Total
10626 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-5424 | 1 Cisco | 1 Secure Access Control Server | 2017-08-29 | 5.0 MEDIUM | N/A |
| Cisco Secure Access Control System (ACS) 5.x before 5.2 Patch 11 and 5.3 before 5.3 Patch 7, when a certain configuration involving TACACS+ and LDAP is used, does not properly validate passwords, which allows remote attackers to bypass authentication by sending a valid username and a crafted password string, aka Bug ID CSCuc65634. | |||||
| CVE-2012-5356 | 1 Canonical | 1 Ubuntu Software Properties | 2017-08-29 | 5.8 MEDIUM | N/A |
| The apt-add-repository tool in Ubuntu Software Properties 0.75.x before 0.75.10.3, 0.80.x before 0.80.9.2, 0.81.x before 0.81.13.5, 0.82.x before 0.82.7.3, and 0.92.x before 0.92.8 does not properly check PPA GPG keys imported from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack. | |||||
| CVE-2012-5321 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2017-08-29 | 5.8 MEDIUM | N/A |
| tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka "frame injection." | |||||
| CVE-2012-5170 | 1 Simon Brown | 1 Pebble | 2017-08-29 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in Pebble before 2.6.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2012-4999 | 1 Mercurycom | 2 Mr804, Mr804 Firmware | 2017-08-29 | 6.1 MEDIUM | N/A |
| Mercury MR804 Router 8.0 3.8.1 Build 101220 Rel.53006nB allows remote attackers to cause a denial of service (service hang) via a crafted string in HTTP header fields such as (1) If-Modified-Since, (2) If-None-Match, or (3) If-Unmodified-Since. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-4918 | 1 Activision | 1 Call Of Duty Elite | 2017-08-29 | 5.8 MEDIUM | N/A |
| Call of Duty Elite for iOS 2.0.1 does not properly validate the server SSL certificate, which allows remote attackers to obtain sensitive information via a Man-in-the-Middle (MITM) attack. | |||||
| CVE-2012-4858 | 1 Ibm | 1 Cognos Business Intelligence | 2017-08-29 | 9.3 HIGH | N/A |
| IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 does not properly validate Java serialized input, which allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2012-4850 | 1 Ibm | 1 Websphere Application Server | 2017-08-29 | 7.5 HIGH | N/A |
| IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1, when JAX-RS is used, does not properly validate requests, which allows remote attackers to gain privileges via unspecified vectors. | |||||
| CVE-2012-4672 | 1 Apple | 1 Ichat Server | 2017-08-29 | 5.8 MEDIUM | N/A |
| Apple iChat Server does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted. | |||||
| CVE-2012-4670 | 1 Tigase | 1 Tigase Xmpp Server | 2017-08-29 | 6.4 MEDIUM | N/A |
| Tigase XMPP Server before 5.1.0 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response. | |||||
| CVE-2012-4655 | 1 Cisco | 1 Secure Desktop | 2017-08-29 | 9.3 HIGH | N/A |
| The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204. | |||||
| CVE-2012-4623 | 1 Cisco | 2 Ios, Ios Xe | 2017-08-29 | 7.8 HIGH | N/A |
| The DHCPv6 server in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x, 3.1.xS before 3.1.4S, 3.1.xSG and 3.2.xSG before 3.2.5SG, 3.2.xS, 3.2.xXO, 3.3.xS, and 3.3.xSG before 3.3.1SG allows remote attackers to cause a denial of service (device reload) via a malformed DHCPv6 packet, aka Bug ID CSCto57723. | |||||
| CVE-2012-4544 | 1 Xen | 1 Xen | 2017-08-29 | 2.1 LOW | N/A |
| The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk. | |||||
| CVE-2012-4538 | 1 Xen | 1 Xen | 2017-08-29 | 4.9 MEDIUM | N/A |
| The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not properly check the pagetable state when running on shadow pagetables, which allows a local HVM guest OS to cause a denial of service (hypervisor crash) via unspecified vectors. | |||||
| CVE-2012-4463 | 1 Midnight-commander | 1 Midnight Commander | 2017-08-29 | 5.1 MEDIUM | N/A |
| Midnight Commander (mc) 4.8.5 does not properly handle the (1) MC_EXT_SELECTED or (2) MC_EXT_ONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote attackers to execute arbitrary commands via a crafted file name. | |||||
| CVE-2012-4176 | 1 Adobe | 1 Shockwave Player | 2017-08-29 | 10.0 HIGH | N/A |
| Array index error in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2012-4122 | 1 Cisco | 1 Nx-os | 2017-08-29 | 6.2 MEDIUM | N/A |
| The CLI parser in Cisco NX-OS allows local users to bypass intended access restrictions, and overwrite or create arbitrary files, via shell output redirection, aka Bug IDs CSCts56672 and CSCts56669. | |||||
| CVE-2012-4098 | 1 Cisco | 1 Nx-os | 2017-08-29 | 5.0 MEDIUM | N/A |
| The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13055. | |||||
| CVE-2012-4091 | 1 Cisco | 1 Nx-os | 2017-08-29 | 5.0 MEDIUM | N/A |
| The RIP service engine in Cisco NX-OS allows remote attackers to cause a denial of service (engine restart) via a malformed (1) RIPv4 or (2) RIPv6 message, aka Bug ID CSCtj73415. | |||||
| CVE-2012-4089 | 1 Cisco | 1 Unified Computing System | 2017-08-29 | 6.6 MEDIUM | N/A |
| MCTOOLS in the fabric interconnect in Cisco Unified Computing System (UCS) allows local users to execute arbitrary Baseboard Management Controller (BMC) commands by leveraging (1) local, (2) shell-level, or (3) debug-level privileges at the operating-system layer, aka Bug ID CSCtg76239. | |||||