Skip to main content
CVE-2012-5862 CRITICAL POC THREAT Emergency

These Sinapsi devices store hard-coded passwords in the PHP file of the device. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 18.3%.

PHP Authentication Bypass Sinapsi Firmware Esolar Duo Photovoltaic System Monitor Esolar Light Photovoltaic System Monitor +1
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
18.3%
Threat
4.0
CVE-2012-5864 CRITICAL POC THREAT Emergency

These Sinapsi devices do not check if users that visit pages within the device have properly authenticated. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 18.3%.

Authentication Bypass Sinapsi Firmware Esolar Duo Photovoltaic System Monitor Esolar Light Photovoltaic System Monitor Esolar Photovoltaic System Monitor
NVD Exploit-DB
CVSS 2.0
9.4
EPSS
18.3%
CVE-2012-5863 CRITICAL POC Act Now

These Sinapsi devices do not check for special elements in commands sent to the system. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Sinapsi Firmware Esolar Duo Photovoltaic System Monitor Esolar Light Photovoltaic System Monitor Esolar Photovoltaic System Monitor
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
9.1%
CVE-2012-5861 HIGH POC THREAT Act Now

These Sinapsi devices do not check the validity of the data before executing queries. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.8%.

SQLi Sinapsi Firmware Esolar Duo Photovoltaic System Monitor Esolar Light Photovoltaic System Monitor Esolar Photovoltaic System Monitor
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
13.8%
CVE-2012-2086 HIGH POC PATCH This Week

SQL injection vulnerability in the get_last_conversation_lines function in common/logger.py in Gajim before 0.15 allows remote attackers to execute arbitrary SQL commands via the jig parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Gajim
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2012-4601 MEDIUM POC PATCH This Month

Multiple SQL injection vulnerabilities in Nicola Asuni TCExam before 11.3.009 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the (1). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available.

PHP SQLi Tcexam
NVD
CVSS 2.0
6.0
EPSS
0.3%
CVE-2012-5759 CRITICAL Act Now

The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2 allows remote authenticated users to bypass intended administrative-role requirements and perform. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Websphere Datapower Xc10 Appliance
NVD
CVSS 2.0
9.0
EPSS
0.8%
CVE-2012-5758 HIGH This Week

The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2 does not require authentication for an unspecified interface, which allows remote attackers to cause a. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Authentication Bypass Websphere Datapower Xc10 Appliance
NVD
CVSS 2.0
7.8
EPSS
3.0%
CVE-2012-3515 HIGH This Week

Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qemu Xen Opensuse Linux Enterprise Desktop +9
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2012-6030 HIGH This Week

The do_tmem_op function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (host crash) and possibly have other unspecified impacts via. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2012-6035 MEDIUM This Month

The do_tmem_destroy_pool function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly validate pool ids, which allows local guest OS users to cause a denial of service. Rated medium severity (CVSS 6.9). No vendor patch available.

Buffer Overflow Denial Of Service RCE Xen
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2012-3497 MEDIUM This Month

(1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2) TMEMC_SAVE_GET_CLIENT_CAP, (3) TMEMC_SAVE_GET_CLIENT_FLAGS and (4) TMEMC_SAVE_END in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS. Rated medium severity (CVSS 6.9). No vendor patch available.

Buffer Overflow Denial Of Service Xen
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2012-3516 MEDIUM PATCH This Month

The GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall in Xen 4.2 and Citrix XenServer 6.0.2 allows local guest kernels or administrators to cause a denial of service (host crash) and. Rated medium severity (CVSS 6.9).

Privilege Escalation Denial Of Service Citrix Xenserver Xen
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2012-5173 MEDIUM This Month

Session fixation vulnerability in BIGACE before 2.7.8 allows remote attackers to hijack web sessions via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Bigace
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2012-3495 MEDIUM This Month

The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Citrix Denial Of Service Xenserver Xen
NVD
CVSS 2.0
6.1
EPSS
0.1%
CVE-2012-3498 MEDIUM This Month

PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and earlier allows local HVM guest OS kernels to cause a denial of service (host crash) and possibly read hypervisor or guest memory. Rated medium severity (CVSS 5.6), this vulnerability is low attack complexity. No vendor patch available.

Citrix Denial Of Service Xenserver Xen
NVD
CVSS 2.0
5.6
EPSS
0.1%
CVE-2012-0818 MEDIUM PATCH This Month

RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) injection attack. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure XXE Resteasy
NVD
CVSS 2.0
5.0
EPSS
1.4%
CVE-2012-6032 MEDIUM This Month

Multiple integer overflows in the (1) tmh_copy_from_client and (2) tmh_copy_to_client functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Xen
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2012-1167 MEDIUM This Month

The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Jboss Enterprise Application Platform Jboss Enterprise Brms Platform Jboss Enterprise Soa Platform Jboss Enterprise Web Platform
NVD
CVSS 2.0
4.6
EPSS
0.8%
CVE-2012-3496 MEDIUM PATCH This Month

XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG. Rated medium severity (CVSS 4.7).

Citrix Denial Of Service Xenserver Xen
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2012-6031 MEDIUM This Month

The do_tmem_get function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (CPU hang and host crash) via unspecified vectors related. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2012-4411 MEDIUM This Month

The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrators to obtain sensitive host resource information via the qemu monitor. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Xen
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2012-6036 MEDIUM This Month

The (1) memc_save_get_next_page, (2) tmemc_restore_put_page and (3) tmemc_restore_flush_page functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 do not check for negative id pools,. Rated medium severity (CVSS 4.4). No vendor patch available.

Privilege Escalation Buffer Overflow Denial Of Service RCE Xen
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2012-6034 MEDIUM This Month

The (1) tmemc_save_get_next_page and (2) tmemc_save_get_next_inv functions and the (3) TMEMC_SAVE_GET_POOL_UUID sub-operation in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 "do not check. Rated medium severity (CVSS 4.4). No vendor patch available.

Buffer Overflow Denial Of Service RCE Xen
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2012-6033 MEDIUM This Month

The do_tmem_control function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly check privileges, which allows local guest OS users to access control stack operations via. Rated medium severity (CVSS 4.4). No vendor patch available.

Privilege Escalation Xen
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2012-5756 MEDIUM This Month

The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2, when a collective configuration is enabled, has a single secret key that is shared across different. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Websphere Datapower Xc10 Appliance
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2012-4602 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in admin/code/tce_select_users_popup.php in Nicola Asuni TCExam before 11.3.009 allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

PHP XSS Tcexam
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-3431 MEDIUM This Month

The Teiid Java Database Connectivity (JDBC) socket, as used in JBoss Enterprise Data Services Platform before 5.3.0, does not encrypt login messages by default contrary to documentation and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Information Disclosure Jboss Enterprise Data Services Platform
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-2377 LOW Monitor

JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Jboss Enterprise Portal Platform Jboss Enterprise Soa Platform Jboss Enterprise Brms Platform
NVD
CVSS 2.0
3.3
EPSS
1.0%
CVE-2012-3494 LOW PATCH Monitor

The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Citrix Xenserver Xen
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy