Total
5210 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-3579 | 1 Symantec | 1 Messaging Gateway | 2017-08-29 | 7.9 HIGH | N/A |
| Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged access via an SSH session. | |||||
| CVE-2012-3317 | 1 Ibm | 1 Websphere Message Broker | 2017-08-29 | 6.9 MEDIUM | N/A |
| IBM WebSphere Message Broker 6.1 before 6.1.0.11, 7.0 before 7.0.0.5, and 8.0 before 8.0.0.2 has incorrect ownership of certain uninstaller Java Runtime Environment (JRE) files, which might allow local users to gain privileges by leveraging access to uid 501 or gid 300. | |||||
| CVE-2012-2720 | 2 Adam Ross, Drupal | 2 Tokenauth, Drupal | 2017-08-29 | 5.0 MEDIUM | N/A |
| The Token Authentication (tokenauth) module 6.x-1.x before 6.x-1.7 for Drupal does not properly revert user sessions, which might allow remote attackers to perform requests with extra privileges. | |||||
| CVE-2012-1195 | 1 Landesk | 1 Lenovo Thinkmanagement Console | 2017-08-29 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in andesk/managementsuite/core/core.anonymous/ServerSetup.asmx in the ServerSetup web service in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via a PutUpdateFileCore command in a RunAMTCommand SOAP request, then accessing the file via a direct request to the file in the web root. | |||||
| CVE-2012-0701 | 1 Ibm | 2 Infosphere Datastage, Infosphere Information Server | 2017-08-29 | 6.5 MEDIUM | N/A |
| The client applications in the DataStage Administrator client in InfoSphere DataStage in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 rely on client-side access control, which allows remote authenticated users to gain privileges via unspecified vectors. | |||||
| CVE-2012-3321 | 1 Ibm | 1 Smartcloud Control Desk | 2017-08-29 | 6.5 MEDIUM | N/A |
| IBM SmartCloud Control Desk 7.5 allows remote authenticated users to bypass intended access restrictions via vectors involving an expired password. | |||||
| CVE-2012-2101 | 1 Openstack | 1 Nova | 2017-08-29 | 3.5 LOW | N/A |
| Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service (CPU and hard drive consumption) via a network request that triggers a large number of iptables rules. | |||||
| CVE-2012-1428 | 3 Cat, Norman, Sophos | 3 Quick Heal, Norman Antivirus \& Antispyware, Sophos Anti-virus | 2017-08-29 | 4.3 MEDIUM | N/A |
| The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a POSIX TAR file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. | |||||
| CVE-2012-3577 | 2 Nmedia, Wordpress | 2 Member Conversation, Wordpress | 2017-08-29 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in doupload.php in the Nmedia Member Conversation plugin before 1.4 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/user_uploads. | |||||
| CVE-2012-2188 | 1 Ibm | 2 Power Hardware Management Console Firmware, Systems Director Management Console Firmware | 2017-08-29 | 7.2 HIGH | N/A |
| IBM Power Hardware Management Console (HMC) 7R3.5.0 before SP4, 7R7.1.0 and 7R7.2.0 before 7R7.2.0 SP3, and 7R7.3.0 before SP2, and Systems Director Management Console (SDMC) 6R7.3.0 before SP2, does not properly restrict the VIOS viosrvcmd command, which allows local users to gain privileges via vectors involving a (1) $ (dollar sign) or (2) & (ampersand) character. | |||||
| CVE-2012-3449 | 1 Openvswitch | 1 Openvswitch | 2017-08-29 | 3.6 LOW | N/A |
| Open vSwitch 1.4.2 uses world writable permissions for (1) /var/lib/openvswitch/pki/controllerca/incoming/ and (2) /var/lib/openvswitch/pki/switchca/incoming/, which allows local users to delete and overwrite arbitrary files. | |||||
| CVE-2012-2702 | 2 Drupal, Tony Freixas | 2 Drupal, Ubercart Product Keys | 2017-08-29 | 5.0 MEDIUM | N/A |
| The Ubercart Product Keys module 6.x-1.x before 6.x-1.1 for Drupal does not properly check access for product keys, which allows remote attackers to read all unassigned product keys via certain conditions related to the uid. | |||||
| CVE-2012-2179 | 1 Ibm | 1 Aix | 2017-08-29 | 6.9 MEDIUM | N/A |
| libodm.a in IBM AIX 5.3, 6.1, and 7.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | |||||
| CVE-2012-2063 | 2 Brian Altenhofel, Drupal | 2 Slidebox, Drupal | 2017-08-29 | 5.0 MEDIUM | N/A |
| The Slidebox module before 7.x-1.4 for Drupal does not properly check permissions, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2012-3311 | 1 Ibm | 2 Websphere Application Server, Z\/os | 2017-08-29 | 3.3 LOW | N/A |
| IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 on z/OS, in certain configurations involving Federated Repositories for IIOP connections and Optimized Local Adapters, does not perform CBIND checks, which allows local users to bypass intended access restrictions, and read or modify application data, via unspecified vectors. | |||||
| CVE-2012-1078 | 2 Claus Due, Typo3 | 2 Sysutils, Typo3 | 2017-08-29 | 5.0 MEDIUM | N/A |
| The System Utilities (sysutils) extension 1.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unspecified vectors related to improper "protection" of the "backup output directory." | |||||
| CVE-2012-1581 | 1 Mediawiki | 1 Mediawiki | 2017-08-29 | 5.0 MEDIUM | N/A |
| MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 uses weak random numbers for password reset tokens, which makes it easier for remote attackers to change the passwords of arbitrary users. | |||||
| CVE-2012-0706 | 1 Ibm | 1 Scale Out Network Attached Storage | 2017-08-29 | 3.5 LOW | N/A |
| IBM Scale Out Network Attached Storage (SONAS) 1.3 before 1.3.2.3 requires cleartext storage of LDAP credentials without recommending a less privileged LDAP account, which might allow attackers to obtain sensitive server information by leveraging root access to a client machine. | |||||
| CVE-2012-1460 | 8 Aladdin, Anti-virus, Antiy and 5 more | 8 Esafe, Vba32, Avl Sdk and 5 more | 2017-08-29 | 4.3 MEDIUM | N/A |
| The Gzip file parser in Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, and VBA32 3.12.14.2 allows remote attackers to bypass malware detection via a .tar.gz file with stray bytes at the end. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different Gzip parser implementations. | |||||
| CVE-2012-2163 | 1 Ibm | 1 Scale Out Network Attached Storage | 2017-08-29 | 9.0 HIGH | N/A |
| IBM Scale Out Network Attached Storage (SONAS) 1.1 through 1.3.1 allows remote authenticated administrators to execute arbitrary Linux commands via the (1) Command Line Interface or (2) Graphical User Interface, related to a "code injection" issue. | |||||