# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
3201 |
CVE-2012-0135 |
|
|
DoS |
2012-04-18 |
2017-08-28 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.0 allows remote authenticated users to cause a denial of service via unknown vectors. |
3202 |
CVE-2012-0133 |
|
|
Exec Code |
2012-04-12 |
2017-08-28 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
HP ProCurve 5400 zl switches with certain serial numbers include a compact flash card that contains an unspecified virus, which might allow user-assisted remote attackers to execute arbitrary code on a PC by leveraging manual transfer of this card. |
3203 |
CVE-2012-0125 |
|
|
+Info |
2012-03-28 |
2017-12-05 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.31 allows local users to obtain access to diagnostic information via unknown vectors, a related issue to CVE-2012-0126. |
3204 |
CVE-2012-0117 |
|
|
|
2012-01-18 |
2018-01-04 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495. |
3205 |
CVE-2012-0114 |
|
|
|
2012-01-18 |
2018-07-20 |
3.0 |
None |
Local |
Medium |
Single system |
Partial |
Partial |
None |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows local users to affect confidentiality and integrity via unknown vectors. |
3206 |
CVE-2012-0112 |
|
|
|
2012-01-18 |
2018-07-20 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492. |
3207 |
CVE-2012-0111 |
|
|
|
2012-01-18 |
2017-09-18 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality and integrity via unknown vectors related to Shared Folders. |
3208 |
CVE-2012-0109 |
|
|
|
2012-01-18 |
2018-01-05 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality and availability, related to TCP/IP. |
3209 |
CVE-2012-0108 |
|
|
|
2012-10-16 |
2016-11-22 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Web, a different vulnerability than CVE-2012-0086 and CVE-2012-0095. |
3210 |
CVE-2012-0105 |
|
|
|
2012-01-18 |
2017-09-18 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Windows Guest Additions. |
3211 |
CVE-2012-0092 |
|
|
|
2012-10-16 |
2016-11-18 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect integrity via unknown vectors related to Web, a different vulnerability than CVE-2012-0090. |
3212 |
CVE-2012-0090 |
|
|
|
2012-10-16 |
2016-11-18 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect integrity via unknown vectors related to Web, a different vulnerability than CVE-2012-0092. |
3213 |
CVE-2012-0086 |
|
|
|
2012-10-16 |
2016-11-22 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Web, a different vulnerability than CVE-2012-0095 and CVE-2012-0108. |
3214 |
CVE-2012-0084 |
|
|
|
2012-01-18 |
2017-08-28 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 7.5.2, 10.1.3.5.1, 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote authenticated users to affect integrity via unknown vectors related to Content Server. |
3215 |
CVE-2012-0081 |
|
|
|
2012-01-18 |
2017-08-28 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.1.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Administration. |
3216 |
CVE-2012-0077 |
|
|
|
2012-01-18 |
2017-08-28 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4, 10.0.2, 10.3.3, 10.3.4, and 10.3.5 allows remote authenticated users to affect integrity, related to WLS-Console. |
3217 |
CVE-2012-0054 |
59 |
|
|
2012-03-19 |
2012-08-03 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
libs/updater.py in GoLismero 0.6.3, and other versions before Git revision 2b3bb43d6867, as used in backtrack and possibly other products, allows local users to overwrite arbitrary files via a symlink attack on GoLismero-controlled files, as demonstrated using Admin/changes.dat. |
3218 |
CVE-2012-0032 |
264 |
|
|
2014-04-01 |
2014-04-01 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
Red Hat JBoss Operations Network (JON) before 3.0.1 uses 0777 permissions for the root directory when installing a remote client, which allows local users to read or modify subdirectories and files within the root directory, as demonstrated by obtaining JON credentials. |
3219 |
CVE-2011-5269 |
79 |
|
XSS |
2014-01-02 |
2014-01-02 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in ProjectForge before 3.5.3 allows remote authenticated users to inject arbitrary web script or HTML via a validation message. |
3220 |
CVE-2011-5060 |
264 |
|
|
2012-01-13 |
2017-08-28 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
