Skip to main content
CVE-2012-4896 CRITICAL Act Now

Heap-based buffer overflow in SumatraPDF before 2.1 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2012-4895. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE Sumatrapdf
NVD
CVSS 2.0
9.3
EPSS
8.5%
CVE-2012-4895 CRITICAL Act Now

Heap-based buffer overflow in SumatraPDF before 2.1 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2012-4896. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE Sumatrapdf
NVD
CVSS 2.0
9.3
EPSS
8.5%
CVE-2012-4894 CRITICAL Act Now

Google SketchUp before 8.0.14346 (aka 8 Maintenance 3) allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SKP file. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Google RCE Sketchup
NVD
CVSS 2.0
9.3
EPSS
6.8%
CVE-2012-0845 MEDIUM POC PATCH This Month

SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python Denial Of Service
NVD
CVSS 2.0
5.0
EPSS
2.8%
CVE-2012-1150 MEDIUM POC PATCH This Month

Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python Denial Of Service
NVD
CVSS 2.0
5.0
EPSS
1.7%
CVE-2012-4897 MEDIUM This Month

Untrusted search path vulnerability in the installer in VMware Movie Decoder before 9.0 allows local users to gain privileges via a Trojan horse executable file in the installer directory. Rated medium severity (CVSS 6.9). No vendor patch available.

VMware Information Disclosure Movie Decoder
NVD
CVSS 2.0
6.9
EPSS
0.2%
CVE-2012-4443 MEDIUM This Month

Monkey HTTP Daemon 0.9.3 uses a real UID of root and a real GID of root during execution of CGI scripts, which might allow local users to gain privileges by leveraging cgi-bin write access. Rated medium severity (CVSS 6.9). No vendor patch available.

Privilege Escalation Monkey
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2012-5303 MEDIUM This Month

Monkey HTTP Daemon 0.9.3 might allow local users to overwrite arbitrary files via a symlink attack on a PID file, as demonstrated by a pathname different from the default /var/run/monkey.pid pathname. Rated medium severity (CVSS 6.9). No vendor patch available.

Information Disclosure Monkey
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2012-5051 MEDIUM This Month

Directory traversal vulnerability in VMware CapacityIQ 1.5.x allows remote attackers to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Path Traversal Capacityiq
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2012-4442 MEDIUM This Month

Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the root account during operations with a non-root effective UID, which might allow local users to bypass intended file-read. Rated medium severity (CVSS 4.7). No vendor patch available.

Privilege Escalation Monkey
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2012-5050 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the server in VMware vCenter Operations (aka vCOps) before 5.0.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

VMware XSS Vcenter Operations
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-4018 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Final Beta Laboratory MyWebSearch before 1.23 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Mywebsearch
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy