Skip to main content
CVE-2012-4557 MEDIUM POC PATCH THREAT This Month

The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 26.0%.

Denial Of Service Apache Http Server Apache HTTP Server
NVD
CVSS 2.0
5.0
EPSS
26.0%
CVE-2012-5568 MEDIUM POC THREAT This Month

Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.8%.

Tomcat Denial Of Service Apache Opensuse
NVD
CVSS 2.0
5.0
EPSS
13.8%
CVE-2012-4220 MEDIUM This Month

diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 17.8% and no vendor patch available.

RCE Denial Of Service Google Qualcomm Android
NVD
CVSS 2.0
6.8
EPSS
17.8%
CVE-2012-4472 MEDIUM POC PATCH This Month

Unrestricted file upload vulnerability in upload.php in the Drag & Drop Gallery module 6.x-1.5 and earlier for Drupal allows remote attackers to execute arbitrary PHP code by uploading a file with an. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. Public exploit code available.

PHP File Upload Drag Drop Gallery
NVD
CVSS 2.0
5.1
EPSS
0.7%
CVE-2012-4562 HIGH This Week

Multiple integer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (infinite loop or crash) and possibly execute arbitrary code via unspecified vectors, which. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE Libssh
NVD
CVSS 2.0
7.5
EPSS
6.7%
CVE-2012-4560 HIGH This Week

Multiple buffer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE Libssh
NVD
CVSS 2.0
7.5
EPSS
6.6%
CVE-2012-6063 HIGH This Week

Double free vulnerability in the sftp_mkdir function in sftp.c in libssh before 0.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service RCE Libssh
NVD
CVSS 2.0
7.5
EPSS
2.1%
CVE-2012-4551 HIGH This Week

Use-after-free vulnerability in libunity-webapps before 2.4.1 allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted web. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE Libunity Webapps
NVD
CVSS 2.0
7.5
EPSS
2.0%
CVE-2012-5174 HIGH This Week

The KYOCERA AH-K3001V, AH-K3002V, WX300K, WX310K, WX320K, and WX320KR devices allow remote attackers to cause a denial of service (persistent reboot) via an e-mail message in an invalid format. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Ah K3001V Ah K3002V Xw300K Xw310K +2
NVD
CVSS 2.0
7.8
EPSS
0.1%
CVE-2012-4559 MEDIUM This Month

Multiple double free vulnerabilities in the (1) agent_sign_data function in agent.c, (2) channel_request function in channels.c, (3) ssh_userauth_pubkey function in auth.c, (4) sftp_parse_attr_3. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service RCE Libssh
NVD
CVSS 2.0
6.8
EPSS
5.0%
CVE-2012-4479 HIGH PATCH This Week

SQL injection vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Drag Drop Gallery
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2012-4470 HIGH PATCH This Week

The Listhandler module 6.x-1.x before 6.x-1.1 for Drupal does not properly check permissions when importing emails, which allows remote comment authors to bypass access restrictions and possibly have. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Listhandler
NVD
CVSS 2.0
7.5
EPSS
0.3%
CVE-2012-4221 MEDIUM This Month

Integer overflow in diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Denial Of Service Google Qualcomm Android
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2012-4478 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to hijack the authentication of administrators. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Drag Drop Gallery
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2012-4561 MEDIUM This Month

The (1) publickey_make_dss, (2) publickey_make_rsa, (3) signature_from_string, (4) ssh_do_sign, and (5) ssh_sign_session_id functions in keys.c in libssh before 0.5.3 free "an invalid pointer on an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Libssh
NVD
CVSS 2.0
5.0
EPSS
3.7%
CVE-2012-4834 MEDIUM PATCH This Month

Directory traversal vulnerability in LayerLoader.jsp in the theme component in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF19 and 8.0 before CF03 allows remote attackers to read arbitrary files. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM Websphere Portal
NVD
CVSS 2.0
5.0
EPSS
1.7%
CVE-2012-4475 MEDIUM PATCH This Month

The Security Questions module for Drupal 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.1 does not properly restrict access, which allows remote attackers to edit an arbitrary user's questions and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Security Questions
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2012-4471 MEDIUM PATCH This Month

The Search Autocomplete module 7.x-2.x before 7.x-2.4 for Drupal does not properly restrict access to the module admin page, which allows remote attackers to disable an autocompletion or change the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Search Autocomplete
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2012-4477 MEDIUM PATCH This Month

Unspecified vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to bypass access restrictions via unknown attack vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Drag Drop Gallery
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2012-4474 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Colorbox Node module 7.x-2.x before 7.x-2.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Dennis Blake
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-4468 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Privatemsg module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a user name in a private message. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Privatemsg
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-4476 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Drag Drop Gallery
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-4222 MEDIUM This Month

drivers/gpu/msm/kgsl.c in the Qualcomm Innovation Center (QuIC) Graphics KGSL kernel-mode driver for Android 2.3 through 4.2 allows attackers to cause a denial of service (NULL pointer dereference). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Qualcomm Android
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2012-4473 LOW PATCH Monitor

{type} page" permission to access unpublished. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Privilege Escalation Restrict Node Page View
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2012-4469 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Hashcash module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.2 for Drupal, when "Log failed hashcash" is enabled, allows remote attackers to inject. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.

XSS Hashcash
NVD
CVSS 2.0
2.6
EPSS
0.4%
CVE-2012-4571 LOW PATCH Monitor

Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Python Information Disclosure Keyring
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy