CVEs from 2012
Total
5,235
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.4%
% with KEV
0.4%
% with exploit
0.5%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2012-2095 | medium | — | 6.9 | 12y ago | The SetWiredProperty function in the D-Bus interface in WICD before 1.7.2 allows local users to write arbitrary configuration settings and gain privileges via a crafted property name in a dbus messag… | |
| CVE-2012-4709 | medium | — | 6.9 | 13y ago | Invensys Wonderware InTouch HMI 2012 R2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) … | |
| CVE-2012-6568 | medium | — | 6.9 | 13y ago | Buffer overflow in the back-end component in Huawei UTPS 1.0 allows local users to gain privileges via a long IDS_PLUGIN_NAME string in a plug-in configuration file. | |
| CVE-2012-5660 | medium | — | 6.9 | 13y ago | abrt-action-install-debuginfo in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to set world-writable permissions for arbitrary files and possibly gain privileges via a syml… | |
| CVE-2012-4351 | medium | — | 6.9 | 14y ago | Integer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 allows local users to gain privileges via a crafted application. | |
| CVE-2012-4696 | medium | — | 6.9 | 14y ago | Buffer overflow in Beijer ADP 6.5.0-180_R1967 and 6.5.1-186_R2942, and H-Designer 6.5.0 B180_R1967, allows local users to gain privileges by inserting a long string into a DLL file. | |
| CVE-2012-2137 | medium | — | 6.9 | 14y ago | Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Linux kernel before 3.2.24 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via vectors r… | |
| CVE-2012-5513 | medium | — | 6.9 | 14y ago | The XENMEM_exchange handler in Xen 4.2 and earlier does not properly check the memory address, which allows local PV guest OS administrators to cause a denial of service (crash) or possibly gain priv… | |
| CVE-2012-3317 | medium | — | 6.9 | 14y ago | IBM WebSphere Message Broker 6.1 before 6.1.0.11, 7.0 before 7.0.0.5, and 8.0 before 8.0.0.2 has incorrect ownership of certain uninstaller Java Runtime Environment (JRE) files, which might allow loc… | |
| CVE-2012-6035 | medium | — | 6.9 | 14y ago | The do_tmem_destroy_pool function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly validate pool ids, which allows local guest OS users to cause a denial of service (memor… | |
| CVE-2012-3516 | medium | — | 6.9 | 14y ago | The GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall in Xen 4.2 and Citrix XenServer 6.0.2 allows local guest kernels or administrators to cause a denial of service (host crash) and… | |
| CVE-2012-3497 | medium | — | 6.9 | 14y ago | (1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2) TMEMC_SAVE_GET_CLIENT_CAP, (3) TMEMC_SAVE_GET_CLIENT_FLAGS and (4) TMEMC_SAVE_END in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS… | |
| CVE-2012-4206 | medium | — | 6.9 | 14y ago | Untrusted search path vulnerability in the installer in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 on Windows allows local users to gain privileges via a Trojan horse DLL in the … | |
| CVE-2012-4613 | medium | — | 6.9 | 14y ago | EMC RSA Data Protection Manager Appliance 2.7.x and 3.x before 3.2.1 does not properly restrict the number of authentication attempts by a user account, which makes it easier for local users to bypas… | |
| CVE-2012-3187 | medium | — | 6.9 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel. | |
| CVE-2012-5303 | medium | — | 6.9 | 14y ago | Monkey HTTP Daemon 0.9.3 might allow local users to overwrite arbitrary files via a symlink attack on a PID file, as demonstrated by a pathname different from the default /var/run/monkey.pid pathname. | |
| CVE-2012-4897 | medium | — | 6.9 | 14y ago | Untrusted search path vulnerability in the installer in VMware Movie Decoder before 9.0 allows local users to gain privileges via a Trojan horse executable file in the installer directory. | |
| CVE-2012-4443 | medium | — | 6.9 | 14y ago | Monkey HTTP Daemon 0.9.3 uses a real UID of root and a real GID of root during execution of CGI scripts, which might allow local users to gain privileges by leveraging cgi-bin write access. | |
| CVE-2012-3728 | medium | — | 6.9 | 14y ago | The kernel in Apple iOS before 6 dereferences invalid pointers during the handling of packet-filter data structures, which allows local users to gain privileges via a crafted program that makes packe… | |
| CVE-2012-4425 | medium | — | 6.9 | 14y ago | libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS env… | |
| CVE-2012-3524 | medium | — | 6.9 | 14y ago | libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_… | |
| CVE-2012-3052 | medium | — | 6.9 | 14y ago | Untrusted search path vulnerability in Cisco VPN Client 5.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka Bug ID CSCua28747. | |
| CVE-2012-3004 | medium | — | 6.9 | 14y ago | Multiple untrusted search path vulnerabilities in RealFlex RealWin before 2.1.13, FlexView before 3.1.86, and RealWinDemo before 2.1.13 allow local users to gain privileges via a Trojan horse (1) rea… | |
| CVE-2012-1666 | medium | — | 6.9 | 14y ago | Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion before 4.1.2, VMware View before 5.1, and VMware ESX 4.1 before U3 an… | |
| CVE-2012-4883 | medium | — | 6.9 | 14y ago | Multiple untrusted search path vulnerabilities in 3DVIA Composer V6R2012 HF1 Build 6.8.1.1652 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) ibfs32.dll file in the curr… | |
| CVE-2012-4882 | medium | — | 6.9 | 14y ago | Multiple untrusted search path vulnerabilities in 3D XML Player 6.212.13.12076 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) JT0DevPhase.dll file in the current workin… | |
| CVE-2012-4881 | medium | — | 6.9 | 14y ago | Untrusted search path vulnerability in moviEZ HD 1.0 Build 2554-29894-A allows local users to gain privileges via a Trojan horse avrt.dll file in the current working directory, as demonstrated by a d… | |
| CVE-2012-4880 | medium | — | 6.9 | 14y ago | Multiple untrusted search path vulnerabilities in DVD Architect Pro 5.2 Build 133 and DVD Architect Studio 5.0 Build 156 allow local users to gain privileges via a Trojan horse (1) enc_mp2v.200 or (2… | |
| CVE-2012-4866 | medium | — | 6.9 | 14y ago | Untrusted search path vulnerability in Xtreme RAT 3.5 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder a… | |
| CVE-2012-4759 | medium | — | 6.9 | 14y ago | Untrusted search path vulnerability in facebook_plugin.fpi in the Facebook plug-in in Foxit Reader 5.3.1.0606 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current w… | |
| CVE-2012-4758 | medium | — | 6.9 | 14y ago | Multiple untrusted search path vulnerabilities in CyberLink PowerProducer 5.5.3.2325 allow local users to gain privileges via a Trojan horse (1) mfc71loc.dll or (2) mfc71enu.dll file in the current w… | |
| CVE-2012-4757 | medium | — | 6.9 | 14y ago | Multiple untrusted search path vulnerabilities in CyberLink StreamAuthor 4.0 build 3308 allow local users to gain privileges via a Trojan horse (1) mfc71loc.dll or (2) mfc71enu.dll file in the curren… | |
| CVE-2012-4756 | medium | — | 6.9 | 14y ago | Multiple untrusted search path vulnerabilities in CyberLink LabelPrint 2.5.3602 allow local users to gain privileges via a Trojan horse (1) mfc71loc.dll or (2) mfc71enu.dll file in the current workin… | |
| CVE-2012-4755 | medium | — | 6.9 | 14y ago | Untrusted search path vulnerability in SciTools Understand before 2.6 build 600 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonst… | |
| CVE-2012-3974 | medium | — | 6.9 | 14y ago | Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 on Windows allows … | |
| CVE-2012-3486 | medium | — | 6.9 | 14y ago | Tunnelblick 3.3beta20 and earlier allows local users to gain privileges via an OpenVPN configuration file that specifies execution of a script upon occurrence of an OpenVPN event. | |
| CVE-2012-3015 | medium | — | 6.9 | 14y ago | Untrusted search path vulnerability in Siemens SIMATIC STEP7 before 5.5 SP1, as used in SIMATIC PCS7 7.1 SP3 and earlier and other products, allows local users to gain privileges via a Trojan horse D… | |
| CVE-2012-3005 | medium | — | 6.9 | 14y ago | Untrusted search path vulnerability in Invensys Wonderware InTouch 2012 and earlier, as used in Wonderware Application Server, Wonderware Information Server, Foxboro Control Software, InFusion CE/FE/… | |
| CVE-2012-4054 | medium | — | 6.9 | 14y ago | Buffer overflow in the readfile function in CPE17 Autorun Killer 1.7.1 and earlier allows physically proximate attackers to execute arbitrary code via a crafted inf file. | |
| CVE-2012-1894 | medium | — | 6.9 | 14y ago | Microsoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, which allows local users to gain privileges by pla… | |
| CVE-2012-2179 | medium | — | 6.9 | 14y ago | libodm.a in IBM AIX 5.3, 6.1, and 7.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | |
| CVE-2012-0304 | medium | — | 6.9 | 14y ago | Symantec LiveUpdate Administrator before 2.3.1 uses weak permissions (Everyone: Full Control) for the installation directory, which allows local users to gain privileges via a Trojan horse file. | |
| CVE-2012-2753 | medium | — | 6.9 | 14y ago | Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and E80.x on the VPN blade platform, Endpoint Security VPN R75, Endpoint … | |
| CVE-2012-1868 | medium | — | 6.9 | 14y ago | Race condition in the thread-creation implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application, aka "Win32k.… | |
| CVE-2012-1943 | medium | — | 6.9 | 14y ago | Untrusted search path vulnerability in Updater.exe in the Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allows local users to gain privileges via a T… | |
| CVE-2012-1053 | medium | — | 6.9 | 14y ago | The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 … | |
| CVE-2012-2010 | medium | — | 6.9 | 14y ago | The ACMELOGIN implementation in HP OpenVMS 8.3 and 8.4 on the Alpha platform, and 8.3, 8.3-1H1, and 8.4 on the Itanium platform, when the SYS$ACM system service is enabled, allows local users to gain… | |
| CVE-2012-0656 | medium | — | 6.9 | 14y ago | Race condition in LoginUIFramework in Apple Mac OS X 10.7.x before 10.7.4, when the Guest account is enabled, allows physically proximate attackers to login to arbitrary accounts by entering the acco… | |
| CVE-2012-0649 | medium | — | 6.9 | 14y ago | Race condition in the initialization routine in blued in Bluetooth in Apple Mac OS X before 10.7.4 allows local users to gain privileges via vectors involving a temporary file. | |
| CVE-2012-0279 | medium | — | 6.9 | 14y ago | Quest Toad for Data Analysts 3.0.1 uses weak permissions (Everyone: Full Control) for the %COMMONPROGRAMFILES%\Quest Shared directory, which allows local users to gain privileges via a Trojan horse f… | |
| CVE-2012-1242 | medium | — | 6.9 | 14y ago | Untrusted search path vulnerability in JustSystems Ichitaro 2011 Sou, Ichitaro 2006 through 2011, Ichitaro Government 2006 through 2010, Ichitaro Portable with oreplug, Ichitaro Viewer, JUST School, … | |
| CVE-2012-0883 | medium | — | 6.9 | 14y ago | envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the … | |
| CVE-2012-0008 | medium | — | 6.9 | 14y ago | Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual St… | |
| CVE-2012-0644 | medium | — | 6.9 | 14y ago | Race condition in the Passcode Lock feature in Apple iOS before 5.1 allows physically proximate attackers to bypass intended passcode requirements via a slide-to-dial gesture. | |
| CVE-2012-0056 | medium | — | 6.9 | 15y ago | The mem_write function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when writing to /proc/<pid>/mem, which allows local users to gain privileges by mod… | |
| CVE-2012-0005 | medium | — | 6.9 | 15y ago | The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean syste… | |
| CVE-2012-5485 | medium | — | 6.8 | 4y ago | registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface. | |
| CVE-2012-1978 | medium | — | 6.8 | 11y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Simple PHP Agenda 2.2.8 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an ad… | |
| CVE-2012-4902 | medium | — | 6.8 | 11y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Template CMS 2.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create an admi… | |
| CVE-2012-6691 | medium | — | 6.8 | 11y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to hijack the authentication of administrators for requests that conduct SQ… | |
| CVE-2012-2930 | medium | — | 6.8 | 11y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user … | |
| CVE-2012-1415 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in lib/logout.php in DFLabs PTK 1.0.5 and earlier allows remote attackers to hijack the authentication of administrators or investigators for requests … | |
| CVE-2012-1203 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in starnet/index.php in SyndeoCMS 3.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user acc… | |
| CVE-2012-5242 | medium | — | 6.8 | 12y ago | Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parame… | |
| CVE-2012-5695 | medium | — | 6.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of administrator… | |
| CVE-2012-5694 | medium | — | 6.8 | 12y ago | Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the (1) agentPhNo, (2) controlPhNo… | |
| CVE-2012-5701 | medium | — | 6.8 | 12y ago | Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search_string or (2) where parameter in a con… | |
| CVE-2012-5683 | medium | — | 6.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in ZPanel 10.0.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create new FTP user… | |
| CVE-2012-5395 | medium | — | 6.8 | 12y ago | Session fixation vulnerability in the CentralAuth extension for MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the centrala… | |
| CVE-2012-5391 | medium | — | 6.8 | 12y ago | Session fixation vulnerability in Special:UserLogin in MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the session_id. | |
| CVE-2012-5649 | medium | — | 6.8 | 12y ago | Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP callback, related to Adobe Flash. | |
| CVE-2012-6342 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in logout.action in Atlassian Confluence 3.4.6 allows remote attackers to hijack the authentication of administrators for requests that logout the user… | |
| CVE-2012-5422 | medium | — | 6.8 | 12y ago | Unspecified vulnerability in Cisco IOS before 15.3(2)T on AS5400 devices allows remote authenticated users to cause a denial of service (spurious errors) via unknown vectors, aka Bug ID CSCub61009. | |
| CVE-2012-5017 | medium | — | 6.8 | 12y ago | Cisco IOS before 15.1(1)SY1 allows remote authenticated users to cause a denial of service (device reload) by establishing a VPN session and then sending malformed IKEv2 packets, aka Bug ID CSCub3926… | |
