Skip to main content
CVE-2012-4601 MEDIUM POC PATCH This Month

Multiple SQL injection vulnerabilities in Nicola Asuni TCExam before 11.3.009 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the (1). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available.

PHP SQLi Tcexam
NVD
CVSS 2.0
6.0
EPSS
0.3%
CVE-2012-6035 MEDIUM This Month

The do_tmem_destroy_pool function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly validate pool ids, which allows local guest OS users to cause a denial of service. Rated medium severity (CVSS 6.9). No vendor patch available.

Buffer Overflow Denial Of Service RCE Xen
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2012-3497 MEDIUM This Month

(1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2) TMEMC_SAVE_GET_CLIENT_CAP, (3) TMEMC_SAVE_GET_CLIENT_FLAGS and (4) TMEMC_SAVE_END in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS. Rated medium severity (CVSS 6.9). No vendor patch available.

Buffer Overflow Denial Of Service Xen
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2012-3516 MEDIUM PATCH This Month

The GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall in Xen 4.2 and Citrix XenServer 6.0.2 allows local guest kernels or administrators to cause a denial of service (host crash) and. Rated medium severity (CVSS 6.9).

Privilege Escalation Denial Of Service Citrix Xenserver Xen
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2012-5173 MEDIUM This Month

Session fixation vulnerability in BIGACE before 2.7.8 allows remote attackers to hijack web sessions via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Bigace
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2012-3495 MEDIUM This Month

The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Citrix Denial Of Service Xenserver Xen
NVD
CVSS 2.0
6.1
EPSS
0.1%
CVE-2012-3498 MEDIUM This Month

PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and earlier allows local HVM guest OS kernels to cause a denial of service (host crash) and possibly read hypervisor or guest memory. Rated medium severity (CVSS 5.6), this vulnerability is low attack complexity. No vendor patch available.

Citrix Denial Of Service Xenserver Xen
NVD
CVSS 2.0
5.6
EPSS
0.1%
CVE-2012-0818 MEDIUM PATCH This Month

RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) injection attack. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure XXE Resteasy
NVD
CVSS 2.0
5.0
EPSS
1.4%
CVE-2012-6032 MEDIUM This Month

Multiple integer overflows in the (1) tmh_copy_from_client and (2) tmh_copy_to_client functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Xen
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2012-1167 MEDIUM This Month

The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Jboss Enterprise Application Platform Jboss Enterprise Brms Platform Jboss Enterprise Soa Platform Jboss Enterprise Web Platform
NVD
CVSS 2.0
4.6
EPSS
0.8%
CVE-2012-3496 MEDIUM PATCH This Month

XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG. Rated medium severity (CVSS 4.7).

Citrix Denial Of Service Xenserver Xen
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2012-6031 MEDIUM This Month

The do_tmem_get function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (CPU hang and host crash) via unspecified vectors related. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2012-4411 MEDIUM This Month

The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrators to obtain sensitive host resource information via the qemu monitor. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Xen
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2012-6036 MEDIUM This Month

The (1) memc_save_get_next_page, (2) tmemc_restore_put_page and (3) tmemc_restore_flush_page functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 do not check for negative id pools,. Rated medium severity (CVSS 4.4). No vendor patch available.

Privilege Escalation Buffer Overflow Denial Of Service RCE Xen
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2012-6034 MEDIUM This Month

The (1) tmemc_save_get_next_page and (2) tmemc_save_get_next_inv functions and the (3) TMEMC_SAVE_GET_POOL_UUID sub-operation in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 "do not check. Rated medium severity (CVSS 4.4). No vendor patch available.

Buffer Overflow Denial Of Service RCE Xen
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2012-6033 MEDIUM This Month

The do_tmem_control function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly check privileges, which allows local guest OS users to access control stack operations via. Rated medium severity (CVSS 4.4). No vendor patch available.

Privilege Escalation Xen
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2012-5756 MEDIUM This Month

The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2, when a collective configuration is enabled, has a single secret key that is shared across different. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Websphere Datapower Xc10 Appliance
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2012-4602 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in admin/code/tce_select_users_popup.php in Nicola Asuni TCExam before 11.3.009 allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

PHP XSS Tcexam
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-3431 MEDIUM This Month

The Teiid Java Database Connectivity (JDBC) socket, as used in JBoss Enterprise Data Services Platform before 5.3.0, does not encrypt login messages by default contrary to documentation and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Information Disclosure Jboss Enterprise Data Services Platform
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy