SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Google Chrome before 21.0.1180.82 on iOS on iPad devices allows remote attackers to spoof the Omnibox URL via vectors involving SSL error messages, a related issue to CVE-2012-0674. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Google Chrome before 21.0.1180.82 on iOS makes certain incorrect calls to WebView methods that trigger use of an applewebdata: URL, which allows remote attackers to bypass the Same Origin Policy and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.