Skip to main content
CVE-2012-3569 CRITICAL POC PATCH THREAT Act Now

Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 80.6%.

VMware Microsoft RCE Ovf Tool Workstation +1
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
80.6%
Threat
5.8
CVE-2012-2543 CRITICAL Emergency

Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 65.9% and no vendor patch available.

Buffer Overflow Microsoft RCE Excel Excel Viewer +2
NVD
CVSS 2.0
9.3
EPSS
65.9%
CVE-2012-1885 CRITICAL Emergency

Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Office 2008 and 2011 for Mac; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 65.9% and no vendor patch available.

Buffer Overflow Microsoft RCE Excel Office +1
NVD
CVSS 2.0
9.3
EPSS
65.9%
CVE-2012-1886 CRITICAL Emergency

Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 62.1% and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft RCE Excel +2
NVD
CVSS 2.0
9.3
EPSS
62.1%
CVE-2012-1887 CRITICAL Emergency

Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, and Office 2008 and 2011 for Mac, allows remote attackers to execute arbitrary code via a crafted. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 58.3% and no vendor patch available.

Denial Of Service Microsoft RCE Excel Office
NVD
CVSS 2.0
9.3
EPSS
58.3%
CVE-2012-1528 CRITICAL Emergency

Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 47.4% and no vendor patch available.

Buffer Overflow Microsoft Windows 7 Windows 8 Windows Server 2003 +4
NVD
CVSS 2.0
9.3
EPSS
47.4%
CVE-2012-1527 CRITICAL Emergency

Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 47.4% and no vendor patch available.

Information Disclosure Microsoft Windows 7 Windows 8 Windows Server 2003 +4
NVD
CVSS 2.0
9.3
EPSS
47.4%
CVE-2012-4776 CRITICAL Emergency

The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 45.0% and no vendor patch available.

Microsoft RCE Net Framework
NVD
CVSS 2.0
9.3
EPSS
45.0%
CVE-2012-2619 HIGH POC THREAT Act Now

The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 26.5%.

Broadcom Denial Of Service Buffer Overflow Samsung Apple +4
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
26.5%
CVE-2012-1896 MEDIUM This Month

Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 48.7% and no vendor patch available.

Information Disclosure Microsoft Net Framework
NVD
CVSS 2.0
5.0
EPSS
48.7%
CVE-2012-1538 CRITICAL Act Now

Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CFormElement Use After Free Vulnerability.". Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 14.2% and no vendor patch available.

Denial Of Service Microsoft RCE Internet Explorer
NVD
CVSS 2.0
9.3
EPSS
14.2%
CVE-2012-1539 HIGH Act Now

Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreePos Use After Free Vulnerability.". Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 19.0% and no vendor patch available.

Denial Of Service Microsoft RCE Internet Explorer
NVD
CVSS 3.1
8.1
EPSS
19.0%
CVE-2012-4775 HIGH Act Now

Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreeNode Use After Free Vulnerability.". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 14.8% and no vendor patch available.

Denial Of Service Microsoft RCE Internet Explorer
NVD
CVSS 3.1
8.8
EPSS
14.8%
CVE-2012-4777 CRITICAL Act Now

The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 10.2% and no vendor patch available.

Privilege Escalation Microsoft RCE Net Framework
NVD
CVSS 2.0
9.3
EPSS
10.2%
CVE-2012-4953 CRITICAL Act Now

The decomposer engine in Symantec Endpoint Protection (SEP) 11.0, Symantec Endpoint Protection Small Business Edition 12.0, Symantec AntiVirus Corporate Edition (SAVCE) 10.x, and Symantec Scan Engine. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service RCE Antivirus Endpoint Protection +1
NVD
CVSS 2.0
9.3
EPSS
9.5%
CVE-2012-1895 CRITICAL Act Now

The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Microsoft RCE Net Framework
NVD
CVSS 2.0
9.3
EPSS
9.3%
CVE-2012-4949 MEDIUM POC This Month

SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenticated users to execute arbitrary SQL commands via the where parameter to a query URI for a REST service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Arcgis Server
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
1.3%
CVE-2012-2532 MEDIUM This Month

Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 19.6% and no vendor patch available.

Information Disclosure Microsoft Command Injection Ftp Service
NVD
CVSS 2.0
5.0
EPSS
19.6%
CVE-2012-5458 HIGH This Week

VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows use weak permissions for unspecified process threads, which allows host OS users to gain host OS privileges via a. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Microsoft Player Workstation
NVD
CVSS 2.0
8.3
EPSS
0.1%
CVE-2012-2519 HIGH This Week

Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse. Rated high severity (CVSS 7.9). No vendor patch available.

Information Disclosure Microsoft Net Framework
NVD
CVSS 2.0
7.9
EPSS
0.7%
CVE-2012-5459 HIGH PATCH This Week

Untrusted search path vulnerability in VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows allows host OS users to gain host OS privileges via a Trojan horse DLL in a. Rated high severity (CVSS 7.9).

VMware Information Disclosure Microsoft Player Workstation
NVD
CVSS 2.0
7.9
EPSS
0.1%
CVE-2012-2530 HIGH This Week

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Windows 7 Windows Server 2003 Windows Server 2008 +2
NVD
CVSS 2.0
7.2
EPSS
2.5%
CVE-2012-4850 HIGH This Week

IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1, when JAX-RS is used, does not properly validate requests, which allows remote attackers to gain privileges via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Websphere Application Server
NVD
CVSS 2.0
7.5
EPSS
0.8%
CVE-2012-2553 HIGH This Week

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Windows 7 Windows Server 2003 Windows Server 2008 +2
NVD
CVSS 2.0
7.2
EPSS
1.3%
CVE-2012-4853 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Application Server 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Information Disclosure IBM Websphere Application Server
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2012-4948 MEDIUM This Month

The default configuration of Fortinet Fortigate UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier. Rated medium severity (CVSS 5.3). No vendor patch available.

Fortinet Information Disclosure Fortigate 1000C Fortigate 100D Fortigate 110C +26
NVD
CVSS 2.0
5.3
EPSS
0.2%
CVE-2012-3330 MEDIUM This Month

The proxy server in IBM WebSphere Application Server 7.0 before 7.0.0.27, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1, and WebSphere Virtual Enterprise, allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Websphere Application Server
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2012-4851 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Websphere Application Server
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2012-4847 MEDIUM This Month

IBM Cognos Business Intelligence (BI) 8.4 and 8.4.1 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted request containing a zero-valued byte. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Cognos Business Intelligence
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2012-5860 MEDIUM This Month

Unspecified vulnerability on Oberthur ID-One COSMO 5.2, 5.2a, and 64 smart cards makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging the generation of. Rated medium severity (CVSS 4.0). No vendor patch available.

Information Disclosure Id One Cosmo
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2012-2531 LOW Monitor

Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka "Password Disclosure. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft
NVD
CVSS 2.0
2.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy