| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
751 |
CVE-2012-4643 |
399 |
|
DoS |
2012-10-29 |
2013-03-02 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The DHCP server on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 7.0 before 7.2(5.8), 7.1 before 7.2(5.8), 7.2 before 7.2(5.8), 8.0 before 8.0(5.28), 8.1 before 8.1(2.56), 8.2 before 8.2(5.27), 8.3 before 8.3(2.31), 8.4 before 8.4(3.10), 8.5 before 8.5(1.9), and 8.6 before 8.6(1.5) does not properly allocate memory for DHCP packets, which allows remote attackers to cause a denial of service (device reload) via a series of crafted IPv4 packets, aka Bug ID CSCtw84068. |
|
752 |
CVE-2012-4629 |
399 |
|
DoS |
2012-09-12 |
2013-04-05 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The Cisco ASA-CX Context-Aware Security module before 9.0.2-103 for Adaptive Security Appliances (ASA) devices, and Prime Security Manager (aka PRSM) before 9.0.2-103, allows remote attackers to cause a denial of service (disk consumption and application hang) via unspecified IPv4 packets that trigger log entries, aka Bug ID CSCub70603. |
|
753 |
CVE-2012-4623 |
20 |
|
DoS |
2012-09-27 |
2017-08-29 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The DHCPv6 server in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x, 3.1.xS before 3.1.4S, 3.1.xSG and 3.2.xSG before 3.2.5SG, 3.2.xS, 3.2.xXO, 3.3.xS, and 3.3.xSG before 3.3.1SG allows remote attackers to cause a denial of service (device reload) via a malformed DHCPv6 packet, aka Bug ID CSCto57723. |
|
754 |
CVE-2012-4622 |
399 |
|
DoS |
2012-09-27 |
2017-08-29 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Cisco IOS XE 03.02.00.XO.15.0(2)XO on Catalyst 4500E series switches, when a Supervisor Engine 7L-E card is installed, allows remote attackers to cause a denial of service (card reload) via malformed packets that trigger uncorrected ECC error messages, aka Bug ID CSCty88456. |
|
755 |
CVE-2012-4621 |
399 |
|
DoS |
2012-09-27 |
2013-02-14 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The Device Sensor feature in Cisco IOS 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via a DHCP packet, aka Bug ID CSCty96049. |
|
756 |
CVE-2012-4620 |
399 |
|
DoS |
2012-09-27 |
2017-08-29 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco IOS 12.2 and 15.0 through 15.2 on Cisco 10000 series routers, when a tunnel interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via tunneled (1) GRE/IP, (2) IPIP, or (3) IPv6 in IPv4 packets, aka Bug ID CSCts66808. |
|
757 |
CVE-2012-4619 |
399 |
|
DoS |
2012-09-27 |
2013-04-11 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via transit IP packets, aka Bug ID CSCtr46123. |
|
758 |
CVE-2012-4618 |
399 |
|
DoS |
2012-09-27 |
2013-04-11 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The SIP ALG feature in the NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via transit IP packets, aka Bug ID CSCtn76183. |
|
759 |
CVE-2012-4617 |
20 |
|
DoS |
2012-09-27 |
2013-02-14 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The BGP implementation in Cisco IOS 15.2, IOS XE 3.5.xS before 3.5.2S, and IOS XR 4.1.0 through 4.2.2 allows remote attackers to cause a denial of service (multiple connection resets) by leveraging a peer relationship and sending a malformed attribute, aka Bug IDs CSCtt35379, CSCty58300, CSCtz63248, and CSCtz62914. |
|
760 |
CVE-2012-4616 |
22 |
|
Dir. Trav. |
2012-12-26 |
2012-12-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in the Web UI in EMC Data Protection Advisor (DPA) 5.6 through SP1, 5.7 through SP1, and 5.8 through SP4 allows remote attackers to read arbitrary files via unspecified vectors. |
|
761 |
CVE-2012-4615 |
310 |
1
|
+Info |
2012-11-27 |
2013-08-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
EMC Smarts Network Configuration Manager (NCM) before 9.1 uses a hardcoded encryption key for the storage of credentials, which allows local users to obtain sensitive information via unspecified vectors. |
|
762 |
CVE-2012-4614 |
287 |
|
|
2012-11-27 |
2013-08-17 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The default configuration of EMC Smarts Network Configuration Manager (NCM) before 9.1 does not require authentication for database access, which allows remote attackers to have an unspecified impact via a network session. |
|
763 |
CVE-2012-4613 |
287 |
|
Bypass |
2012-11-16 |
2013-02-26 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
EMC RSA Data Protection Manager Appliance 2.7.x and 3.x before 3.2.1 does not properly restrict the number of authentication attempts by a user account, which makes it easier for local users to bypass intended access restrictions via a brute-force attack. |
|
764 |
CVE-2012-4612 |
79 |
|
XSS |
2012-11-16 |
2013-02-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in EMC RSA Data Protection Manager Appliance and Software Server 2.7.x and 3.x before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
765 |
CVE-2012-4611 |
79 |
|
XSS |
2012-11-27 |
2013-08-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Adaptive Authentication On-Premise (AAOP) before 7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
