Skip to main content
CVE-2012-5660 MEDIUM POC This Month

abrt-action-install-debuginfo in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to set world-writable permissions for arbitrary files and possibly gain privileges via a. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.

Privilege Escalation Automatic Bug Reporting Tool
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2012-6118 MEDIUM POC This Month

The Administer tab in Aeolus Conductor allows remote authenticated users to bypass intended quota restrictions by updating the Maximum Running Instances quota user setting. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Aeolus Conductor
NVD
CVSS 2.0
5.5
EPSS
0.1%
CVE-2013-2292 HIGH This Week

bitcoind and Bitcoin-Qt 0.8.0 and earlier allow remote attackers to cause a denial of service (electricity consumption) by mining a block to create a nonstandard Bitcoin transaction containing. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Bitcoin Qt Bitcoin Core Bitcoind
NVD
CVSS 2.0
7.8
EPSS
2.9%
CVE-2012-4684 HIGH This Week

The alert functionality in bitcoind and Bitcoin-Qt before 0.7.0 supports different character representations of the same signature data, but relies on a hash of this signature, which allows remote. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Bitcoin Qt Bitcoin Core Bitcoind Wxbitcoin
NVD
CVSS 2.0
7.8
EPSS
0.9%
CVE-2012-5659 LOW POC Monitor

Untrusted search path vulnerability in plugins/abrt-action-install-debuginfo-to-abrt-cache.c in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to load and execute arbitrary. Rated low severity (CVSS 3.7). Public exploit code available and no vendor patch available.

Python Information Disclosure Automatic Bug Reporting Tool
NVD
CVSS 2.0
3.7
EPSS
0.1%
CVE-2012-5629 HIGH This Week

The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jboss Enterprise Application Platform Jboss Enterprise Web Platform
NVD
CVSS 2.0
7.5
EPSS
0.8%
CVE-2012-5633 MEDIUM PATCH This Month

The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Apache Authentication Bypass Cxf
NVD
CVSS 2.0
5.8
EPSS
1.8%
CVE-2012-6117 LOW POC Monitor

Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Red Hat Privilege Escalation Cloudforms Cloud Engine
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2012-5509 LOW POC Monitor

aeolus-configserver-setup in the Aeolas Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for a temporary file in /tmp, which allows local. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Red Hat Privilege Escalation Cloudforms Cloud Engine
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-0239 MEDIUM PATCH This Month

Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Apache Authentication Bypass Cxf
NVD
CVSS 2.0
5.0
EPSS
2.7%
CVE-2013-0252 MEDIUM This Month

boost::locale::utf::utf_traits in the Boost.Locale library in Boost 1.48 through 1.52 does not properly detect certain invalid UTF-8 sequences, which might allow remote attackers to bypass input. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Boost
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2013-2293 MEDIUM This Month

The CTransaction::FetchInputs method in bitcoind and Bitcoin-Qt before 0.8.0rc1 copies transactions from disk to memory without incrementally checking for spent prevouts, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Bitcoin Qt Bitcoin Core Bitcoind
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2013-2273 MEDIUM This Month

bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 make it easier for remote attackers to obtain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Bitcoin Qt Bitcoin Core Bitcoind
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-2272 MEDIUM This Month

The penny-flooding protection mechanism in the CTxMemPool::accept method in bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Bitcoin Qt Bitcoin Core Bitcoind
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2012-6076 MEDIUM This Month

Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and. Rated medium severity (CVSS 4.4). No vendor patch available.

Privilege Escalation Inkscape
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2013-0168 MEDIUM This Month

The MoveDisk command in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier does not properly check permissions on storage domains, which allows remote authenticated storage admins to. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Denial Of Service Enterprise Virtualization Manager
NVD
CVSS 2.0
4.0
EPSS
0.6%
CVE-2012-6115 LOW Monitor

The domain management tool (rhevm-manage-domains) in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier, when the validate action is enabled, logs the administrative password to a. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Authentication Bypass Enterprise Virtualization Manager
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy