ago | Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x does not pro… | |||
| CVE-2012-0316 | medium | — | 5.0 | 14y ago | The Cookpad 1.5.16 and earlier and Cookpad Noseru 1.1.1 and earlier applications for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information… | |||
| CVE-2012-1207 | medium | — | 5.0 | 15y ago | ForkCMS Directory Traversal vulnerability | |||
| CVE-2012-0823 | medium | — | 5.0 | 15y ago | VP8 Codec SDK (libvpx) before 1.0.0 "Duclair" allows remote attackers to cause a denial of service (application crash) via (1) unspecified "corrupt input" or (2) by "starting decoding from a P-frame,… | |||
| CVE-2012-1292 | medium | — | 5.0 | 15y ago | Unspecified vulnerability in the MessagingSystem servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the MessagingSystem Performance Data via unspecified vector… | |||
| CVE-2012-1291 | medium | — | 5.0 | 15y ago | Unspecified vulnerability in the com.sap.aii.mdt.amt.web.AMTPageProcessor servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the Adapter Monitor via unspecifie… | |||
| CVE-2012-1256 | medium | — | 5.0 | 15y ago | The single sign-on (SSO) implementation in EasyVista before 2010.1.1.89 allows remote attackers to bypass authentication via a modified url_account parameter, in conjunction with a valid login name i… | |||
| CVE-2012-0291 | medium | — | 5.0 | 15y ago | Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1… | |||
| CVE-2012-0239 | medium | — | 5.0 | 15y ago | uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to modify an administrative password via a password-change request. | |||
| CVE-2012-0236 | medium | — | 5.0 | 15y ago | Advantech/BroadWin WebAccess 7.0 and earlier allows remote attackers to obtain sensitive information via a direct request to a URL. NOTE: the vendor reportedly "does not consider it to be a security… | |||
| CVE-2012-0200 | medium | — | 5.0 | 15y ago | The server in IBM solidDB 6.5 before Interim Fix 6 does not properly initialize data structures, which allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT state… | |||
| CVE-2012-1223 | medium | — | 5.0 | 15y ago | RabidHamster R2/Extreme 1.65 and earlier uses a small search space of values for the PIN number, which allows remote attackers to obtain the PIN number via a brute force attack. | |||
| CVE-2012-0206 | medium | — | 5.0 | 15y ago | common_startup.cc in PowerDNS (aka pdns) Authoritative Server before 2.9.22.5 and 3.x before 3.0.1 allows remote attackers to cause a denial of service (packet loop) via a crafted UDP DNS response. | |||
| CVE-2012-0501 | medium | — | 5.0 | 15y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to a… | |||
| CVE-2012-1085 | medium | — | 5.0 | 15y ago | Unspecified vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. | |||
| CVE-2012-1078 | medium | — | 5.0 | 15y ago | The System Utilities (sysutils) extension 1.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unspecified vectors related to improper "protection" of the "backup o… | |||
| CVE-2012-1056 | medium | — | 5.0 | 15y ago | The Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal does not properly enforce permissions for (1) Recent forwards, (2) Most forwarded, or (3) Dynamic blocks, which allows… | |||
| CVE-2012-1035 | medium | — | 5.0 | 15y ago | AdaCore Ada Web Services (AWS) before 2.10.2 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a … | |||
| CVE-2012-1033 | medium | — | 5.0 | 15y ago | The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trig… | |||
| CVE-2012-0839 | medium | — | 5.0 | 15y ago | OCaml 3.12.1 and earlier computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consum… | |||
| CVE-2012-1003 | medium | — | 5.0 | 15y ago | Multiple integer overflows in Opera 11.60 and earlier allow remote attackers to cause a denial of service (application crash) via a large integer argument to the (1) Int32Array, (2) Float32Array, (3)… | |||
| CVE-2012-0447 | medium | — | 5.0 | 15y ago | Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain pot… | |||
| CVE-2012-0445 | medium | — | 5.0 | 15y ago | Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to bypass the HTML5 frame-navigation policy and replace arbitrary sub-frames by creating … | |||
| CVE-2012-0817 | medium | — | 5.0 | 15y ago | Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote attackers to cause a denial of service (memory and CPU consumption) by making many connection requests. | |||
| CVE-2012-0898 | medium | — | 5.0 | 15y ago | Directory traversal vulnerability in meb_download.php in the myEASYbackup plugin 1.0.8.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dwn_file parameter. | |||
| CVE-2012-0193 | medium | — | 5.0 | 15y ago | IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.43, 6.1 before 6.1.0.43, 7.0 before 7.0.0.23, and 8.0 before 8.0.0.3 computes hash values for form parameters without restricting the ability … | |||
| CVE-2012-0050 | medium | — | 5.0 | 15y ago | OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NO… | |||
| CVE-2012-0022 | medium | — | 5.0 | 15y ago | Denial of Service in Apache Tomcat | |||
| CVE-2012-0486 | medium | — | 5.0 | 15y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-011… | |||
| CVE-2012-0104 | medium | — | 5.0 | 15y ago | Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1 and 3.1.1 allows remote attackers to affect availability via unknown vectors related to Web Container. | |||
| CVE-2012-0096 | medium | — | 5.0 | 15y ago | Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Network. | |||
| CVE-2012-0072 | medium | — | 5.0 | 15y ago | Unspecified vulnerability in the Listener component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.2 allows remote attackers to affect availability via unknown… | |||
| CVE-2012-0693 | medium | — | 5.0 | 15y ago | submitticket.php in WHMCompleteSolution (WHMCS) 5.03 allows remote attackers to inject arbitrary code into a subject field via crafted ticket data, a different vulnerability than CVE-2011-5061. NOTE:… | |||
| CVE-2012-0027 | medium | — | 5.0 | 15y ago | The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted d… | |||
| CVE-2012-4382 | medium | 4.9 | 4.9 | 9y ago | MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly protect user block metadata, which allows remote administrators to read a user block reason via a reblock attempt. | |||
| CVE-2012-6657 | medium | — | 4.9 | 12y ago | The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5.7 does not ensure that a keepalive action is associated with a stream socket, which allows local users to cause a denial… | |||
| CVE-2012-6647 | medium | — | 4.9 | 12y ago | The futex_wait_requeue_pi function in kernel/futex.c in the Linux kernel before 3.5.1 does not ensure that calls have two different futex addresses, which allows local users to cause a denial of serv… | |||
| CVE-2012-4638 | medium | — | 4.9 | 12y ago | Cisco IOS before 15.1(1)SY allows local users to cause a denial of service (device reload) by establishing an outbound SSH session, aka Bug ID CSCto00318. | |||
| CVE-2012-0059 | medium | 4.9 | 4.9 | 13y ago | A flaw was found in Spacewalk-backend. This information disclosure vulnerability occurs when a system registration XML-RPC call fails, causing cleartext user passwords to be included in error message… | |||
| CVE-2012-2697 | medium | — | 4.9 | 13y ago | Unspecified vulnerability in autofs, as used in Red Hat Enterprise Linux (RHEL) 5, allows local users to cause a denial of service (autofs crash and delayed mounts) or prevent "mount expiration" via … | |||
| CVE-2012-4398 | medium | — | 4.9 | 14y ago | The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 does not set a certain killable attribute, which allows local users to cause a denial of service (memory consumption) via… | |||
| CVE-2012-5478 | medium | — | 4.9 | 14y ago | The AuthorizationInterceptor in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 does not properly … | |||
| CVE-2012-6396 | medium | — | 4.9 | 14y ago | Cisco NX-OS on Nexus 7000 series switches does not properly handle certain line-card replacements, which might allow remote authenticated users to cause a denial of service (memory consumption) via a… | |||
| CVE-2012-5532 | medium | — | 4.9 | 14y ago | The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.8-rc1, allows local users to cause a denial of service (daemon exit) via a crafted application… | |||
| CVE-2012-4538 | medium | — | 4.9 | 14y ago | The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not properly check the pagetable state when running on shadow pagetables, which allows a local HVM guest OS to cause a denial of serv… | |||
| CVE-2012-3433 | medium | — | 4.9 | 14y ago | Xen 4.0 and 4.1 allows local HVM guest OS kernels to cause a denial of service (domain 0 VCPU hang and kernel panic) by modifying the physical address space in a way that triggers excessive shared pa… | |||
| CVE-2012-6032 | medium | — | 4.9 | 14y ago | Multiple integer overflows in the (1) tmh_copy_from_client and (2) tmh_copy_to_client functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial… | |||
| CVE-2012-3228 | medium | — | 4.9 | 14y ago | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.0.5, 5.1.0, 5.2.0, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authent… | |||
| CVE-2012-3208 | medium | — | 4.9 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability, related to Kernel/RCTL. | |||
| CVE-2012-3207 | medium | — | 4.9 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kernel. | |||
| CVE-2012-0106 | medium | — | 4.9 | 14y ago | Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect confidentiality and integrity via u… | |||
| CVE-2012-3488 | medium | — | 4.9 | 14y ago | The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote… | |||
| CVE-2012-3459 | medium | — | 4.9 | 14y ago | Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted ad… | |||
| CVE-2012-2735 | medium | — | 4.9 | 14y ago | Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote attackers to hijack web sessions via a crafted session co… | |||
| CVE-2012-4402 | medium | — | 4.9 | 14y ago | webservice/lib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly restrict the use of web-service tokens, which allows remote authenticated users to run ar… | |||
| CVE-2012-1649 | medium | — | 4.9 | 14y ago | Cool Aid module before 6.x-1.9 for Drupal does not enforce access restrictions, which allows remote authenticated users with the administer coolaid permission to modify arbitrary pages via unspecifie… | |||
| CVE-2012-4582 | medium | — | 4.9 | 14y ago | McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to reset the passwords of arbit… | |||
| CVE-2012-3447 | medium | — | 4.9 | 14y ago | virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an im… | |||
| CVE-2012-3247 | medium | — | 4.9 | 14y ago | Unspecified vulnerability on the HP Integrity Server BL860c i2, BL870c i2, and BL890c i2 with firmware before 26.31 and the HP Integrity Server rx2800 i2 with firmware before 26.30 allows local users… | |||
| CVE-2012-3426 | medium | — | 4.9 | 14y ago | OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass in… | |||
| CVE-2012-0723 | medium | — | 4.9 | 14y ago | The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly implement the dupmsg system call, which allows local users to cause a denial of service (system crash) via a c… | |||
| CVE-2012-1752 | medium | — | 4.9 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability, related to Kernel/NFS. | |||
| CVE-2012-2016 | medium | — | 4.9 | 14y ago | Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows local users to obtain sensitive information via unknown vectors. | |||
| CVE-2012-1121 | medium | — | 4.9 | 14y ago | MantisBT before 1.2.9 does not properly check permissions, which allows remote authenticated users with manager privileges to (1) modify or (2) delete global categories. | |||
| CVE-2012-2192 | medium | — | 4.9 | 14y ago | The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.1.4-FP-25 SP-02 allows local users to cause a denial of service (system crash) via a crafted application that leverages the presence … | |||
| CVE-2012-2390 | medium | — | 4.9 | 14y ago | Memory leak in mm/hugetlb.c in the Linux kernel before 3.4.2 allows local users to cause a denial of service (memory consumption or system crash) via invalid MAP_HUGETLB mmap operations. | |||
| CVE-2012-2384 | medium | — | 4.9 | 14y ago | Integer overflow in the i915_gem_do_execbuffer function in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.3.5 on 32-bit platfo… | |||