The par_mktmpdir function in the PAR module before 1.003 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program, a different vulnerability in a different package than CVE-2011-4114. |
3221 |
CVE-2011-5030 |
79 |
|
XSS |
2011-12-29 |
2017-08-28 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the Meta tags quick module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors, probably related to "names of entity bundles." |
3222 |
CVE-2011-5000 |
189 |
|
DoS |
2012-04-05 |
2012-07-21 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant. |
3223 |
CVE-2011-4830 |
79 |
1
|
XSS |
2011-12-14 |
2011-12-15 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in the com_listing component in Barter Sites component 1.3 for Joomla! allow remote authenticated users to inject arbitrary web script or HTML via the (1) listing_title, (2) description, (3) homeurl (aka Website Address), (4) paystring (aka Payment types accepted), (5) sell_price, (6) shipping_cost, and (7) quantity parameters to index.php. |
3224 |
CVE-2011-4606 |
264 |
|
|
2011-12-14 |
2011-12-15 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
Artsoft Entertainment Rocks'n'Diamonds (aka rocksndiamonds) 3.3.0.1 allows local users to overwrite arbitrary files via a symlink attack on .rocksndiamonds/cache/artworkinfo.cache under a user's home directory. |
3225 |
CVE-2011-4573 |
264 |
|
|
2014-04-01 |
2014-04-01 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Red Hat JBoss Operations Network (JON) before 2.4.2 does not properly enforce "modify resource" permissions for remote authenticated users when deleting a plug-in configuration update from the group connection properties history, which prevents such activities from being recorded in the audit trail. |
3226 |
CVE-2011-4560 |
79 |
|
XSS |
2011-11-28 |
2017-08-28 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the Petition Node module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to signing a petition. |
3227 |
CVE-2011-4497 |
200 |
|
+Info |
2011-11-21 |
2011-11-21 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
QIS_wizard.htm on the ASUS RT-N56U router with firmware before 1.0.1.4o allows remote attackers to obtain the administrator password via a flag=detect request. |
3228 |
CVE-2011-4459 |
264 |
|
Bypass |
2012-06-04 |
2012-09-28 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not properly disable groups, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a group membership. |
3229 |
CVE-2011-4436 |
79 |
|
XSS |
2011-11-11 |
2011-11-14 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface on the Dell KACE K2000 System Deployment Appliance allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
3230 |
CVE-2011-4434 |
264 |
|
Bypass |
2011-11-11 |
2018-10-30 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags. |
3231 |
CVE-2011-4406 |
264 |
|
|
2014-04-16 |
2014-04-17 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified vectors. |
3232 |
CVE-2011-4346 |
79 |
|
XSS |
2011-12-10 |
2011-12-12 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the web interface in Red Hat Network (RHN) Satellite 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field of the asset tag in a Custom Info page. |
3233 |
CVE-2011-4340 |
79 |
1
|
XSS |
2012-02-12 |
2017-08-28 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.2.3 and possibly other versions before 2.2.4 allow remote authenticated users with Author privileges to inject arbitrary web script or HTML via (1) the profile parameter to extensions/profiledevkit/content/content.profile.php, as demonstrated via requests to (a) the default URI, (b) about/, or (c) drafts/; or (2) the filter parameter in symphony/lib/core/class.symphony.php, as demonstrated via requests to (d) symphony/publish/comments or (e) symphony/publish/images. NOTE: some of these details are obtained from third party information. |
3234 |
CVE-2011-4339 |
264 |
|
|
2011-12-14 |
2017-08-28 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux (RHEL) 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this file. |
3235 |
CVE-2011-4316 |
264 |
|
|
2013-01-04 |
2013-01-07 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, in certain unspecified conditions, does not lock the desktop screen between SPICE sessions, which allows local users with access to a virtual machine to gain access to other users' desktop sessions via unspecified vectors. |
3236 |
CVE-2011-4190 |
310 |
|
+Info |
2018-06-08 |
2018-12-19 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in that the kdump implementation is specific to SUSE. A remote malicious kdump server could use this flaw to impersonate the correct kdump server to obtain security sensitive information (kdump core files). |
3237 |
CVE-2011-4160 |
|
|
Bypass |
2011-11-23 |
2012-02-16 |
3.2 |
None |
Local |
Low |
Single system |
Partial |
Partial |
None |
Unspecified vulnerability in HP Operations Agent 11.00 and Performance Agent 4.73 and 5.0 on AIX, HP-UX, Linux, and Solaris allows local users to bypass intended directory-access restrictions via unknown vectors. |
3238 |
CVE-2011-4114 |
264 |
|
|
2012-01-13 |
2012-02-08 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
The par_mktmpdir function in the PAR::Packer module before 1.012 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program. NOTE: a similar vulnerability was reported for PAR, but this has been assigned a different CVE identifier. |
3239 |
CVE-2011-4060 |
59 |
|
|
2011-10-17 |
2017-09-01 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
The runtime linker in QNX Neutrino RTOS 6.5.0 before Service Pack 1 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environment variables when a program is spawned from a setuid program, which allows local users to overwrite files via a symlink attack. |
3240 |
CVE-2011-3978 |
79 |
|
XSS |
2011-10-04 |
2018-10-09 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy.php in LightNEasy 3.2.4 allow remote authenticated users to inject arbitrary web script or HTML via the (1) commentemail, (2) commentmessage, or (3) commentname parameter in a sendcomment action for the news page. |
3241 |
CVE-2011-3592 |
79 |
|
XSS |
2014-12-25 |
2014-12-29 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in the PMA_unInlineEditRow function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a (1) database name, (2) table name, or (3) column name that is not properly handled after an inline-editing operation. |
3242 |
CVE-2011-3591 |
79 |
|
XSS |
2014-12-25 |
2014-12-29 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editing and save operations, related to (1) js/functions.js and (2) js/tbl_structure.js. |
3243 |
CVE-2011-3574 |
|
|
|
2012-01-18 |
2012-02-07 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
Unspecified vulnerability in Oracle Communications Unified 7.0 allows local users to affect confidentiality and integrity via unknown vectors related to Calendar Server. |
3244 |
CVE-2011-3571 |
|
|
|
2012-01-18 |
2018-01-05 |
3.6 |
None |
Remote |
High |
Single system |
Partial |
Partial |
None |
Unspecified vulnerability in the Virtual Desktop Infrastructure (VDI) component in Oracle Virtualization 3.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Session. NOTE: this CVE identifier was accidentally used for a Concurrency issue in Java Runtime Environment, but that issue has been reassigned to CVE-2012-0507. |
3245 |
CVE-2011-3553 |
|
|
|
2011-10-19 |
2018-01-05 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote authenticated users to affect confidentiality, related to JAXWS. |
3246 |
CVE-2011-3523 |
|
|
|
2011-10-18 |
2017-08-28 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 10.1.3.5.0 and 10.1.3.5.1 allows remote authenticated users to affect integrity, related to WSM Console, a different vulnerability than CVE-2011-2237. |
3247 |
CVE-2011-3519 |
|
|
|
2011-10-18 |
2012-11-06 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.2 and 12.1.3 allows remote authenticated users to affect confidentiality, related to REST Services. |
3248 |
CVE-2011-3511 |
|
|
|
2011-10-18 |
2017-08-28 |
3.6 |
None |
Remote |
High |
Single system |
None |
Partial |
Partial |
Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.2 allows remote authenticated users to affect integrity and availability via unknown vectors related to Privileged Account. |
3249 |
CVE-2011-3507 |
|
|
|
2011-10-18 |
2012-11-06 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Unspecified vulnerability in the Oracle Communications Unified component in Oracle Sun Products Suite 7.0 allows remote authenticated users to affect integrity via unknown vectors related to Messaging Server. |
3250 |
CVE-2011-3289 |
264 |
|
Bypass |
2012-05-02 |
2012-10-29 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
Cisco IOS 12.4 and 15.0 through 15.2 allows physically proximate attackers to bypass the No Service Password-Recovery feature and read the start-up configuration via unspecified vectors, aka Bug ID CSCtr97640. |