| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1551 |
CVE-2012-3494 |
264 |
|
DoS |
2012-11-23 |
2017-08-29 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a denial of service (host crash) by writing to the reserved bits of the DR7 debug control register. |
|
1552 |
CVE-2012-3493 |
200 |
|
+Info |
2012-09-28 |
2012-10-03 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The command_give_request_ad function in condor_startd.V6/command.cpp Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 allows remote attackers to obtain sensitive information, and possibly control or start arbitrary jobs, via a ClassAd request to the condor_startd port, which leaks the ClaimId. |
|
1553 |
CVE-2012-3492 |
287 |
|
|
2012-09-28 |
2012-10-03 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
The filesystem authentication (condor_io/condor_auth_fs.cpp) in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 uses authentication directories even when they have weak permissions, which allows remote attackers to impersonate users by renaming a user's authentication directory. |
|
1554 |
CVE-2012-3491 |
264 |
|
|
2012-09-28 |
2012-10-03 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
src/condor_schedd.V6/schedd.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the permissions of jobs, which allows remote authenticated users to remove arbitrary idle jobs via unspecified vectors. |
|
1555 |
CVE-2012-3489 |
20 |
|
|
2012-10-03 |
2013-10-10 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue. |
|
1556 |
CVE-2012-3488 |
264 |
|
+Info |
2012-10-03 |
2016-12-08 |
4.9 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
None |
|
The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to arbitrary external hosts by leveraging (1) stylesheet commands that are permitted by the libxslt security options or (2) an xslt_process feature, related to an XML External Entity (aka XXE) issue. |
|
1557 |
CVE-2012-3487 |
362 |
|
|
2012-08-26 |
2012-08-27 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
Race condition in Tunnelblick 3.3beta20 and earlier allows local users to kill unintended processes by waiting for a specific PID value to be assigned to a target process. |
|
1558 |
CVE-2012-3486 |
264 |
|
+Priv |
2012-08-26 |
2012-08-27 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Tunnelblick 3.3beta20 and earlier allows local users to gain privileges via an OpenVPN configuration file that specifies execution of a script upon occurrence of an OpenVPN event. |
|
1559 |
CVE-2012-3485 |
20 |
1
|
+Priv |
2012-08-26 |
2013-12-13 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Tunnelblick 3.3beta20 and earlier relies on argv[0] to determine the name of an appropriate (1) kernel module pathname or (2) executable file pathname, which allows local users to gain privileges via an execl system call. |
|
1560 |
CVE-2012-3484 |
264 |
|
+Priv Bypass |
2012-08-26 |
2012-08-27 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Tunnelblick 3.3beta20 and earlier relies on a test for specific ownership and permissions to determine whether a program can be safely executed, which allows local users to bypass intended access restrictions and gain privileges via a (1) user-mountable image or (2) network share. |
|
1561 |
CVE-2012-3483 |
362 |
|
+Priv |
2012-08-26 |
2012-08-27 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
Race condition in the runScript function in Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by replacing a script file. |
|
1562 |
CVE-2012-3482 |
|
|
DoS +Info |
2012-12-21 |
2013-04-05 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read. |
|
1563 |
CVE-2012-3481 |
190 |
|
DoS Exec Code Overflow |
2012-08-25 |
2022-02-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in the ReadImage function in plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted height and len properties in a GIF image file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. |
|
1564 |
CVE-2012-3480 |
189 |
|
DoS Exec Code Overflow |
2012-08-25 |
2017-07-01 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow. |
|
1565 |
CVE-2012-3479 |
|
|
Exec Code |
2012-08-25 |
2013-12-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file. |
|
1566 |
CVE-2012-3478 |
264 |
|
Bypass |
2012-08-31 |
2013-03-02 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line. |
|
1567 |
CVE-2012-3477 |
89 |
|
Exec Code Sql |
2012-08-26 |
2012-08-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in signup_check.php in NeoInvoice allows remote attackers to execute arbitrary SQL commands via the value parameter in a username action. |
|
1568 |
CVE-2012-3476 |
79 |
|
XSS |
2012-08-12 |
2012-08-13 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in (1) application/views/admin/layout.php and (2) themes/default/views/header.php in the Ushahidi Platform before 2.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to a site name. |
|
1569 |
CVE-2012-3475 |
|
|
|
2012-08-12 |
2012-08-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The installer in the Ushahidi Platform before 2.5 omits certain calls to the exit function, which allows remote attackers to obtain administrative privileges via unspecified vectors. |
|
1570 |
CVE-2012-3474 |
200 |
|
+Info |
2012-08-12 |
2012-08-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The comments API in application/libraries/api/MY_Comments_Api_Object.php in the Ushahidi Platform before 2.5 allows remote attackers to obtain sensitive information about the e-mail address, IP address, and other attributes of the author of a comment via an API function call. |
|
1571 |
CVE-2012-3473 |
287 |
|
|
2012-08-12 |
2012-08-13 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and organize comments via API functions. |
|
1572 |
CVE-2012-3472 |
287 |
|
|
2012-08-12 |
2012-08-13 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
The email API in application/libraries/api/MY_Email_Api_Object.php in the Ushahidi Platform before 2.5 does not require authentication, which allows remote attackers to list, delete, or organize messages via a GET request. |
|
1573 |
CVE-2012-3471 |
89 |
|
Exec Code Sql |
2012-08-12 |
2012-08-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in the edit functions in (1) application/controllers/admin/reports.php and (2) application/controllers/members/reports.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via an incident id. |
|
1574 |
CVE-2012-3470 |
89 |
|
Exec Code Sql |
2012-08-12 |
2012-08-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in application/libraries/api/MY_Countries_Api_Object.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to _get_countries functions. |
|
1575 |
CVE-2012-3469 |
89 |
|
Exec Code Sql |
2012-08-12 |
2012-08-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the messages admin functionality in application/controllers/admin/messages.php, (2) application/libraries/api/MY_Checkin_Api_Object.php, (3) application/controllers/admin/messages/reporters.php, or (4) the location API in application/libraries/api/MY_Locations_Api_Object.php and application/models/location.php. |
|
1576 |
CVE-2012-3468 |
89 |
|
Exec Code Sql |
2012-08-12 |
2012-08-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the verify function in application/controllers/alerts.php, (2) the save_all function in application/models/settings.php, or (3) the media type to the timeline function in application/controllers/json.php. |
|
1577 |
CVE-2012-3467 |
287 |
|
Bypass |
2012-08-27 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication. |
|
1578 |
CVE-2012-3466 |
264 |
|
|
2012-10-22 |
2013-12-05 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to "idle" or "timeout," does not properly limit the amount of time a passphrase is cached, which allows attackers to have an unspecified impact via unknown attack vectors. |
|
1579 |
CVE-2012-3465 |
79 |
|
XSS |
2012-08-10 |
2019-08-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup. |
|
1580 |
CVE-2012-3464 |
79 |
|
XSS |
2012-08-10 |
2019-08-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' (quote) character. |
|
1581 |
CVE-2012-3463 |
79 |
|
XSS |
2012-08-10 |
2019-08-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_tag_helper.rb in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the prompt field to the select_tag helper. |
|
1582 |
CVE-2012-3461 |
119 |
|
DoS Overflow |
2012-08-20 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The (1) otrl_base64_otr_decode function in src/b64.c; (2) otrl_proto_data_read_flags and (3) otrl_proto_accept_data functions in src/proto.c; and (4) decode function in toolkit/parse.c in libotr before 3.2.1 allocates a zero-length buffer when decoding a base64 string, which allows remote attackers to cause a denial of service (application crash) via a message with the value "?OTR:===.", which triggers a heap-based buffer overflow. |
|
1583 |
CVE-2012-3459 |
264 |
|
+Priv |
2012-09-28 |
2013-11-25 |
4.9 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
None |
|
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted additional parameters in an HTTP POST request, which triggers a job attribute change request to Condor. |
|
1584 |
CVE-2012-3458 |
310 |
|
|
2012-09-15 |
2012-09-17 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors. |
|
1585 |
CVE-2012-3457 |
264 |
|
|
2012-08-12 |
2013-04-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
PNP4Nagios 0.6 through 0.6.16 uses world-readable permissions for process_perfdata.cfg, which allows local users to obtain the Gearman shared secret by reading the file. |
|
1586 |
CVE-2012-3456 |
119 |
|
DoS Exec Code Overflow |
2012-08-20 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3455, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase. |
|
1587 |
CVE-2012-3455 |
119 |
|
DoS Exec Code Overflow |
2012-08-20 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase. |
|
1588 |
CVE-2012-3454 |
264 |
|
|
2012-08-07 |
2012-08-08 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
eXtplorer 2.1.0b6 uses world writable permissions for the /var/lib/extplorer/ftp_tmp directory, which allows local users to delete or overwrite arbitrary files. |
|
1589 |
CVE-2012-3453 |
264 |
|
|
2012-08-07 |
2012-08-08 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
logol 1.5.0 uses world writable permissions for the /var/lib/logol/results directory, which allows local users to delete or overwrite arbitrary files. |
|
1590 |
CVE-2012-3452 |
264 |
|
Bypass |
2012-08-07 |
2012-08-08 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
gnome-screensaver 3.4.x before 3.4.4 and 3.5.x before 3.5.4, when multiple screens are used, only locks the screen with the active focus, which allows physically proximate attackers to bypass screen locking and access an unattended workstation. |
|
1591 |
CVE-2012-3451 |
20 |
|
|
2012-09-24 |
2021-06-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body. |
|
1592 |
CVE-2012-3450 |
|
|
DoS |
2012-08-06 |
2013-04-19 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value. |
|
1593 |
CVE-2012-3449 |
264 |
|
|
2012-08-07 |
2017-08-29 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Open vSwitch 1.4.2 uses world writable permissions for (1) /var/lib/openvswitch/pki/controllerca/incoming/ and (2) /var/lib/openvswitch/pki/switchca/incoming/, which allows local users to delete and overwrite arbitrary files. |
|
1594 |
CVE-2012-3448 |
|
|
Exec Code |
2012-08-06 |
2018-08-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote attackers to execute arbitrary PHP code via unknown attack vectors. |
|
1595 |
CVE-2012-3447 |
264 |
|
|
2012-08-20 |
2017-08-29 |
4.9 |
None |
Remote |
Medium |
??? |
None |
Partial |
Partial |
|
virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3361. |
|
1596 |
CVE-2012-3446 |
20 |
|
|
2012-11-04 |
2012-11-06 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate. |
|
1597 |
CVE-2012-3445 |
399 |
|
DoS |
2012-08-07 |
2013-03-22 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of service (libvirtd crash) via an RPC command with nparams set to zero, which triggers an out-of-bounds read or a free of an invalid pointer. |
|
1598 |
CVE-2012-3444 |
119 |
|
DoS Overflow |
2012-07-31 |
2013-04-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows remote attackers to cause a denial of service (process or thread consumption) via a large TIFF image. |
|
1599 |
CVE-2012-3443 |
20 |
|
DoS |
2012-07-31 |
2013-04-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service (memory consumption) by uploading an image file. |
|
1600 |
CVE-2012-3442 |
79 |
|
XSS |
2012-07-31 |
2013-04-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The (1) django.http.HttpResponseRedirect and (2) django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a data: URL. |
