Skip to main content
CVE-2012-4554 MEDIUM POC PATCH THREAT This Month

The OpenID module in Drupal 7.x before 7.16 allows remote OpenID servers to read arbitrary files via a crafted DOCTYPE declaration in an XRDS file. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 55.1%.

Privilege Escalation Drupal
NVD
CVSS 2.0
5.0
EPSS
55.1%
Threat
4.2
CVE-2012-4564 MEDIUM POC THREAT This Month

ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 27.2%.

Buffer Overflow Denial Of Service RCE Libtiff Debian Linux +6
NVD
CVSS 2.0
6.8
EPSS
27.2%
CVE-2012-4513 MEDIUM POC THREAT This Month

khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large canvas dimensions, which leads to an. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.1%.

Buffer Overflow Denial Of Service Kde
NVD Exploit-DB
CVSS 2.0
6.4
EPSS
15.1%
CVE-2012-4515 MEDIUM POC This Month

Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service (crash) and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service RCE Kde
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
9.9%
CVE-2012-3523 MEDIUM This Month

The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 18.8% and no vendor patch available.

Privilege Escalation Command Injection Inn
NVD
CVSS 2.0
6.8
EPSS
18.8%
CVE-2012-4514 MEDIUM POC This Month

rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted web page, related to "trying to reuse a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Kde
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
4.9%
CVE-2012-4540 MEDIUM This Month

Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1 allows remote attackers. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service RCE Opensuse Icedtea Web
NVD
CVSS 2.0
6.8
EPSS
1.5%
CVE-2012-4553 MEDIUM PATCH This Month

Drupal 7.x before 7.16 allows remote attackers to obtain sensitive information and possibly re-install Drupal and execute arbitrary PHP code via an external database server, related to "transient. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

PHP Privilege Escalation Drupal
NVD
CVSS 2.0
6.8
EPSS
0.7%
CVE-2012-4732 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions before 3.8.15, and 4.0.6 and other versions before 4.0.8, allows remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Rt
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2012-4548 MEDIUM This Month

Argument injection vulnerability in syntax-highlighting.sh in cgit 9.0.3 and earlier allows remote authenticated users with permissions to add files to execute arbitrary commands via the --plug-in. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection Cgit
NVD
CVSS 2.0
6.0
EPSS
0.7%
CVE-2012-5482 MEDIUM PATCH This Month

The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Essex Folsom Image Registry And Delivery Service Glance
NVD GitHub
CVSS 2.0
5.5
EPSS
1.4%
CVE-2012-4573 MEDIUM PATCH This Month

The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Essex Folsom Image Registry And Delivery Service Glance
NVD GitHub
CVSS 2.0
5.5
EPSS
0.8%
CVE-2012-4884 MEDIUM This Month

Argument injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to create arbitrary files via unspecified vectors related to the GnuPG. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Rt
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2012-4734 MEDIUM This Month

Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to conduct a "confused deputy" attack to bypass the CSRF warning protection mechanism and cause victims to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Privilege Escalation Rt
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2012-5827 MEDIUM This Month

Joomla!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 2.0
4.3
EPSS
0.0%
CVE-2012-4731 MEDIUM This Month

FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly check user rights, which allows remote authenticated users to create arbitrary articles in arbitrary classes via unknown vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Rtfm
NVD
CVSS 2.0
4.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy