Skip to main content
CVE-2012-6329 HIGH POC PATCH THREAT Act Now

The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 82.0%.

Code Injection RCE Perl
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
82.0%
Threat
5.5
CVE-2012-6330 MEDIUM POC THREAT This Month

The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 73.3%.

Denial Of Service Twiki Foswiki
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
73.3%
Threat
4.7
CVE-2012-6496 HIGH POC PATCH This Week

SQL injection vulnerability in the Active Record component in Ruby on Rails before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Rails Ruby On Rails
NVD
CVSS 2.0
7.5
EPSS
1.0%
CVE-2012-5976 MEDIUM This Month

Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 29.7% and no vendor patch available.

Buffer Overflow Denial Of Service Asterisk Certified Asterisk
NVD
CVSS 2.0
5.0
EPSS
29.7%
CVE-2012-6497 MEDIUM POC PATCH This Month

The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe find_by_id method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Rails
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2012-6089 HIGH PATCH This Week

Multiple stack-based buffer overflows in the canoniseFileName function in os/pl-os.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service RCE Swi Prolog
NVD
CVSS 2.0
7.5
EPSS
2.5%
CVE-2012-6090 HIGH PATCH This Week

Multiple stack-based buffer overflows in the expand function in os/pl-glob.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service RCE Swi Prolog
NVD
CVSS 2.0
7.5
EPSS
2.1%
CVE-2012-5581 MEDIUM This Month

Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service RCE Libtiff
NVD
CVSS 2.0
6.8
EPSS
1.6%
CVE-2012-0861 MEDIUM This Month

The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vds_bootstrap.py, which prevents. Rated medium severity (CVSS 6.8). No vendor patch available.

Python Red Hat RCE Enterprise Virtualization Manager
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2012-0860 MEDIUM This Month

Multiple untrusted search path vulnerabilities in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, allow local users to gain privileges via a Trojan horse (1). Rated medium severity (CVSS 6.2). No vendor patch available.

Python Red Hat Information Disclosure Enterprise Virtualization Manager
NVD
CVSS 2.0
6.2
EPSS
0.1%
CVE-2012-5603 MEDIUM This Month

proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users'. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Cloudforms
NVD
CVSS 2.0
5.5
EPSS
0.3%
CVE-2012-5977 MEDIUM This Month

Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Asterisk Certified Asterisk
NVD
CVSS 2.0
4.3
EPSS
1.1%
CVE-2012-4543 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) pageStart or (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat XSS Certificate System
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2012-4556 MEDIUM This Month

The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Denial Of Service Apache Certificate System
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2012-4555 MEDIUM This Month

The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Denial Of Service Apache Certificate System
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2012-3538 LOW Monitor

Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in a world-readable file, which allows local users to read pulp administrative passwords by reading production.log. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Authentication Bypass Cloudforms
NVD
CVSS 2.0
3.3
EPSS
0.2%
CVE-2012-6348 LOW Monitor

Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite before 2012.5, allows local users to (1) overwrite arbitrary files via a symlink attack on the adcheckDMoutput temporary file,. Rated low severity (CVSS 3.3). No vendor patch available.

Information Disclosure Centrify Deployment Manager Centrify Suite
NVD
CVSS 2.0
3.3
EPSS
0.1%
CVE-2012-2696 LOW Monitor

The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1 does not properly check privileges, which allows remote authenticated users to query arbitrary information via a (1) SOAP. Rated low severity (CVSS 2.7), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Enterprise Virtualization Manager
NVD
CVSS 2.0
2.7
EPSS
0.1%
CVE-2012-5605 LOW Monitor

Grinder in Red Hat CloudForms before 1.1 uses world-writable permissions for /var/lib/pulp/cache/grinder/, which allows local users to modify grinder cache files. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Cloudforms
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2012-4574 LOW Monitor

Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions for pulp.conf, which allows local users to read the administrative password by reading this file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Authentication Bypass Cloudforms
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2012-5516 LOW Monitor

Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when moving disks between storage domains, does not properly wipe-after-delete, which prevents disks from being securely deleted and. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure Enterprise Virtualization Manager
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy