Medium
CVE-2012-0538
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect confidentiality and integri…
Read moreUncategorized 2012
Page 15/19.
CVEs without a recognized CWE (not present in the CWE map or marked as N/A).
CVSS ≥ 0.0
2012-05-03
Medium
CVE-2012-0537
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity, related to HTML pages.
Read moreMedium
CVE-2012-0536
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 8.9 through Bundle #26 allows remote authenticated users to affect confidentiality via unknown vect…
Read moreMedium
CVE-2012-0535
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors related…
Read moreMedium
CVE-2012-0534
Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect integrity vi…
Read moreMedium
CVE-2012-0533
Unspecified vulnerability in the PeopleSoft Enterprise FCSM component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related…
Read moreMedium
CVE-2012-0532
Unspecified vulnerability in the Identity Manager component in Oracle Fusion Middleware 11.1.1.3 and 11.1.1.5 allows remote authenticated users to affect confidentiality and integrity via unknown vec…
Read moreLow
CVE-2012-0531
Unspecified vulnerability in the PeopleSoft Enterprise Portal component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect integrity via unknown vectors related to Enterpri…
Read moreMedium
CVE-2012-0530
Unspecified vulnerability in the PeopleSoft Enterprise SCM component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote authenticated users to affect integrity via unknown vectors related to ePr…
Read moreLow
CVE-2012-0529
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51 allows remote authenticated users to affect integrity via unknown vectors related to co…
Read moreMedium
CVE-2012-0528
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, and 11.1.0.7, and Oracle Enterprise Manager Grid Control, allows re…
Read moreMedium
CVE-2012-0527
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, and Oracle Enterprise Manager Gri…
Read moreMedium
CVE-2012-0526
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, and Oracle Enterprise Manager Gri…
Read moreMedium
CVE-2012-0525
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 11.1.0.7, 11.2.0.2, and 11.2.0.3, and Oracle Enterprise Manager Grid Control 10.2.0.5 and 11.1.0.…
Read moreLow
CVE-2012-0524
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows local users to affect confidentiality and integrity via unknown…
Read moreHigh
CVE-2012-0523
Unspecified vulnerability in the Oracle Grid Engine component in Oracle Sun Products Suite 6.1 and 6.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors re…
Read moreMedium
CVE-2012-0522
Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect integrity via unknown vectors related to Java Business Objects.
Read moreMedium
CVE-2012-0521
Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.1 Bundle #9 allows remote authenticated users to affect confidentiality via unknown vectors relate…
Read moreMedium
CVE-2012-0520
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.2, and in Oracle Enterprise Manager Grid Contr…
Read moreHigh
CVE-2012-0519
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.2.0.2, when running on Windows, allows remote authenticated users to affect confidentiality, integrity, and availabi…
Read moreMedium
CVE-2012-0517
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors r…
Read moreMedium
CVE-2012-0516
Unspecified vulnerability in the Oracle iPlanet Web Server component in Oracle Sun Products Suite 7.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vector…
Read moreMedium
CVE-2012-0515
Unspecified vulnerability in the Identity Manager Connector component in Oracle Fusion Middleware 9.1.0.4 allows remote authenticated users to affect integrity via unknown vectors.
Read moreMedium
CVE-2012-0514
Unspecified vulnerability in the PeopleSoft Enterprise CRM component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality, related to SEC.
Read moreLow
CVE-2012-0513
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect integrity, related to REST Services.
Read moreMedium
CVE-2012-0512
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 11.1.0.7 and 11.2.0.2 and Oracle Enterprise Manager Grid Control allows remote authenticated user…
Read moreMedium
CVE-2012-0511
Unspecified vulnerability in the OCI component in Oracle Database Server 10.2.0.3, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect confidentiality and integrity via unknown vectors.
Read moreMedium
CVE-2012-0510
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, and 11.1.0.7 allows remote attackers to affect integrity and availability via unknown vec…
Read moreLow
CVE-2012-0509
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2 and 5.3.0 through 5.3.4 allows remote authenticated users to affect integrity via…
Read moreCritical
CVE-2012-0208
Unspecified vulnerability in the Oracle Grid Engine component in Oracle Sun Products Suite 6.1 and 6.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unk…
Read moreHigh
CVE-2011-4023
Memory leak in libcmd in Cisco NX-OS 5.0 on Nexus switches allows remote authenticated users to cause a denial of service (memory consumption) via SNMP requests, aka Bug ID CSCtr65682.
Read moreMedium
CVE-2011-4019
Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager (CUCM) 7.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted respo…
Read moreHigh
CVE-2012-0734
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly import jobs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other i…
Read moreMedium
CVE-2012-0733
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when Integrated Windows authentication is used, allows remote authenticated users to obtain administrative privileges by hijacking a sessio…
Read moreMedium
CVE-2012-0732
The Enterprise Console client in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof serv…
Read moreMedium
CVE-2012-0729
Unrestricted file upload vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to execute arbitrary ASP.NET code by uploading a .aspx file, and…
Read more2012-05-02
Medium
CVE-2012-2006
Unspecified vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to modify data or cause a denial of service via unknown vectors.
Read moreCritical
CVE-2012-1819
Untrusted search path vulnerability in WellinTech KingView 6.53 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
Read moreHigh
CVE-2012-2000
Multiple unspecified vulnerabilities in HP System Health Application and Command Line Utilities before 9.0.0 allow remote attackers to execute arbitrary code via unknown vectors.
Read moreMedium
CVE-2012-0362
The extended ACL functionality in Cisco IOS 12.2(58)SE2 and 15.0(1)SE discards all lines that end with a log or time keyword, which allows remote attackers to bypass intended access restrictions in o…
Read moreMedium
CVE-2012-0361
The sccp-protocol component in Cisco IP Communicator (CIPC) 7.0 through 8.6 does not limit the rate of SCCP messages to Cisco Unified Communications Manager (CUCM), which allows remote attackers to c…
Read moreCritical
CVE-2011-4012
Cisco IOS 12.0, 15.0, and 15.1, when a Policy Feature Card 3C (PFC3C) is used, does not create a fragment entry during processing of an ICMPv6 ACL, which has unspecified impact and remote attack vect…
Read moreLow
CVE-2011-3289
Cisco IOS 12.4 and 15.0 through 15.2 allows physically proximate attackers to bypass the No Service Password-Recovery feature and read the start-up configuration via unspecified vectors, aka Bug ID C…
Read moreHigh
CVE-2011-2578
Memory leak in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (memory consumption) via malformed SIP packets on a NAT interface, aka Bug ID CSCts12366.
Read more2012-05-01
Medium
CVE-2012-0279
Quest Toad for Data Analysts 3.0.1 uses weak permissions (Everyone: Full Control) for the %COMMONPROGRAMFILES%\Quest Shared directory, which allows local users to gain privileges via a Trojan horse f…
Read moreMedium
CVE-2012-2162
The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password, which allows remote attackers to…
Read moreMedium
CVE-2012-0878
Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leverag…
Read moreMedium
CVE-2012-2217
The HTC IQRD service for Android on the HTC EVO 4G before 4.67.651.3, EVO Design 4G before 2.12.651.5, Shift 4G before 2.77.651.3, EVO 3D before 2.17.651.5, EVO View 4G before 2.23.651.1, Vivid befor…
Read moreCritical
CVE-2011-3079
The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has u…
Read more2012-04-30
Medium
CVE-2012-2111
The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not p…
Read moreLow
CVE-2012-0863
Mumble 1.2.3 and earlier uses world-readable permissions for .local/share/data/Mumble/.mumble.sqlite files in home directories, which might allow local users to obtain a cleartext password and config…
Read more2012-04-28
Medium
CVE-2012-2213
Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reprod…
Read moreMedium
CVE-2012-2212
McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might no…
Read moreHigh
CVE-2012-2440
The default configuration of the TP-Link 8840T router enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly have unspecifie…
Read moreHigh
CVE-2012-2439
The default configuration of the NETGEAR ProSafe FVS318N firewall enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly hav…
Read moreHigh
CVE-2012-1803
RuggedCom Rugged Operating System (ROS) 3.10.x and earlier has a factory account with a password derived from the MAC Address field in the banner, which makes it easier for remote attackers to obtain…
Read more2012-04-27
Medium
CVE-2012-0466
template/en/default/list/list.js.tmpl in Bugzilla 2.x and 3.x before 3.6.9, 3.7.x and 4.0.x before 4.0.6, and 4.1.x and 4.2.x before 4.2.1 does not properly handle multiple logins, which allows remot…
Read moreMedium
CVE-2012-0465
Bugzilla 3.5.x and 3.6.x before 3.6.9, 3.7.x and 4.0.x before 4.0.6, and 4.1.x and 4.2.x before 4.2.1, when the inbound_proxies option is enabled, does not properly validate the X-Forwarded-For HTTP…
Read moreMedium
CVE-2012-1244
The NTT DOCOMO sp mode mail application 5400 and earlier for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain…
Read moreMedium
CVE-2012-1242
Untrusted search path vulnerability in JustSystems Ichitaro 2011 Sou, Ichitaro 2006 through 2011, Ichitaro Government 2006 through 2010, Ichitaro Portable with oreplug, Ichitaro Viewer, JUST School,…
Read more2012-04-25
Low
CVE-2012-2424
The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allow remote atta…
Read moreLow
CVE-2012-2419
Memory leak in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, al…
Read moreMedium
CVE-2012-1143
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted font.
Read moreMedium
CVE-2012-0479
Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the addres…
Read moreCritical
CVE-2012-0478
The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonk…
Read moreLow
CVE-2012-0475
Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers…
Read moreMedium
CVE-2012-0473
The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey bef…
Read moreCritical
CVE-2012-0469
Use-after-free vulnerability in the mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through…
Read moreCritical
CVE-2012-0467
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and S…
Read more2012-04-24
High
CVE-2012-2131
Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly…
Read more2012-04-22
Critical
CVE-2012-2405
Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement encryption, which has unspecified impact and attack vectors, a different vulnerability than CVE-2012-1113.
Read moreMedium
CVE-2012-0946
The NVIDIA UNIX driver before 295.40 allows local users to access arbitrary memory locations by leveraging GPU device-node read/write privileges.
Read moreMedium
CVE-2012-0743
IBM Tivoli Directory Server (TDS) 6.3 and earlier allows remote attackers to cause a denial of service (daemon crash) via a malformed LDAP paged search request.
Read moreMedium
CVE-2012-0726
The default configuration of TLS in IBM Tivoli Directory Server (TDS) 6.3 and earlier supports the (1) NULL-MD5 and (2) NULL-SHA ciphers, which allows remote attackers to trigger unencrypted communic…
Read moreMedium
CVE-2012-0216
The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides exa…
Read more2012-04-21
Medium
CVE-2012-2402
wp-admin/plugins.php in WordPress before 3.3.2 allows remote authenticated site administrators to bypass intended access restrictions and deactivate network-wide plugins via unspecified vectors.
Read moreMedium
CVE-2012-2401
Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows…
Read moreCritical
CVE-2012-2400
Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress before 3.3.2 has unknown impact and attack vectors.
Read moreCritical
CVE-2012-2399
Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote…
Read more2012-04-20
Medium
CVE-2012-0407
Integer overflow in the DPA_Utilities library in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (infinite loop) via a negative 64-bit value…
Read moreHigh
CVE-2012-0406
The DPA_Utilities.cProcessAuthenticationData function in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemo…
Read more2012-04-19
Medium
CVE-2012-2396
VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted MP4 file.
Read moreMedium
CVE-2012-0134
Unspecified vulnerability in HP OpenVMS 7.3-2 on the Alpha platform, 8.3 and 8.4 on the Alpha and IA64 platforms, and 8.3-1h1 on the IA64 platform allows local users to cause a denial of service via…
Read more2012-04-18
Critical
CVE-2011-5088
The GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32 9.21 and BizViz 9.21 configures the trusted zone on the basis of user input, which allows remote attackers to execute arbitrary code vi…
Read moreLow
CVE-2012-1993
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.0 allows local users to modify data or obtain sensitive information via unknown vectors.
Read moreMedium
CVE-2012-0883
envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the…
Read moreLow
CVE-2012-0135
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.0 allows remote authenticated users to cause a denial of service via unknown vectors.
Read moreMedium
CVE-2011-5087
Unspecified vulnerability in AdAstrA TRACE MODE Data Center allows remote attackers to read arbitrary files via unknown vectors, as demonstrated by the GLEG Agora SCADA+ Exploit Pack for Immunity CAN…
Read more2012-04-17
High
CVE-2012-1518
VMware Workstation 8.x before 8.0.2, VMware Player 4.x before 4.0.2, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 use an incorrect ACL for the VMware To…
Read moreMedium
CVE-2012-2267
master.exe in the SNMP Master Agent in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to cause a denial of service (daemon crash) by establishing and clo…
Read moreLow
CVE-2012-1923
RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x store passwords in cleartext under adm_b_db\users\, which allows local users to obtain sensitive information by reading a database.
Read more2012-04-16
High
CVE-2012-1241
GRScript18.dll before 1.2.2.0 in ActiveScriptRuby (ASR) before 1.8.7 does not properly restrict interaction with an Internet Explorer ActiveX environment, which allows remote attackers to execute arb…
Read more2012-04-13
High
CVE-2011-1779
Multiple use-after-free vulnerabilities in libarchive 2.8.4 and 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted (…
Read moreMedium
CVE-2012-1809
The web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 allows remote attackers to cause a denial of service (resour…
Read moreMedium
CVE-2011-4881
The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 does not properly check return values from functions, which allows remote attackers to cause a denial of service (NULL pointer deref…
Read moreHigh
CVE-2011-4874
Use-after-free vulnerability in MICROSYS PROMOTIC before 8.1.7 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (data corruption and application crash) via…
Read more2012-04-12
Medium
CVE-2012-2230
Cloudera Manager 3.7.x before 3.7.5 and Service and Configuration Manager 3.5, when Kerberos is not enabled, does not properly install taskcontroller.cfg, which allows remote authenticated users to i…
Read moreMedium
CVE-2012-1574
The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera had…
Read moreLow
CVE-2012-0133
HP ProCurve 5400 zl switches with certain serial numbers include a compact flash card that contains an unspecified virus, which might allow user-assisted remote attackers to execute arbitrary code on…
Read more2012-04-11
High
CVE-2012-2225
360zip 1.93beta allows remote attackers to execute arbitrary code via vectors related to file browsing and file extraction.
Read moreHigh
CVE-2012-2210
The Sony Bravia TV KDL-32CX525 allows remote attackers to cause a denial of service (configuration outage or device crash) via a flood of TCP SYN packets, as demonstrated by hping, a related issue to…
Read moreMedium
CVE-2012-1596
The mp2t_process_fragmented_payload function in epan/dissectors/packet-mp2t.c in the MP2T dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial o…
Read moreMedium
CVE-2012-1595
The pcap_process_pseudo_header function in wiretap/pcap-common.c in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a…
Read moreLow
CVE-2012-1593
epan/dissectors/packet-ansi_a.c in the ANSI A dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (NULL pointer dereference and appl…
Read moreLow
CVE-2012-0042
Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 does not properly perform certain string conversions, which allows remote attackers to cause a denial of service (NULL pointer dereference and app…
Read more2012-04-10
Critical
CVE-2012-0776
The installer in Adobe Reader 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors.
Read moreCritical
CVE-2012-0774
Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code via a crafted TrueType font.
Read moreCritical
CVE-2012-1182
The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory…
Read moreMedium
CVE-2012-0147
Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafte…
Read more2012-04-06
Critical
CVE-2012-1239
The TopAccess web-based management interface on TOSHIBA TEC e-Studio multi-function peripheral (MFP) devices with firmware 30x through 302, 35x through 354, and 4xx through 421 allows remote attacker…
Read moreMedium
CVE-2012-1238
Session fixation vulnerability in SENCHA SNS before 1.0.2 allows remote attackers to hijack web sessions via unspecified vectors.
Read more2012-04-05
Medium
CVE-2012-2054
Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the (1) Comment, (2) Document, (3) Iss…
Read moreHigh
CVE-2012-2053
The sudoers file in the Linux system configuration in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 does not require a password for executing commands as root, which allows local users to gain privileges…
Read moreLow
CVE-2011-5000
The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory co…
Read moreCritical
CVE-2012-0131
Distributed Computing Environment (DCE) 1.8 and 1.9 on HP HP-UX B.11.11 and B.11.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
Read moreHigh
CVE-2012-0129
HP Onboard Administrator (OA) before 3.50 allows remote attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors.
Read moreMedium
CVE-2008-7311
The session cookie store implementation in Spree 0.2.0 uses a hardcoded config.action_controller_session hash value (aka secret key), which makes it easier for remote attackers to bypass cryptographi…
Read moreMedium
CVE-2008-7310
Spree 0.2.0 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the Order state value and bypass the intended payment step vi…
Read moreMedium
CVE-2008-7309
Insoshi before 20080920 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the ForumPost user_id value via a modified URL, r…
Read more2012-04-03
Medium
CVE-2011-4044
An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to modify files via calls to unknown methods.
Read more