Skip to main content
CVE-2012-4467 MEDIUM POC PATCH This Month

The (1) do_siocgstamp and (2) do_siocgstampns functions in net/socket.c in the Linux kernel before 3.5.4 use an incorrect argument order, which allows local users to obtain sensitive information from. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 2.0
6.6
EPSS
0.0%
CVE-2012-4465 MEDIUM This Month

Heap-based buffer overflow in the substr function in parsing.c in cgit 0.9.0.3 and earlier allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE Cgit
NVD
CVSS 2.0
6.5
EPSS
3.5%
CVE-2012-3984 MEDIUM This Month

Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has a SELECT element's menu active, which allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Firefox Seamonkey Thunderbird +3
NVD
CVSS 2.0
6.8
EPSS
2.0%
CVE-2012-5354 MEDIUM This Month

Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has multiple menus of SELECT elements active, which allows. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Firefox Seamonkey Thunderbird
NVD
CVSS 2.0
6.8
EPSS
0.9%
CVE-2012-4455 MEDIUM This Month

openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) LCK..opencryptoki or (2) LCK..opencryptoki_stdll file in. Rated medium severity (CVSS 6.2). No vendor patch available.

Information Disclosure Opencryptoki
NVD
CVSS 2.0
6.2
EPSS
0.0%
CVE-2012-5356 MEDIUM This Month

The apt-add-repository tool in Ubuntu Software Properties 0.75.x before 0.75.10.3, 0.80.x before 0.80.9.2, 0.81.x before 0.81.13.5, 0.82.x before 0.82.7.3, and 0.92.x before 0.92.8 does not properly. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Ubuntu Ubuntu Software Properties
NVD
CVSS 2.0
5.8
EPSS
0.7%
CVE-2012-4445 MEDIUM This Month

Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Hostapd
NVD
CVSS 2.0
4.3
EPSS
5.3%
CVE-2012-4463 MEDIUM This Month

Midnight Commander (mc) 4.8.5 does not properly handle the (1) MC_EXT_SELECTED or (2) MC_EXT_ONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Midnight Commander
NVD
CVSS 2.0
5.1
EPSS
0.6%
CVE-2012-3040 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web server on Siemens SIMATIC S7-1200 PLCs 2.x through 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Siemens XSS Simatic S7 1200 Firmware Simatic S7 1200 Cpu 1211C Firmware Simatic S7 1200 Cpu 1212C Firmware +6
NVD
CVSS 2.0
4.3
EPSS
1.2%
CVE-2012-3992 MEDIUM This Month

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla XSS Firefox Thunderbird Esr Thunderbird +9
NVD
CVSS 2.0
4.3
EPSS
1.1%
CVE-2012-4184 MEDIUM This Month

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Google XSS Firefox Thunderbird Esr +11
NVD
CVSS 2.0
4.3
EPSS
1.1%
CVE-2012-3994 MEDIUM This Month

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla XSS Firefox Thunderbird Esr Thunderbird +9
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2012-3985 MEDIUM This Month

Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly implement the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla XSS Firefox Seamonkey Thunderbird +3
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2012-3986 MEDIUM This Month

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Authentication Bypass Firefox Thunderbird Esr Thunderbird +10
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2012-4430 MEDIUM PATCH This Month

The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Bacula Debian Linux
NVD
CVSS 2.0
4.0
EPSS
0.6%
CVE-2012-3987 MEDIUM This Month

Mozilla Firefox before 16.0 on Android assigns chrome privileges to Reader Mode pages, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Mozilla Google Firefox Chrome
NVD
CVSS 2.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy