Skip to main content
CVE-2012-6422 CRITICAL POC Act Now

The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Privilege Escalation Samsung Google Mx Galaxy Note 2 +1
NVD
CVSS 2.0
9.3
EPSS
6.6%
CVE-2012-5576 HIGH POC PATCH This Week

Multiple stack-based buffer overflows in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.8.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Memory Corruption RCE Gimp
NVD
CVSS 2.0
7.5
EPSS
6.3%
CVE-2012-5468 HIGH POC PATCH This Week

Heap-based buffer overflow in iconvert.c in the bogolexer component in Bogofilter before 1.2.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service RCE Bogofilter
NVD
CVSS 2.0
7.5
EPSS
6.1%
CVE-2012-5574 MEDIUM POC PATCH This Month

lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote attackers to read arbitrary files via a crafted upload request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Privilege Escalation Symfony
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2012-5195 HIGH PATCH This Week

Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service RCE Perl
NVD
CVSS 2.0
7.5
EPSS
5.3%
CVE-2012-4348 HIGH This Week

The management console in Symantec Endpoint Protection (SEP) 11.0 before RU7-MP3 and 12.1 before RU2, and Symantec Endpoint Protection Small Business Edition 12.x before 12.1 RU2, does not properly. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

PHP RCE Endpoint Protection
NVD
CVSS 2.0
7.2
EPSS
2.5%
CVE-2012-4350 HIGH This Week

Multiple unquoted Windows search path vulnerabilities in the (1) Manager and (2) Agent components in Symantec Enterprise Security Manager (ESM) before 11.0 allow local users to gain privileges via. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Enterprise Security Manager
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2012-5622 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the management console (openshift-console/app/controllers/application_controller.rb) in OpenShift 0.0.5 allows remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Openshift
NVD GitHub
CVSS 2.0
6.8
EPSS
0.2%
CVE-2012-5610 MEDIUM PATCH This Month

Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud before 4.0.9 and 4.5.x before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

PHP RCE Owncloud Owncloud Server
NVD GitHub
CVSS 2.0
6.5
EPSS
1.1%
CVE-2012-5609 MEDIUM PATCH This Month

Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted mount.php file in a ZIP file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

PHP RCE Owncloud Owncloud Server
NVD GitHub
CVSS 2.0
6.5
EPSS
1.0%
CVE-2012-4898 MEDIUM This Month

Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Mesh Os 1310 Distrubution Automation Mesh Router 1410 Mesh Router 1410 Wireless Mesh Router +5
NVD
CVSS 2.0
6.1
EPSS
0.1%
CVE-2012-5571 MEDIUM PATCH This Month

A flaw was found in OpenStack Keystone. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Elastic Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2012-5607 MEDIUM PATCH This Month

The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Owncloud Owncloud Server
NVD GitHub
CVSS 2.0
5.0
EPSS
0.4%
CVE-2012-5606 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.9 and 4.5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) file name to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Owncloud Owncloud Server
NVD GitHub
CVSS 2.0
4.3
EPSS
0.5%
CVE-2012-5608 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in apps/user_webdavauth/settings.php in ownCloud 4.5.x before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via arbitrary POST. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

PHP XSS Owncloud Server
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-5563 MEDIUM PATCH This Month

OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Folsom
NVD GitHub
CVSS 2.0
4.0
EPSS
0.4%
CVE-2012-4691 LOW Monitor

Memory leak in Siemens Automation License Manager (ALM) 4.x and 5.x before 5.2 allows remote attackers to cause a denial of service (memory consumption) via crafted packets. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Siemens Denial Of Service Automation License Manager
NVD
CVSS 2.0
3.3
EPSS
0.1%
CVE-2012-4693 LOW Monitor

Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ProcessSuite use a weak encryption algorithm for data in Ps_security.ini, which makes it easier for local users to discover passwords by. Rated low severity (CVSS 1.9). No vendor patch available.

Siemens Information Disclosure Wonderware Intouch Processsuite
NVD
CVSS 2.0
1.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy