Total
5466 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-4816 | 1 Ibm | 1 Rational Automation Framework | 2017-08-29 | 7.5 HIGH | N/A |
| IBM Rational Automation Framework (RAF) 3.x through 3.0.0.5 allows remote attackers to bypass intended Env Gen Wizard (aka Environment Generation Wizard) access restrictions by visiting context roots in HTTP sessions on port 8080. | |||||
| CVE-2012-4736 | 1 Sophos | 1 Safeguard Enterprise | 2017-08-29 | 3.3 LOW | N/A |
| The Device Encryption Client component in Sophos SafeGuard Enterprise 6.0, when a volume-based encryption policy is enabled in conjunction with a user-defined key, does not properly block use of exFAT USB flash drives, which makes it easier for local users to bypass intended access restrictions and copy sensitive information to a drive via multiple removal and reattach operations. | |||||
| CVE-2012-4594 | 1 Mcafee | 1 Epolicy Orchestrator | 2017-08-29 | 4.0 MEDIUM | N/A |
| McAfee ePolicy Orchestrator (ePO) 4.6.1 and earlier allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information from arbitrary reporting panels, via a modified ID value in a console URL. | |||||
| CVE-2012-4587 | 1 Mcafee | 2 Enterprise Mobility Manager, Enterprise Mobility Manager Agent | 2017-08-29 | 3.5 LOW | N/A |
| McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1, when one-time provisioning (OTP) mode is enabled, have an improper dependency on DNS SRV records, which makes it easier for remote attackers to discover user passwords by spoofing the EMM server, as demonstrated by a password entered on an iOS device. | |||||
| CVE-2012-4573 | 1 Openstack | 3 Essex, Folsom, Image Registry And Delivery Service \(glance\) | 2017-08-29 | 5.5 MEDIUM | N/A |
| The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482. | |||||
| CVE-2012-4387 | 1 Apache | 1 Struts | 2017-08-29 | 5.0 MEDIUM | N/A |
| Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression. | |||||
| CVE-2012-4230 | 1 Tinymce | 1 Tinymce | 2017-08-29 | 4.3 MEDIUM | N/A |
| The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the (1) encoding directive and (2) valid_elements attribute, which allows attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors, as demonstrated using a textarea element. | |||||
| CVE-2012-4090 | 1 Cisco | 5 Nexus 7000, Nexus 7000 10-slot, Nexus 7000 18-slot and 2 more | 2017-08-29 | 4.0 MEDIUM | N/A |
| The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089. | |||||
| CVE-2012-4063 | 1 Eucalyptus | 1 Eucalyptus | 2017-08-29 | 5.0 MEDIUM | N/A |
| The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors. | |||||
| CVE-2012-3750 | 1 Apple | 1 Iphone Os | 2017-08-29 | 3.6 LOW | N/A |
| The Passcode Lock implementation in Apple iOS before 6.0.1 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement and access Passbook passes via unspecified vectors. | |||||
| CVE-2012-3743 | 1 Apple | 1 Iphone Os | 2017-08-29 | 5.0 MEDIUM | N/A |
| The System Logs implementation in Apple iOS before 6 does not restrict /var/log access by sandboxed apps, which allows remote attackers to obtain sensitive information via a crafted app that reads log files. | |||||
| CVE-2012-3742 | 1 Apple | 1 Iphone Os | 2017-08-29 | 5.0 MEDIUM | N/A |
| Safari in Apple iOS before 6 does not properly restrict use of an unspecified Unicode character that looks similar to the https lock indicator, which allows remote attackers to spoof https connections by placing this character in the TITLE element of a web page. | |||||
| CVE-2012-3729 | 1 Apple | 1 Iphone Os | 2017-08-29 | 1.9 LOW | N/A |
| The Berkeley Packet Filter (BPF) interpreter implementation in the kernel in Apple iOS before 6 accesses uninitialized memory locations, which allows local users to obtain sensitive information about the layout of kernel memory via a crafted program that uses a BPF interface. | |||||
| CVE-2012-3714 | 1 Apple | 1 Safari | 2017-08-29 | 4.3 MEDIUM | N/A |
| The Form Autofill feature in Apple Safari before 6.0.1 does not restrict the filled fields to the set of fields contained in an Autofill popover, which allows remote attackers to obtain the Me card from an Address Book via a crafted web site. | |||||
| CVE-2012-3713 | 1 Apple | 1 Safari | 2017-08-29 | 4.3 MEDIUM | N/A |
| Apple Safari before 6.0.1 does not properly handle the Quarantine attribute of HTML documents, which allows user-assisted remote attackers to read arbitrary files by leveraging the presence of a downloaded document. | |||||
| CVE-2012-3579 | 1 Symantec | 1 Messaging Gateway | 2017-08-29 | 7.9 HIGH | N/A |
| Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged access via an SSH session. | |||||
| CVE-2012-3578 | 1 Wordpress | 2 Fcchat Widget, Wordpress | 2017-08-29 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in html/Upload.php in the FCChat Widget plugin 2.2.13.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in html/images. | |||||
| CVE-2012-3577 | 2 Nmedia, Wordpress | 2 Member Conversation, Wordpress | 2017-08-29 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in doupload.php in the Nmedia Member Conversation plugin before 1.4 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/user_uploads. | |||||
| CVE-2012-3576 | 2 Jquindlen, Wordpress | 2 Wpstorecart, Wordpress | 2017-08-29 | 10.0 HIGH | N/A |
| Unrestricted file upload vulnerability in php/upload.php in the wpStoreCart plugin before 2.5.30 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/wpstorecart. | |||||
| CVE-2012-3575 | 2 Rbx Gallery, Wordpress | 2 Rbx Gallery, Wordpress | 2017-08-29 | 10.0 HIGH | N/A |
| Unrestricted file upload vulnerability in uploader.php in the RBX Gallery plugin 2.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/rbxslider. | |||||