| CVE-2012-2383 | medium | — | 4.9 | 14y ago | Integer overflow in the i915_gem_execbuffer2 function in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.3.5 on 32-bit platform… | |||
| CVE-2012-2121 | medium | — | 4.9 | 14y ago | The KVM implementation in the Linux kernel before 3.3.4 does not properly manage the relationships between memory slots and the iommu, which allows guest OS users to cause a denial of service (memory… | |||
| CVE-2012-1601 | medium | — | 4.9 | 14y ago | The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after … | |||
| CVE-2012-0652 | medium | — | 4.9 | 14y ago | Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or networked home directories are enabled, does not properly restrict what is written to the system log for network logins, which allows … | |||
| CVE-2012-1692 | medium | — | 4.9 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability, related to SCTP. | |||
| CVE-2012-1681 | medium | — | 4.9 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kernel/sockfs. | |||
| CVE-2012-0573 | medium | — | 4.9 | 14y ago | Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.4.0 allows remote authenticated users to… | |||
| CVE-2012-0525 | medium | — | 4.9 | 14y ago | Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 11.1.0.7, 11.2.0.2, and 11.2.0.3, and Oracle Enterprise Manager Grid Control 10.2.0.5 and 11.1.0.… | |||
| CVE-2012-2006 | medium | — | 4.9 | 14y ago | Unspecified vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to modify data or cause a denial of service via unknown vectors. | |||
| CVE-2012-2273 | medium | — | 4.9 | 14y ago | Comodo Internet Security before 5.10.228257.2253 on Windows 7 x64 allows local users to cause a denial of service (system crash) via a crafted 32-bit Portable Executable (PE) file with a kernel Image… | |||
| CVE-2012-0134 | medium | — | 4.9 | 14y ago | Unspecified vulnerability in HP OpenVMS 7.3-2 on the Alpha platform, 8.3 and 8.4 on the Alpha and IA64 platforms, and 8.3-1h1 on the IA64 platform allows local users to cause a denial of service via … | |||
| CVE-2012-0118 | medium | — | 4.9 | 15y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different v… | |||
| CVE-2012-0116 | medium | — | 4.9 | 15y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | |||
| CVE-2012-0103 | medium | — | 4.9 | 15y ago | Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to Kernel. | |||
| CVE-2012-0030 | medium | — | 4.9 | 15y ago | Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI par… | |||
| CVE-2012-5969 | medium | — | 4.8 | 14y ago | Multiple directory traversal vulnerabilities on the Huawei E585 device allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the PATH_INFO of an sdcard/ request or (2) modify arbit… | |||
| CVE-2012-5968 | medium | — | 4.8 | 14y ago | The Huawei E585 device does not validate the status of admin sessions, which allows remote attackers to obtain sensitive user information and the session ID, and modify data, by leveraging access to … | |||
| CVE-2012-4565 | medium | — | 4.7 | 14y ago | The tcp_illinois_info function in net/ipv4/tcp_illinois.c in the Linux kernel before 3.4.19, when the net.ipv4.tcp_congestion_control illinois setting is enabled, allows local users to cause a denial… | |||
| CVE-2012-6333 | medium | — | 4.7 | 14y ago | Multiple HVM control operations in Xen 3.4 through 4.2 allow local HVM guest OS administrators to cause a denial of service (physical CPU consumption) via a large input. | |||
| CVE-2012-5515 | medium | — | 4.7 | 14y ago | The (1) XENMEM_decrease_reservation, (2) XENMEM_populate_physmap, and (3) XENMEM_exchange hypercalls in Xen 4.2 and earlier allow local guest administrators to cause a denial of service (long loop an… | |||
| CVE-2012-5514 | medium | — | 4.7 | 14y ago | The guest_physmap_mark_populate_on_demand function in Xen 4.2 and earlier does not properly unlock the subject GFNs when checking if they are in use, which allows local guest HVM administrators to ca… | |||
| CVE-2012-5511 | medium | — | 4.7 | 14y ago | Stack-based buffer overflow in the dirty video RAM tracking functionality in Xen 3.4 through 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) via a large bitmap image. |