| CVE-2012-5036 | medium | — | 6.8 | 12y ago | Cisco IOS before 12.2(50)SY1 allows remote authenticated users to cause a denial of service (memory consumption) via a sequence of VTY management sessions (aka exec sessions), aka Bug ID CSCtn43662. | |
| CVE-2012-4921 | medium | — | 6.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the DVS Custom Notification plugin 1.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators … | |
| CVE-2012-6636 | medium | — | 6.8 | 12y ago | The Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote attackers to execute arbitrary methods of Java objects by using the Java Reflection… | |
| CVE-2012-3406 | medium | — | 6.8 | 13y ago | The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SP… | |
| CVE-2012-6493 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Security Console before 5.5.4 allows remote attackers to hijack the authentication of unspecified victims for requests that delete sc… | |
| CVE-2012-6631 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in accounts/admin/index.php in Vessio NetBill 1.2 allows remote attackers to hijack the authentication of administrators for requests that add accounts… | |
| CVE-2012-6629 | medium | — | 6.8 | 13y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Newsletter Manager plugin 1.0.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for r… | |
| CVE-2012-5394 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the CentralAuth extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to hijack the authenti… | |
| CVE-2012-6303 | medium | — | 6.8 | 13y ago | Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile.c in the Snack Sound Toolkit, as used in WaveSurfer 1.8.8p4, allows remote attackers to cause a denial of service (crash… | |
| CVE-2012-0826 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the Aggregator module in Drupal 6.x before 6.23 and 7.x before 7.11 allows remote attackers to hijack the authentication of unspecified victims for … | |
| CVE-2012-0825 | medium | — | 6.8 | 13y ago | Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without det… | |
| CVE-2012-4112 | medium | — | 6.8 | 13y ago | The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary commands via crafted command parameters within the comman… | |
| CVE-2012-4121 | medium | — | 6.8 | 13y ago | Cisco NX-OS allows local users to gain privileges, and read or modify arbitrary files, via the sed (1) r and (2) w commands, aka Bug IDs CSCts56559, CSCts56565, CSCts56570, and CSCts56574. | |
| CVE-2012-4077 | medium | — | 6.8 | 13y ago | Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via the sed e option, aka Bug IDs CSCtf25457 and CSCtf27651. | |
| CVE-2012-4076 | medium | — | 6.8 | 13y ago | Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in a command that calls the system library function, aka Bug IDs CSCtf23559 and CSCtf27780. | |
| CVE-2012-4108 | medium | — | 6.8 | 13y ago | The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary operating-system commands via crafted parameters to a file-relate… | |
| CVE-2012-4106 | medium | — | 6.8 | 13y ago | The fabric-interconnect component in Cisco Unified Computing System (UCS) uses the same privilege level for execution of every script, which allows local users to gain privileges and execute arbitrar… | |
| CVE-2012-4084 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the web-management interface in the fabric interconnect (FI) component in Cisco Unified Computing System (UCS) allows remote attackers to hijack the… | |
| CVE-2012-4136 | medium | — | 6.8 | 13y ago | The high-availability service in the Fabric Interconnect component in Cisco Unified Computing System (UCS) does not properly bind the cluster service to the management interface, which allows remote … | |
| CVE-2012-4111 | medium | — | 6.8 | 13y ago | The create certreq command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bu… | |
| CVE-2012-4110 | medium | — | 6.8 | 13y ago | run-script in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86560. | |
| CVE-2012-4109 | medium | — | 6.8 | 13y ago | The clear sshkey command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug … | |
| CVE-2012-4103 | medium | — | 6.8 | 13y ago | ethanalyzer in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq02686. | |
| CVE-2012-4102 | medium | — | 6.8 | 13y ago | The activate firmware command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka… | |
| CVE-2012-3323 | medium | — | 6.8 | 13y ago | IBM Maximo Asset Management 6.2 before 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.3 allows remote attackers to gain privileges via unspecified vectors. | |
| CVE-2012-4082 | medium | — | 6.8 | 13y ago | MCTools in the Cisco Management Controller in Cisco Unified Computing System (UCS) allows local users to gain privileges by entering crafted command-line parameters on a Fabric Interconnect device, a… |