| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
2251 |
CVE-2012-2565 |
264 |
|
|
2012-06-09 |
2012-08-19 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Bloxx Web Filtering before 5.0.14 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table approach. |
|
2252 |
CVE-2012-2564 |
352 |
|
CSRF |
2012-06-09 |
2012-08-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Bloxx Web Filtering before 5.0.14 allow remote attackers to hijack the authentication of administrators for requests that perform administrative actions. |
|
2253 |
CVE-2012-2563 |
79 |
|
XSS |
2012-06-09 |
2012-08-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Bloxx Web Filtering before 5.0.14 allow (1) remote attackers to inject arbitrary web script or HTML via web traffic that is examined within the Bloxx Reports component, and allow (2) remote authenticated administrators to inject arbitrary web script or HTML via vectors involving administrative menu functions. |
|
2254 |
CVE-2012-2562 |
287 |
|
Exec Code |
2012-05-22 |
2017-08-29 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
The Xelex MobileTrack application 2.3.7 and earlier for Android does not verify the origin of SMS commands, which allows remote attackers to execute a (1) LOCATE, (2) TRACK, (3) UPDATECFG, (4) UPDATEACCT, (5) STAT, (6) TERM, or (7) WIPE command via an SMS message. |
|
2255 |
CVE-2012-2561 |
264 |
|
Exec Code |
2012-05-21 |
2013-05-25 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
HP Business Service Management (BSM) 9.12 does not properly restrict the uploading of .war files, which allows remote attackers to execute arbitrary JSP code within the JBOSS Application Server component via a crafted request to TCP port 1098, 1099, or 4444. |
|
2256 |
CVE-2012-2560 |
22 |
|
Dir. Trav. |
2012-07-05 |
2012-07-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in WellinTech KingView 6.53 allows remote attackers to read arbitrary files via a crafted HTTP request to port 8001. |
|
2257 |
CVE-2012-2559 |
399 |
|
DoS Exec Code |
2012-07-05 |
2012-07-17 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
WellinTech KingHistorian 3.0 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer write) via a crafted packet to TCP port 5678. |
|
2258 |
CVE-2012-2557 |
399 |
|
Exec Code |
2012-09-21 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "cloneNode Use After Free Vulnerability." |
|
2259 |
CVE-2012-2556 |
94 |
|
Exec Code |
2012-12-12 |
2020-09-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary code via a crafted OpenType font file, aka "OpenType Font Parsing Vulnerability." |
|
2260 |
CVE-2012-2553 |
399 |
|
+Priv |
2012-11-14 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability." |
|
2261 |
CVE-2012-2552 |
79 |
|
XSS |
2012-10-09 |
2018-10-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected XSS Vulnerability." |
|
2262 |
CVE-2012-2551 |
|
|
DoS |
2012-10-09 |
2020-09-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, and Windows 7 Gold and SP1, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted session request, aka "Kerberos NULL Dereference Vulnerability." |
|
2263 |
CVE-2012-2550 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-10-09 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Works 9 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Word .doc file, aka "Works Heap Vulnerability." |
|
2264 |
CVE-2012-2549 |
20 |
|
Bypass |
2012-12-12 |
2020-09-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The IP-HTTPS server in Windows Server 2008 R2 and R2 SP1 and Server 2012 does not properly validate certificates, which allows remote attackers to bypass intended access restrictions via a revoked certificate, aka "Revoked Certificate Bypass Vulnerability." |
|
2265 |
CVE-2012-2548 |
399 |
|
Exec Code |
2012-09-21 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Layout Use After Free Vulnerability." |
|
2266 |
CVE-2012-2546 |
399 |
|
Exec Code |
2012-09-21 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Event Listener Use After Free Vulnerability." |
|
2267 |
CVE-2012-2543 |
119 |
|
Exec Code Overflow |
2012-11-14 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Stack Overflow Vulnerability." |
|
2268 |
CVE-2012-2539 |
399 |
|
DoS Exec Code Mem. Corr. |
2012-12-12 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2010 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "Word RTF 'listoverridecount' Remote Code Execution Vulnerability." |
|
2269 |
CVE-2012-2536 |
79 |
|
XSS |
2012-09-11 |
2018-10-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability." |
|
2270 |
CVE-2012-2532 |
200 |
|
+Info |
2012-11-14 |
2021-02-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka "FTP Command Injection Vulnerability." |
|
2271 |
CVE-2012-2531 |
200 |
|
+Info |
2012-11-14 |
2021-02-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka "Password Disclosure Vulnerability." |
|
2272 |
CVE-2012-2530 |
399 |
|
+Priv |
2012-11-14 |
2020-09-28 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability." |
|
2273 |
CVE-2012-2529 |
189 |
|
Overflow +Priv |
2012-10-09 |
2020-09-28 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Windows Kernel Integer Overflow Vulnerability." |
|
2274 |
CVE-2012-2528 |
399 |
|
Exec Code |
2012-10-09 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; Word Automation Services on Microsoft SharePoint Server 2010; and Office Web Apps 2010 SP1 allows remote attackers to execute arbitrary code via a crafted RTF document, aka "RTF File listid Use-After-Free Vulnerability." |
|
2275 |
CVE-2012-2527 |
399 |
|
+Priv |
2012-08-15 |
2020-09-28 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability." |
|
2276 |
CVE-2012-2526 |
94 |
|
Exec Code |
2012-08-15 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP3 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to a deleted object, aka "Remote Desktop Protocol Vulnerability." |
|
2277 |
CVE-2012-2524 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-08-15 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Computer Graphics Metafile (CGM) file, aka "CGM File Format Memory Corruption Vulnerability." |
|
2278 |
CVE-2012-2523 |
189 |
|
Exec Code Overflow |
2012-08-15 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in Microsoft Internet Explorer 8 and 9, JScript 5.8, and VBScript 5.8 on 64-bit platforms allows remote attackers to execute arbitrary code by leveraging an incorrect size calculation during object copying, aka "JavaScript Integer Overflow Remote Code Execution Vulnerability." |
|
2279 |
CVE-2012-2522 |
94 |
|
Exec Code Mem. Corr. |
2012-08-15 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a malformed virtual function table after this table's deletion, aka "Virtual Function Table Corruption Remote Code Execution Vulnerability." |
|
2280 |
CVE-2012-2521 |
94 |
|
Exec Code |
2012-08-15 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Asynchronous NULL Object Access Remote Code Execution Vulnerability." |
|
2281 |
CVE-2012-2520 |
79 |
|
XSS |
2012-10-09 |
2018-10-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability." |
|
2282 |
CVE-2012-2519 |
|
|
+Priv |
2012-11-14 |
2020-09-28 |
7.9 |
None |
Local Network |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability." |
|
2283 |
CVE-2012-2516 |
78 |
|
Exec Code |
2012-07-05 |
2012-07-17 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module (aka the HTML Help component), as used in GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; Proficy HMI/SCADA iFIX 5.0 and 5.1; Proficy Pulse 1.0; Proficy Batch Execution 5.6; SI7 I/O Driver 7.20 through 7.42; and other products, allows remote attackers to execute arbitrary commands via crafted input, related to a "command injection vulnerability." |
|
2284 |
CVE-2012-2515 |
119 |
|
Exec Code Overflow |
2012-07-05 |
2012-07-17 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX control in KeyHelp.ocx 1.2.312 in KeyWorks KeyHelp Module (aka the HTML Help component), as used in EMC Documentum ApplicationXtender Desktop 5.4; EMC Captiva Quickscan Pro 4.6 SP1; GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; GE Intelligent Platforms Proficy HMI/SCADA iFIX 5.0 and 5.1; GE Intelligent Platforms Proficy Pulse 1.0; GE Intelligent Platforms Proficy Batch Execution 5.6; GE Intelligent Platforms SI7 I/O Driver 7.20 through 7.42; and other products, allow remote attackers to execute arbitrary code via a long string in the second argument to the (1) JumpMappedID or (2) JumpURL method. |
|
2285 |
CVE-2012-2514 |
119 |
|
DoS Overflow |
2012-05-15 |
2017-12-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. |
|
2286 |
CVE-2012-2513 |
119 |
|
DoS Overflow |
2012-05-15 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Diaginput function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. |
|
2287 |
CVE-2012-2512 |
119 |
|
DoS Overflow |
2012-05-15 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The DiagTraceStreamI function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. |
|
2288 |
CVE-2012-2511 |
119 |
|
DoS Overflow |
2012-05-15 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The DiagTraceAtoms function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. |
|
2289 |
CVE-2012-2500 |
310 |
|
|
2012-08-06 |
2012-08-07 |
4.0 |
None |
Remote |
High |
Not required |
Partial |
Partial |
None |
|
Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate during WebLaunch of IPsec, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29470. |
|
2290 |
CVE-2012-2499 |
310 |
|
|
2012-08-06 |
2012-08-07 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The IPsec implementation in Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz26985. |
|
2291 |
CVE-2012-2498 |
287 |
|
|
2012-08-06 |
2012-08-07 |
4.0 |
None |
Remote |
High |
Not required |
Partial |
Partial |
None |
|
Cisco AnyConnect Secure Mobility Client 3.0 through 3.0.08066 does not ensure that authentication makes use of a legitimate certificate, which allows user-assisted man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29197. |
|
2292 |
CVE-2012-2496 |
20 |
|
Exec Code |
2012-06-20 |
2012-08-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict use of Java components, which allows remote attackers to execute arbitrary code via a crafted web site, aka Bug ID CSCty45925. |
|
2293 |
CVE-2012-2495 |
20 |
|
|
2012-06-20 |
2012-06-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtx74235. |
|
2294 |
CVE-2012-2494 |
20 |
|
|
2012-06-20 |
2012-06-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 and 3.x before 3.0 MR8 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtw48681. |
|
2295 |
CVE-2012-2493 |
20 |
|
Exec Code |
2012-06-20 |
2012-06-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug ID CSCtw47523. |
|
2296 |
CVE-2012-2490 |
20 |
|
|
2012-08-06 |
2012-08-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Cisco IP Communicator 8.6 allows man-in-the-middle attackers to modify the Certificate Trust List via unspecified vectors, aka Bug ID CSCtz01471. |
|
2297 |
CVE-2012-2488 |
20 |
|
DoS |
2012-05-31 |
2012-08-25 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series devices allows remote attackers to cause a denial of service (packet transmission outage) via a crafted packet, aka Bug IDs CSCty94537 and CSCtz62593. |
|
2298 |
CVE-2012-2486 |
94 |
|
Exec Code |
2012-07-12 |
2018-10-30 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Cisco Discovery Protocol (CDP) implementation on Cisco TelePresence Multipoint Switch before 1.9.0, Cisco TelePresence Immersive Endpoint Devices before 1.9.1, Cisco TelePresence Manager before 1.9.0, and Cisco TelePresence Recording Server before 1.8.1 allows remote attackers to execute arbitrary code by leveraging certain adjacency and sending a malformed CDP packet, aka Bug IDs CSCtz40953, CSCtz40947, CSCtz40965, and CSCtz40953. |
|
2299 |
CVE-2012-2474 |
200 |
|
DoS +Info |
2012-08-06 |
2012-08-07 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.4 allows remote authenticated users to cause a denial of service (memory consumption and blank response page) by using the clientless WebVPN feature, aka Bug ID CSCth34278. |
|
2300 |
CVE-2012-2472 |
399 |
|
DoS |
2012-08-06 |
2012-08-07 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 and 8.4, when SIP inspection is enabled, create many identical pre-allocated secondary pinholes, which might allow remote attackers to cause a denial of service (CPU consumption) via crafted SIP traffic, aka Bug ID CSCtz63143. |