766 |
CVE-2012-4610 |
255 |
|
+Info |
2012-10-31 |
2017-08-29 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
EMC Avamar Client for VMware 6.1 stores the cleartext server root password on the proxy client, which might allow remote attackers to obtain sensitive information by leveraging "network access" to the proxy client. |
|
767 |
CVE-2012-4609 |
20 |
|
|
2012-12-05 |
2012-12-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The web interface in EMC RSA NetWitness Informer before 2.0.5.6 allows remote attackers to conduct clickjacking attacks via unspecified vectors. |
|
768 |
CVE-2012-4608 |
352 |
|
CSRF |
2012-12-05 |
2012-12-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the web interface in EMC RSA NetWitness Informer before 2.0.5.6 allows remote attackers to hijack the authentication of arbitrary users. |
|
769 |
CVE-2012-4605 |
200 |
|
+Info |
2012-08-23 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The default configuration of the SMTP component in Websense Email Security 6.1 through 7.3 enables weak SSL ciphers in the "SurfControl plc\SuperScout Email Filter\SMTP" registry key, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data. |
|
770 |
CVE-2012-4604 |
287 |
|
Bypass |
2012-08-23 |
2012-08-23 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The TRITON management console in Websense Web Security before 7.6 Hotfix 24 allows remote attackers to bypass authentication and read arbitrary reports via a crafted uid field, in conjunction with a crafted userRoles field, in a cookie, as demonstrated by a request to explorer_wse/favorites.exe. |
|
771 |
CVE-2012-4602 |
79 |
|
XSS |
2012-11-23 |
2012-11-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in admin/code/tce_select_users_popup.php in Nicola Asuni TCExam before 11.3.009 allow remote attackers to inject arbitrary web script or HTML via the (1) cid or (2) uids parameter. |
|
772 |
CVE-2012-4601 |
89 |
|
Exec Code Sql |
2012-11-23 |
2012-11-26 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in Nicola Asuni TCExam before 11.3.009 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the (1) user_groups[] parameter to admin/code/tce_edit_test.php or (2) subject_id parameter to admin/code/tce_show_all_questions.php. |
|
773 |
CVE-2012-4600 |
79 |
|
XSS |
2012-08-31 |
2018-08-13 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags. |
|
774 |
CVE-2012-4599 |
287 |
|
Exec Code |
2012-08-22 |
2017-01-20 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
McAfee SmartFilter Administration, and SmartFilter Administration Bess Edition, before 4.2.1.01 does not require authentication for access to the JBoss Remote Method Invocation (RMI) interface, which allows remote attackers to execute arbitrary code via a crafted .war file. |
|
775 |
CVE-2012-4598 |
|
|
DoS Exec Code |
2012-08-22 |
2012-08-22 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An unspecified ActiveX control in McAfee Virtual Technician (MVT) before 6.4, and ePO-MVT, allows remote attackers to execute arbitrary code or cause a denial of service (Internet Explorer crash) via a crafted web site. |
|
776 |
CVE-2012-4597 |
79 |
|
XSS |
2012-08-22 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to the McAfee Security Appliance Management Console/Dashboard. |
|
777 |
CVE-2012-4596 |
22 |
|
Dir. Trav. Bypass |
2012-08-22 |
2013-04-11 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in McAfee Email Gateway (MEG) 7.0.0 and 7.0.1 allows remote authenticated users to bypass intended access restrictions and download arbitrary files via a crafted URL. |
|
778 |
CVE-2012-4595 |
287 |
|
Bypass |
2012-08-22 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to bypass authentication and obtain an admin session ID via unspecified vectors. |
|
779 |
CVE-2012-4594 |
264 |
|
Bypass +Info |
2012-08-22 |
2017-08-29 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
McAfee ePolicy Orchestrator (ePO) 4.6.1 and earlier allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information from arbitrary reporting panels, via a modified ID value in a console URL. |
|
780 |
CVE-2012-4593 |
264 |
|
Bypass |
2012-08-22 |
2012-08-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
McAfee Application Control and Change Control 5.1.x and 6.0.0 do not enforce an intended password requirement in certain situations involving attributes of the password file, which allows local users to bypass authentication by executing a command. |
|
781 |
CVE-2012-4592 |
|
|
|
2012-08-22 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 does not set the secure flag for the ASP.NET session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. |
|
782 |
CVE-2012-4591 |
200 |
|
+Info |
2012-08-22 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
About.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 discloses the name of the user account for an IIS worker process, which allows remote attackers to obtain potentially sensitive information by visiting this page. |
|
783 |
CVE-2012-4590 |
79 |
|
XSS |
2012-08-22 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in About.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 might allow remote attackers to inject arbitrary web script or HTML via the (1) User Agent or (2) Connection variable. |
|
784 |
CVE-2012-4589 |
|
|
|
2012-08-22 |
2017-08-29 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Login.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. |
|
785 |
CVE-2012-4588 |
255 |
|
DoS |
2012-08-22 |
2012-08-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1 record all invalid usernames presented in failed login attempts, and place them on a list of accounts that an administrator may wish to unlock, which allows remote attackers to cause a denial of service (excessive list size in the EMM Database) via a long sequence of login attempts with different usernames. |
|
786 |
CVE-2012-4587 |
264 |
|
|
2012-08-22 |
2017-08-29 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1, when one-time provisioning (OTP) mode is enabled, have an improper dependency on DNS SRV records, which makes it easier for remote attackers to discover user passwords by spoofing the EMM server, as demonstrated by a password entered on an iOS device. |
|
787 |
CVE-2012-4586 |
264 |
|
Bypass |
2012-08-22 |
2012-08-22 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, accesses files with the privileges of the root user, which allows remote authenticated users to bypass intended permission settings by requesting a file. |
|
788 |
CVE-2012-4585 |
264 |
|
|
2012-08-22 |
2012-11-20 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to read arbitrary files via a crafted URL. |
|
789 |
CVE-2012-4584 |
310 |
|
+Info |
2012-08-22 |
2012-10-30 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, does not properly encrypt system-backup data, which makes it easier for remote authenticated users to obtain sensitive information by reading a backup file, as demonstrated by obtaining password hashes. |
|
790 |
CVE-2012-4583 |
200 |
|
+Info |
2012-08-22 |
2012-11-20 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to obtain the session tokens of arbitrary users by navigating within the Dashboard. |
|
791 |
CVE-2012-4582 |
264 |
|
|
2012-08-22 |
2012-11-20 |
4.9 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
None |
|
McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to reset the passwords of arbitrary administrative accounts via unspecified vectors. |
|
792 |
CVE-2012-4581 |
287 |
|
|
2012-08-22 |
2012-08-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, does not disable the server-side session token upon the closing of the Management Console/Dashboard, which makes it easier for remote attackers to hijack sessions by capturing a session cookie and then modifying the response to a login attempt, related to a "Logout Failure" issue. |
|
793 |
CVE-2012-4580 |
79 |
|
XSS |
2012-08-22 |
2012-08-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote attackers to inject arbitrary web script or HTML via vectors related to the McAfee Security Appliance Management Console/Dashboard. |
|
794 |
CVE-2012-4579 |
79 |
|
XSS |
2012-08-21 |
2012-08-22 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via a Table Operations (1) TRUNCATE or (2) DROP link for a crafted table name, (3) the Add Trigger popup within a Triggers page that references crafted table names, (4) an invalid trigger-creation attempt for a crafted table name, (5) crafted data in a table, or (6) a crafted tooltip label name during GIS data visualization, a different issue than CVE-2012-4345. |
|
795 |
CVE-2012-4578 |
310 |
|
|
2012-08-21 |
2017-08-29 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The geli encryption provider 7 before r239184 on FreeBSD 10 uses a weak Master Key, which makes it easier for local users to defeat a cryptographic protection mechanism via a brute-force attack. |
|
796 |
CVE-2012-4577 |
255 |
|
|
2012-08-21 |
2017-08-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Linux firmware image on (1) Korenix Jetport 5600 series serial-device servers and (2) ORing Industrial DIN-Rail serial-device servers has a hardcoded password of "password" for the root account, which allows remote attackers to obtain administrative access via an SSH session. |
|
797 |
CVE-2012-4575 |
119 |
|
DoS Overflow |
2012-11-18 |
2020-11-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The add_database function in objects.c in the pgbouncer pooler 1.5.2 for PostgreSQL allows remote attackers to cause a denial of service (daemon outage) via a long database name in a request. |
|
798 |
CVE-2012-4573 |
264 |
|
|
2012-11-11 |
2017-08-29 |
5.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Partial |
|
The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482. |
|
799 |
CVE-2012-4571 |
310 |
|
|
2012-11-30 |
2012-12-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack. |
|
800 |
CVE-2012-4566 |
264 |
|
Bypass |
2012-11-20 |
2012-11-20 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
The DTLS support in radsecproxy before 1.6.2 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients, a different vulnerability than CVE-2012-4523. |
