Skip to main content
CVE-2012-4002 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in GLPI-PROJECT GLPI before 0.83.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Glpi
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2012-5351 MEDIUM PATCH This Month

Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Apache Authentication Bypass Axis2
NVD
CVSS 2.0
6.4
EPSS
0.3%
CVE-2012-5352 MEDIUM This Month

Java Open Single Sign-On Project Home (JOSSO) allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Java Authentication Bypass Java Open Single Sign On Project Home
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2012-5353 MEDIUM This Month

Eduserv OpenAthens SP 2.0 for Java allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack.". Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Java Authentication Bypass Openathens Service Provider
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2012-3505 MEDIUM This Month

Tinyproxy 1.8.3 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via (1) a large number of headers or (2) a large number of forged headers that trigger. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Tinyproxy
NVD
CVSS 2.0
5.0
EPSS
2.5%
CVE-2012-5109 MEDIUM This Month

The International Components for Unicode (ICU) functionality in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Google Chrome
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2012-5110 MEDIUM This Month

The compositor in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Google Chrome
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2012-4003 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in GLPI-PROJECT GLPI before 0.83.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Glpi
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-4457 MEDIUM PATCH This Month

OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Keystone
NVD GitHub
CVSS 2.0
4.0
EPSS
0.6%
CVE-2012-4452 LOW Monitor

MySQL 5.0.88, and possibly other versions and platforms, allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Privilege Escalation MySQL
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2012-4453 LOW PATCH Monitor

dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Red Hat Privilege Escalation Dracut Fedora Enterprise Linux Desktop +2
NVD
CVSS 2.0
2.1
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy