Cross-site request forgery (CSRF) vulnerability in the web interface in Cisco Prime Infrastructure allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCue84676. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
The dissect_diagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.
The dissect_hartip function in epan/dissectors/packet-hartip.c in the HART/IP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.
The FCSP dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.
The AMPQ dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.
The DTLS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not validate the fragment offset before invoking the reassembly state machine, which allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Cisco Small Business 200 Series Smart Switch 1.2.7.76 and earlier, Small Business 300 Series Managed Switch 1.2.7.76 and earlier, and Small Business 500 Series Stackable Managed Switch 1.2.7.76. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The do_hvm_op function in xen/arch/x86/hvm/hvm.c in Xen 4.2.x on the x86_32 platform does not prevent HVM_PARAM_NESTEDHVM (aka nested virtualization) operations, which allows guest OS users to cause. Rated medium severity (CVSS 4.6). No vendor patch available.
The Hook_Terminate function in chrome_frame/protocol_sink_wrap.cc in the Google Chrome Frame plugin before 26.0.1410.28 for Internet Explorer does not properly handle attach tab requests, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Cross-site scripting (XSS) vulnerability in the Receiver Web User Interface on Trimble Infrastructure GNSS Series Receivers NetR3, NetR5, NetR8, and NetR9 before 4.70, and NetRS before 1.3-2, allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
oxenstored in Xen 4.1.x, Xen 4.2.x, and xen-unstable does not properly consider the state of the Xenstore ring during read operations, which allows guest OS users to cause a denial of service (daemon. Rated medium severity (CVSS 4.3). No vendor patch available.