Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-2211 | 1 Egroupware | 1 Egroupware | 2012-11-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpgwapi/inc/common_functions_inc.php in eGroupware before 1.8.004.20120405 allows remote attackers to inject arbitrary web script or HTML via the menuaction parameter to etemplate/process_exec.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-2615 | 2012-11-19 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-5703. Reason: This candidate is a duplicate of CVE-2012-5703. Notes: All CVE users should reference CVE-2012-5703 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2012-4566 | 1 Uninett | 1 Radsecproxy | 2012-11-19 | 6.4 MEDIUM | N/A |
| The DTLS support in radsecproxy before 1.6.2 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients, a different vulnerability than CVE-2012-4523. | |||||
| CVE-2012-5780 | 1 Amazon | 1 Merchant Sdk | 2012-11-19 | 5.8 MEDIUM | N/A |
| The Amazon merchant SDK does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2012-4582 | 1 Mcafee | 2 Email And Web Security, Email Gateway | 2012-11-19 | 4.9 MEDIUM | N/A |
| McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to reset the passwords of arbitrary administrative accounts via unspecified vectors. | |||||
| CVE-2012-4583 | 1 Mcafee | 2 Email And Web Security, Email Gateway | 2012-11-19 | 4.0 MEDIUM | N/A |
| McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to obtain the session tokens of arbitrary users by navigating within the Dashboard. | |||||
| CVE-2012-4585 | 1 Mcafee | 2 Email And Web Security, Email Gateway | 2012-11-19 | 4.0 MEDIUM | N/A |
| McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to read arbitrary files via a crafted URL. | |||||
| CVE-2012-1800 | 1 Siemens | 4 Scalance S602, Scalance S612, Scalance S613 and 1 more | 2012-11-19 | 6.1 MEDIUM | N/A |
| Stack-based buffer overflow in the Profinet DCP protocol implementation on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 allows remote attackers to cause a denial of service (device outage) or possibly execute arbitrary code via a crafted DCP frame. | |||||
| CVE-2012-1802 | 1 Siemens | 10 Scalance X-300, Scalance X-300 Firmware, Scalance X-300eec and 7 more | 2012-11-19 | 7.8 HIGH | N/A |
| Buffer overflow in the embedded web server on the Siemens Scalance X Industrial Ethernet switch X414-3E before 3.7.1, X308-2M before 3.7.2, X-300EEC before 3.7.2, XR-300 before 3.7.2, and X-300 before 3.7.2 allows remote attackers to cause a denial of service (device reboot) or possibly execute arbitrary code via a malformed URL. | |||||
| CVE-2012-1992 | 1 Cmsmadesimple | 1 Cms Made Simple | 2012-11-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/edituser.php in CMS Made Simple 1.10.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter (aka the Email Address field in the Edit User template). | |||||
| CVE-2012-1237 | 1 Icz | 1 Sencha Sns | 2012-11-19 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in SENCHA SNS before 1.0.2 allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2012-1238 | 1 Icz | 1 Sencha Sns | 2012-11-19 | 4.3 MEDIUM | N/A |
| Session fixation vulnerability in SENCHA SNS before 1.0.2 allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2011-3109 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2012-11-19 | 7.5 HIGH | N/A |
| Google Chrome before 19.0.1084.52 on Linux does not properly perform a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact by leveraging an error in the GTK implementation of the UI. | |||||
| CVE-2012-2589 | 2012-11-19 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4344. Reason: This candidate is a duplicate of CVE-2012-4344. Notes: All CVE users should reference CVE-2012-4344 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2012-4959 | 1 Novell | 1 File Reporter | 2012-11-19 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to upload and execute files via a 130 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record. | |||||
| CVE-2012-4958 | 1 Novell | 1 File Reporter | 2012-11-19 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a 126 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record. | |||||
| CVE-2012-4957 | 1 Novell | 1 File Reporter | 2012-11-19 | 7.8 HIGH | N/A |
| Absolute path traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a /FSF/CMD request with a full pathname in a PATH element of an SRS record. | |||||
| CVE-2012-5918 | 1 Razorcms | 1 Razorcms | 2012-11-19 | 4.0 MEDIUM | N/A |
| razorCMS 1.2 allows remote authenticated users to access administrator directories and files by creating and deleting a directory. | |||||
| CVE-2012-5172 | 1 Asial | 1 Monaca Debugger | 2012-11-18 | 5.0 MEDIUM | N/A |
| The Asial Monaca Debugger application before 1.4.2 for Android allows remote attackers to obtain sensitive (1) account or (2) session ID information in a system log file via a crafted application. | |||||
| CVE-2012-5898 | 1 Samedia | 1 Landshop | 2012-11-18 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in SAMEDIA LandShop 0.9.2 allows remote attackers to hijack the authentication of administrators for requests that change account settings. | |||||