| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
63151 |
CVE-2012-3118 |
|
|
|
2012-07-17 |
2017-12-21 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote authenticated users to affect confidentiality, related to PANPROC. |
|
63152 |
CVE-2012-3117 |
|
|
|
2012-07-17 |
2017-12-21 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, and 6.2 allows remote authenticated users to affect confidentiality via unknown vectors related to HTTP. |
|
63153 |
CVE-2012-3115 |
|
|
|
2012-07-17 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the Oracle MapViewer component in Oracle Fusion Middleware 10.1.3.1, 11.1.1.5, and 11.1.1.6 allows remote attackers to affect integrity via unknown vectors related to Install. |
|
63154 |
CVE-2012-3114 |
|
|
|
2012-07-17 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, and 6.2 allows remote attackers to affect integrity via unknown vectors. |
|
63155 |
CVE-2012-3113 |
|
|
|
2012-07-17 |
2017-08-28 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.0.20 allows remote authenticated users to affect confidentiality and integrity, related to EPERF. |
|
63156 |
CVE-2012-3112 |
|
|
|
2012-07-17 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect integrity via unknown vectors related to Solaris Management Console. |
|
63157 |
CVE-2012-3105 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-06-05 |
2017-09-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The glBufferData function in the WebGL implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not properly mitigate an unspecified flaw in an NVIDIA driver, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a related issue to CVE-2011-3101. |
|
63158 |
CVE-2012-3096 |
|
|
DoS |
2012-09-16 |
2017-08-28 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Cisco Unity Connection (UC) 7.1, 8.0, and 8.5 allows remote authenticated users to cause a denial of service (resource consumption and administration outage) via extended use of the product, aka Bug ID CSCtd79132. |
|
63159 |
CVE-2012-3094 |
200 |
|
+Info |
2012-09-16 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The VPN downloader in the download_install component in Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495 on Linux accepts arbitrary X.509 server certificates without user interaction, which allows remote attackers to obtain sensitive information via vectors involving an invalid certificate, aka Bug ID CSCua11967. |
|
63160 |
CVE-2012-3088 |
|
|
|
2012-09-16 |
2017-08-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3.2.x, does not check whether an HTTP request originally contains ScanSafe headers, which allows remote attackers to have an unspecified impact via a crafted request, aka Bug ID CSCua13166. |
|
63161 |
CVE-2012-3079 |
399 |
|
DoS |
2012-09-16 |
2017-08-28 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco IOS 12.2 allows remote attackers to cause a denial of service (CPU consumption) by establishing many IPv6 neighbors, aka Bug ID CSCtn78957. |
|
63162 |
CVE-2012-3076 |
78 |
|
Exec Code |
2012-07-12 |
2012-07-12 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
The administrative web interface on Cisco TelePresence Recording Server before 1.8.0 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Bug ID CSCth85804. |
|
63163 |
CVE-2012-3075 |
78 |
|
Exec Code |
2012-07-12 |
2012-07-12 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
The administrative web interface on Cisco TelePresence Immersive Endpoint Devices before 1.7.4 allows remote authenticated users to execute arbitrary commands via a malformed request on TCP port 443, aka Bug ID CSCtn99724. |
|
63164 |
CVE-2012-3074 |
78 |
|
Exec Code |
2012-07-12 |
2018-10-30 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
An unspecified API on Cisco TelePresence Immersive Endpoint Devices before 1.9.1 allows remote attackers to execute arbitrary commands by leveraging certain adjacency and sending a malformed request on TCP port 61460, aka Bug ID CSCtz38382. |
|
63165 |
CVE-2012-3073 |
|
|
DoS |
2012-07-12 |
2018-10-30 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The IP implementation on Cisco TelePresence Multipoint Switch before 1.8.1, Cisco TelePresence Manager before 1.9.0, and Cisco TelePresence Recording Server 1.8 and earlier allows remote attackers to cause a denial of service (networking outage or process crash) via (1) malformed IP packets, (2) a high rate of TCP connection requests, or (3) a high rate of TCP connection terminations, aka Bug IDs CSCti21830, CSCti21851, CSCtj19100, CSCtj19086, CSCtj19078, CSCty11219, CSCty11299, CSCty11323, and CSCty11338. |
|
63166 |
CVE-2012-3063 |
362 |
|
Bypass |
2012-06-20 |
2013-03-21 |
7.1 |
None |
Remote |
High |
Single system |
Complete |
Complete |
Complete |
|
Cisco Application Control Engine (ACE) before A4(2.3) and A5 before A5(1.1), when multicontext mode is enabled, does not properly share a management IP address among multiple contexts, which allows remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances, and read or modify configuration settings, via a login attempt to a context, aka Bug ID CSCts30631, a different vulnerability than CVE-2012-3058. |
|
63167 |
CVE-2012-3062 |
20 |
|
DoS |
2014-04-23 |
2014-04-23 |
5.7 |
None |
Local Network |
Medium |
Not required |
None |
None |
Complete |
|
Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193. |
|
63168 |
CVE-2012-3060 |
399 |
|
DoS |
2012-09-16 |
2017-08-28 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco Unity Connection (UC) 8.6, 9.0, and 9.5 allows remote attackers to cause a denial of service (CPU consumption) via malformed UDP packets, aka Bug ID CSCtz76269. |
|
63169 |
CVE-2012-3058 |
|
|
DoS |
2012-06-20 |
2013-03-21 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(4.1), 8.5 before 8.5(1.11), and 8.6 before 8.6(1.3) allow remote attackers to cause a denial of service (device reload) via IPv6 transit traffic that triggers syslog message 110003, aka Bug ID CSCua27134. |
|
63170 |
CVE-2012-3057 |
119 |
|
Exec Code Overflow |
2012-06-29 |
2018-12-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted size field in audio data within a WRF file, aka Bug ID CSCtz00755. |
|
63171 |
CVE-2012-3056 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-06-29 |
2018-12-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted WRF file, aka Bug ID CSCtz72946. |
|
63172 |
CVE-2012-3055 |
119 |
|
Exec Code Overflow |
2012-06-29 |
2018-12-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted DHT chunk in a JPEG image within a WRF file, aka Bug ID CSCtz72953. |
|
63173 |
CVE-2012-3054 |
119 |
|
Exec Code Overflow |
2012-06-29 |
2018-12-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72977. |
|
63174 |
CVE-2012-3053 |
119 |
|
Exec Code Overflow |
2012-06-29 |
2018-12-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the Cisco WebEx Advanced Recording Format (ARF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted ARF file, aka Bug ID CSCtz72985. |
|
63175 |
CVE-2012-3052 |
|
|
+Priv |
2012-09-16 |
2012-09-17 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in Cisco VPN Client 5.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka Bug ID CSCua28747. |
|
63176 |
CVE-2012-3051 |
|
|
DoS |
2012-09-16 |
2013-03-21 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
Cisco NX-OS 5.2 and 6.1 on Nexus 7000 series switches allows remote attackers to cause a denial of service (process crash or packet loss) via a large number of ARP packets, aka Bug ID CSCtr44822. |
|
63177 |
CVE-2012-3047 |
79 |
|
XSS |
2013-12-10 |
2013-12-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the web-wizard setup page on Cisco Scientific Atlanta D20 and D30 cable modems allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
63178 |
CVE-2012-3040 |
79 |
|
XSS |
2012-10-10 |
2013-06-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the web server on Siemens SIMATIC S7-1200 PLCs 2.x through 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. |
|
63179 |
CVE-2012-3039 |
310 |
|
|
2013-08-09 |
2013-08-12 |
7.1 |
None |
Remote |
High |
Single system |
Complete |
Complete |
Complete |
|
Moxa OnCell Gateway G3111, G3151, G3211, and G3251 devices with firmware before 1.4 do not use a sufficient source of entropy for SSH and SSL keys, which makes it easier for remote attackers to obtain access by leveraging knowledge of a key from a product installation elsewhere. |
|
63180 |
CVE-2012-3037 |
310 |
|
|
2012-09-25 |
2012-09-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Siemens SIMATIC S7-1200 2.x PLC does not properly protect the private key of the SIMATIC CONTROLLER Certification Authority certificate, which allows remote attackers to spoof the S7-1200 web server by using this key to create a forged certificate. |
|
63181 |
CVE-2012-3035 |
119 |
|
DoS Overflow |
2012-10-01 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in Emerson DeltaV 9.3.1 and 10.3 through 11.3.1 allows remote attackers to cause a denial of service (daemon crash) via a long string to an unspecified port. |
|
63182 |
CVE-2012-3034 |
200 |
|
+Info |
2012-09-18 |
2012-09-19 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to discover a username and password via crafted parameters to unspecified methods in ActiveX controls. |
|
63183 |
CVE-2012-3032 |
89 |
|
Exec Code Sql |
2012-09-18 |
2012-09-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to execute arbitrary SQL commands via a crafted SOAP message. |
|
63184 |
CVE-2012-3031 |
79 |
|
XSS |
2012-09-18 |
2012-09-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allow remote attackers to inject arbitrary web script or HTML via a (1) GET parameter, (2) POST parameter, or (3) Referer HTTP header. |
|
63185 |
CVE-2012-3030 |
264 |
|
|
2012-09-18 |
2012-12-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, stores sensitive information under the web root with insufficient access control, which allows remote attackers to read a (1) log file or (2) configuration file via a direct request. |
|
63186 |
CVE-2012-3028 |
352 |
|
DoS CSRF |
2012-09-18 |
2012-09-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data or cause a denial of service. |
|
63187 |
CVE-2012-3026 |
20 |
|
DoS Exec Code Mem. Corr. |
2012-11-01 |
2013-04-12 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a different vulnerability than CVE-2012-3010 and CVE-2012-3021. |
|
63188 |
CVE-2012-3025 |
310 |
|
+Info |
2012-08-16 |
2012-08-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The default configuration of Tridium Niagara AX Framework through 3.6 uses a cleartext base64 format for transmission of credentials in cookies, which allows remote attackers to obtain sensitive information by sniffing the network. |
|
63189 |
CVE-2012-3024 |
287 |
|
Bypass |
2012-08-16 |
2012-08-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Tridium Niagara AX Framework through 3.6 uses predictable values for (1) session IDs and (2) keys, which might allow remote attackers to bypass authentication via a brute-force attack. |
|
63190 |
CVE-2012-3022 |
264 |
|
|
2013-04-16 |
2013-04-16 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
The SaveToFile method in a certain ActiveX control in TrendDisplay.dll in Canary Labs TrendLink 9.0.2.27051 and earlier does not properly restrict the creation of files, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a crafted web site. |
|
63191 |
CVE-2012-3021 |
20 |
|
DoS Exec Code Mem. Corr. |
2012-11-01 |
2013-04-12 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a different vulnerability than CVE-2012-3010 and CVE-2012-3026. |
|
63192 |
CVE-2012-3020 |
255 |
|
|
2012-08-06 |
2012-08-07 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Siemens Synco OZW Web Server devices OZW672.*, OZW772.*, and OZW775 with firmware before 4 have an unspecified default password, which makes it easier for remote attackers to obtain administrative access via a network session. |
|
63193 |
CVE-2012-3018 |
310 |
|
Bypass |
2012-07-31 |
2012-07-31 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain administrative access by predicting a challenge response. |
|
63194 |
CVE-2012-3017 |
119 |
|
DoS Overflow |
2012-07-31 |
2012-07-31 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Siemens SIMATIC S7-400 PN CPU devices with firmware 5.x allow remote attackers to cause a denial of service (defect-mode transition and service outage) via (1) malformed HTTP traffic or (2) malformed IP packets. |
|
63195 |
CVE-2012-3016 |
|
|
DoS |
2012-07-31 |
2012-07-31 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Siemens SIMATIC S7-400 PN CPU devices with firmware 6 before 6.0.3 allow remote attackers to cause a denial of service (defect-mode transition and service outage) via crafted ICMP packets. |
|
63196 |
CVE-2012-3015 |
|
|
+Priv |
2012-07-26 |
2012-07-30 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in Siemens SIMATIC STEP7 before 5.5 SP1, as used in SIMATIC PCS7 7.1 SP3 and earlier and other products, allows local users to gain privileges via a Trojan horse DLL in a STEP7 project folder. |
|
63197 |
CVE-2012-3014 |
255 |
|
+Priv |
2012-09-04 |
2012-09-04 |
7.7 |
None |
Local Network |
Low |
Single system |
Complete |
Complete |
Complete |
|
The Management Software application in GarrettCom Magnum MNS-6K before 4.4.0, and 14.x before 14.4.0, has a hardcoded password for an administrative account, which allows local users to gain privileges via unspecified vectors. |
|
63198 |
CVE-2012-3013 |
255 |
|
|
2012-09-06 |
2013-10-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) devices have default passwords for unspecified Web Based Management accounts, which makes it easier for remote attackers to obtain administrative access via a TCP session. |
|
63199 |
CVE-2012-3012 |
119 |
|
DoS Overflow |
2012-09-05 |
2012-09-13 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The Arbiter Power Sentinel 1133A device with firmware before 11Jun2012 Rev 421 allows remote attackers to cause a denial of service (Ethernet outage) via unspecified Ethernet traffic that fills a buffer, as demonstrated by a port scan. |
|
63200 |
CVE-2012-3011 |
22 |
|
Dir. Trav. |
2012-09-25 |
2013-03-01 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Directory traversal vulnerability in the web server in Fultek WinTr Scada 4.0.5 and earlier allows remote attackers to read arbitrary files via a crafted request. |
