| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
901 |
CVE-2012-4427 |
94 |
|
|
2012-10-01 |
2012-10-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force the download and installation of arbitrary extensions from extensions.gnome.org via a crafted web page. |
|
902 |
CVE-2012-4426 |
134 |
|
DoS Exec Code |
2012-11-21 |
2016-12-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple format string vulnerabilities in mcrypt 2.6.8 and earlier might allow user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving (1) errors.c or (2) mcrypt.c. |
|
903 |
CVE-2012-4425 |
264 |
1
|
Exec Code +Priv |
2012-09-18 |
2012-10-31 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself. |
|
904 |
CVE-2012-4423 |
|
|
DoS |
2012-11-19 |
2013-03-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and segmentation fault) via an RPC call with (1) an event as the RPC number or (2) an RPC number whose value is in a "gap" in the RPC dispatch table. |
|
905 |
CVE-2012-4422 |
264 |
|
|
2012-09-14 |
2012-09-17 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
wp-admin/plugins.php in WordPress before 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed plugin, which might allow remote authenticated users to make unintended plugin changes by leveraging the Administrator role. |
|
906 |
CVE-2012-4421 |
264 |
|
Bypass |
2012-09-14 |
2012-09-17 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
The create_post function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the Atom Publishing Protocol (aka AtomPub) feature. |
|
907 |
CVE-2012-4419 |
|
|
DoS |
2012-09-14 |
2013-08-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a zero-valued port field that is not properly handled during policy comparison. |
|
908 |
CVE-2012-4418 |
287 |
|
Bypass |
2012-10-09 |
2013-01-30 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack." |
|
909 |
CVE-2012-4417 |
264 |
|
|
2012-11-18 |
2017-08-29 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. |
|
910 |
CVE-2012-4416 |
|
|
|
2012-10-16 |
2022-05-13 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Hotspot. |
|
911 |
CVE-2012-4415 |
119 |
|
DoS Exec Code Overflow |
2012-10-01 |
2012-10-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in the guac_client_plugin_open function in libguac in Guacamole before 0.6.3 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long protocol name. |
|
912 |
CVE-2012-4413 |
264 |
|
|
2012-09-18 |
2017-08-29 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles. |
|
913 |
CVE-2012-4411 |
200 |
|
+Info |
2012-11-23 |
2017-07-01 |
4.6 |
None |
Local |
Low |
??? |
Complete |
None |
None |
|
The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrators to obtain sensitive host resource information via the qemu monitor. NOTE: this might be a duplicate of CVE-2007-0998. |
|
914 |
CVE-2012-4409 |
119 |
1
|
Exec Code Overflow |
2012-11-21 |
2013-04-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in the check_file_head function in extra.c in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to execute arbitrary code via an encrypted file with a crafted header containing long salt data that is not properly handled during decryption. |
|
915 |
CVE-2012-4408 |
264 |
|
Bypass |
2012-09-19 |
2020-12-01 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
|
course/reset.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 checks an update capability instead of a reset capability, which allows remote authenticated users to bypass intended access restrictions via a reset operation. |
|
916 |
CVE-2012-4407 |
200 |
|
+Info |
2012-09-19 |
2020-12-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
lib/filelib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly check the publication state of blog files, which allows remote attackers to obtain sensitive information by reading a blog entry that references a non-public file. |
|
917 |
CVE-2012-4406 |
94 |
|
Exec Code |
2012-10-22 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object. |
|
918 |
CVE-2012-4405 |
189 |
|
DoS Exec Code Overflow |
2012-09-18 |
2017-08-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error. |
|
919 |
CVE-2012-4404 |
264 |
|
|
2012-09-10 |
2013-04-19 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users with virtual group membership to be treated as a member of the group. |
|
920 |
CVE-2012-4403 |
200 |
|
+Info |
2012-09-19 |
2020-12-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
theme/yui_combo.php in Moodle 2.3.x before 2.3.2 does not properly construct error responses for the drag-and-drop script, which allows remote attackers to obtain the installation path by sending a request for a nonexistent resource and then reading the response. |
|
921 |
CVE-2012-4402 |
264 |
|
|
2012-09-19 |
2020-12-01 |
4.9 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
None |
|
webservice/lib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly restrict the use of web-service tokens, which allows remote authenticated users to run arbitrary external-service functions via a token intended for only one service. |
|
922 |
CVE-2012-4401 |
264 |
|
Bypass |
2012-09-19 |
2020-12-01 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 allows remote authenticated users to bypass intended capability restrictions and perform certain topic changes by leveraging course-editing capabilities. |
|
923 |
CVE-2012-4400 |
264 |
|
Bypass |
2012-09-19 |
2020-12-01 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
repository/repository_ajax.php in Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 allows remote authenticated users to bypass intended upload-size restrictions via a -1 value in the maxbytes field. |
|
924 |
CVE-2012-4399 |
264 |
1
|
|
2012-10-09 |
2013-07-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack. |
|
925 |
CVE-2012-4397 |
79 |
|
XSS |
2012-09-05 |
2012-09-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) calendar displayname to part.choosecalendar.rowfields.php or (2) part.choosecalendar.rowfields.shared.php in apps/calendar/templates/; or (3) unspecified vectors to apps/contacts/lib/vcard.php. |
|
926 |
CVE-2012-4396 |
79 |
|
XSS |
2012-09-05 |
2012-09-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file names to apps/user_ldap/settings.php; (2) url or (3) title parameter to apps/bookmarks/ajax/editBookmark.php; (4) tag or (5) page parameter to apps/bookmarks/ajax/updateList.php; (6) identity to apps/user_openid/settings.php; (7) stack name in apps/gallery/lib/tiles.php; (8) root parameter to apps/gallery/templates/index.php; (9) calendar displayname in apps/calendar/templates/part.import.php; (10) calendar uri in apps/calendar/templates/part.choosecalendar.rowfields.php; (11) title, (12) location, or (13) description parameter in apps/calendar/lib/object.php; (14) certain vectors in core/js/multiselect.js; or (15) artist, (16) album, or (17) title comments parameter in apps/media/lib_scanner.php. |
|
927 |
CVE-2012-4395 |
79 |
|
XSS |
2012-09-05 |
2012-09-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in index.php in ownCloud before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the redirect_url parameter. |
|
928 |
CVE-2012-4394 |
79 |
|
XSS |
2012-09-05 |
2012-09-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in apps/files/js/filelist.js in ownCloud before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. |
|
929 |
CVE-2012-4393 |
352 |
|
CSRF |
2012-09-05 |
2013-10-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users for requests that use (1) addBookmark.php, (2) delBookmark.php, or (3) editBookmark.php in bookmarks/ajax/; (4) calendar/delete.php, (5) calendar/edit.php, (6) calendar/new.php, (7) calendar/update.php, (8) event/delete.php, (9) event/edit.php, (10) event/move.php, (11) event/new.php, (12) import/import.php, (13) settings/setfirstday.php, (14) settings/settimeformat.php, (15) share/changepermission.php, (16) share/share.php, (17) or share/unshare.php in calendar/ajax/; (18) external/ajax/setsites.php, (19) files/ajax/delete.php, (20) files/ajax/move.php, (21) files/ajax/newfile.php, (22) files/ajax/newfolder.php, (23) files/ajax/rename.php, (24) files_sharing/ajax/email.php, (25) files_sharing/ajax/setpermissions.php, (26) files_sharing/ajax/share.php, (27) files_sharing/ajax/toggleresharing.php, (28) files_sharing/ajax/togglesharewitheveryone.php, (29) files_sharing/ajax/unshare.php, (30) files_texteditor/ajax/savefile.php, (31) files_versions/ajax/rollbackVersion.php, (32) gallery/ajax/createAlbum.php, (33) gallery/ajax/sharing.php, (34) tasks/ajax/addtask.php, (35) tasks/ajax/addtaskform.php, (36) tasks/ajax/delete.php, or (37) tasks/ajax/edittask.php in apps/; or administrators for requests that use (38) changepassword.php, (39) creategroup.php, (40) createuser.php, (41) disableapp.php, (42) enableapp.php, (43) lostpassword.php, (44) removegroup.php, (45) removeuser.php, (46) setlanguage.php, (47) setloglevel.php, (48) setquota.php, or (49) togglegroups.php in settings/ajax/. |
|
930 |
CVE-2012-4392 |
287 |
|
Bypass |
2012-09-05 |
2012-09-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass authentication via a crafted oc_token cookie value. |
|
931 |
CVE-2012-4391 |
352 |
|
CSRF |
2012-09-05 |
2012-09-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in core/ajax/appconfig.php in ownCloud before 4.0.7 allows remote attackers to hijack the authentication of administrators for requests that edit the app configurations. |
|
932 |
CVE-2012-4390 |
200 |
|
+Info |
2012-09-05 |
2012-09-13 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
(1) apps/calendar/appinfo/remote.php and (2) apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors. |
|
933 |
CVE-2012-4389 |
|
|
Exec Code |
2012-09-05 |
2012-09-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and accessing an uploaded PHP file. |
|
934 |
CVE-2012-4388 |
20 |
|
Http R.Spl. Bypass |
2012-09-07 |
2013-09-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1398. |
|
935 |
CVE-2012-4387 |
264 |
|
DoS |
2012-09-05 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression. |
|
936 |
CVE-2012-4386 |
352 |
|
CSRF |
2012-09-05 |
2017-08-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute. |
|
937 |
CVE-2012-4366 |
310 |
|
|
2012-11-20 |
2017-08-29 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
Belkin wireless routers Surf N150 Model F7D1301v1, N900 Model F9K1104v1, N450 Model F9K1105V2, and N300 Model F7D2301v1 generate a predictable default WPA2-PSK passphrase based on eight digits of the WAN MAC address, which allows remote attackers to access the network by sniffing the beacon frames. |
|
938 |
CVE-2012-4363 |
|
|
DoS Exec Code |
2012-08-21 |
2017-08-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple unspecified vulnerabilities in Adobe Reader through 10.1.4 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, related to "sixteen more crashes affecting Windows, OS X, or both systems." |
|
939 |
CVE-2012-4362 |
255 |
2
|
|
2012-08-20 |
2012-08-21 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management service via a login: request to TCP port 13838. |
|
940 |
CVE-2012-4361 |
78 |
2
|
Exec Code |
2012-08-20 |
2012-08-21 |
7.7 |
None |
Local Network |
Low |
??? |
Complete |
Complete |
Complete |
|
lhn/public/network/ping in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the second parameter. |
|
941 |
CVE-2012-4360 |
79 |
|
XSS |
2012-09-15 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
942 |
CVE-2012-4359 |
20 |
|
DoS |
2012-08-19 |
2012-08-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 do not validate the return value of the realloc function, which allows remote attackers to cause a denial of service (invalid 0x00 write operation and daemon crash) or possibly have unspecified other impact via a port-46824 TCP packet with a crafted negative integer after the opcode. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4358. |
|
943 |
CVE-2012-4358 |
20 |
|
DoS |
2012-08-19 |
2012-08-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 do not validate the return value of the realloc function, which allows remote attackers to cause a denial of service (invalid 0x00 write operation and daemon crash) or possibly have unspecified other impact via a port-46824 TCP packet with a crafted positive integer after the opcode. |
|
944 |
CVE-2012-4357 |
20 |
|
Exec Code |
2012-08-19 |
2012-08-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Array index error in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 might allow remote attackers to execute arbitrary code by referencing, within a port-46824 TCP packet, an invalid file-pointer index that leads to execution of an EnterCriticalSection code block. |
|
945 |
CVE-2012-4356 |
22 |
|
Dir. Trav. |
2012-08-19 |
2012-08-20 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Multiple directory traversal vulnerabilities in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allow remote attackers to read arbitrary files via port-46824 TCP packets specifying a file-open operation with opcode 0x78 and a .. (dot dot) in a pathname, followed by a file-read operation with opcode (1) 0x96, (2) 0x97, or (3) 0x98. |
|
946 |
CVE-2012-4355 |
189 |
|
Exec Code Overflow |
2012-08-19 |
2012-08-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted negative integer after the opcode, triggering incorrect function-pointer processing that can lead to a buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4354. |
|
947 |
CVE-2012-4354 |
189 |
|
Exec Code Overflow |
2012-08-19 |
2012-08-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted positive integer after the opcode, triggering incorrect function-pointer processing that can lead to a buffer overflow. NOTE: some of these details are obtained from third party information. |
|
948 |
CVE-2012-4353 |
119 |
|
Exec Code Overflow |
2012-08-19 |
2012-08-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allows remote attackers to execute arbitrary code via a crafted port-46824 TCP packet that triggers an incorrect file-open attempt by the _TCPIPS_BinOpenFileFP function, a different vulnerability than CVE-2012-3815. NOTE: some of these details are obtained from third party information. |
|
949 |
CVE-2012-4350 |
|
|
+Priv |
2012-12-18 |
2013-03-14 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple unquoted Windows search path vulnerabilities in the (1) Manager and (2) Agent components in Symantec Enterprise Security Manager (ESM) before 11.0 allow local users to gain privileges via unspecified vectors. |
|
950 |
CVE-2012-4349 |
|
|
+Priv |
2012-12-11 |
2013-10-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unquoted Windows search path vulnerability in Symantec Network Access Control (SNAC) 12.1 before RU2 allows local users to gain privileges via unspecified vectors. |
