Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-3088 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2017-08-29 | 9.3 HIGH | N/A |
| Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3.2.x, does not check whether an HTTP request originally contains ScanSafe headers, which allows remote attackers to have an unspecified impact via a crafted request, aka Bug ID CSCua13166. | |||||
| CVE-2012-3094 | 2 Cisco, Linux | 2 Anyconnect Secure Mobility Client, Linux Kernel | 2017-08-29 | 5.0 MEDIUM | N/A |
| The VPN downloader in the download_install component in Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495 on Linux accepts arbitrary X.509 server certificates without user interaction, which allows remote attackers to obtain sensitive information via vectors involving an invalid certificate, aka Bug ID CSCua11967. | |||||
| CVE-2012-3096 | 1 Cisco | 1 Unity Connection | 2017-08-29 | 4.0 MEDIUM | N/A |
| Cisco Unity Connection (UC) 7.1, 8.0, and 8.5 allows remote authenticated users to cause a denial of service (resource consumption and administration outage) via extended use of the product, aka Bug ID CSCtd79132. | |||||
| CVE-2012-3111 | 1 Oracle | 1 Peoplesoft Products | 2017-08-29 | 3.5 LOW | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect integrity, related to TECH, a different vulnerability than CVE-2012-1762. | |||||
| CVE-2012-3112 | 1 Sun | 1 Sunos | 2017-08-29 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect integrity via unknown vectors related to Solaris Management Console. | |||||
| CVE-2012-3113 | 1 Oracle | 1 Peoplesoft Products | 2017-08-29 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.0.20 allows remote authenticated users to affect confidentiality and integrity, related to EPERF. | |||||
| CVE-2012-3114 | 1 Oracle | 1 Supply Chain Products Suite | 2017-08-29 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, and 6.2 allows remote attackers to affect integrity via unknown vectors. | |||||
| CVE-2012-3115 | 1 Oracle | 1 Fusion Middleware | 2017-08-29 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle MapViewer component in Oracle Fusion Middleware 10.1.3.1, 11.1.1.5, and 11.1.1.6 allows remote attackers to affect integrity via unknown vectors related to Install. | |||||
| CVE-2012-3120 | 1 Sun | 1 Sunos | 2017-08-29 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Oracle Sun Solaris 8 allows remote attackers to affect availability, related to TCP/IP. | |||||
| CVE-2012-3121 | 1 Sun | 1 Sunos | 2017-08-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows remote attackers to affect availability via unknown vectors related to in.tnamed and NameServer. | |||||
| CVE-2012-3122 | 1 Sun | 1 Sunos | 2017-08-29 | 2.6 LOW | N/A |
| Unspecified vulnerability in Oracle Sun Solaris 8 and 9 allows local users to affect confidentiality and integrity via unknown vectors related to sort. | |||||
| CVE-2012-3124 | 1 Sun | 1 Sunos | 2017-08-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect availability, related to Kernel/KSSL. | |||||
| CVE-2012-3125 | 1 Sun | 1 Sunos | 2017-08-29 | 7.1 HIGH | N/A |
| Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows remote attackers to affect availability, related to TCP/IP. | |||||
| CVE-2012-3126 | 1 Oracle | 1 Sun Products Suite | 2017-08-29 | 6.2 MEDIUM | N/A |
| Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent. | |||||
| CVE-2012-3127 | 1 Sun | 1 Sunos | 2017-08-29 | 5.4 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect availability, related to SCTP. | |||||
| CVE-2012-3128 | 1 Oracle | 14 Netra Sparc T3-1, Netra Sparc T3-1b, Netra Sparc T4-1 and 11 more | 2017-08-29 | 3.7 LOW | N/A |
| Unspecified vulnerability in Oracle SPARC T-Series Servers running System Firmware 8.2.0 and 8.1.4.e or earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Integrated Lights Out Manager. | |||||
| CVE-2012-3129 | 1 Sun | 1 Sunos | 2017-08-29 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, integrity, and availability, related to Gnome PDF viewer. | |||||
| CVE-2012-3130 | 1 Sun | 1 Sunos | 2017-08-29 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect integrity via unknown vectors related to pkg.depotd. | |||||
| CVE-2012-3131 | 1 Sun | 1 Sunos | 2017-08-29 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Sun Solaris 9, 10, and 11 allows remote attackers to affect confidentiality, related to Network/NFS. | |||||
| CVE-2012-3141 | 1 Oracle | 1 Financial Services Software | 2017-08-29 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0, and 11.0.0 through 11.2.0 allows remote authenticated users to affect integrity, related to BASE, a different vulnerability than CVE-2012-3227. | |||||
| CVE-2012-3142 | 1 Oracle | 1 Financial Services Software | 2017-08-29 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.5, 5.1.0, 5.2.0, and 5.3.0 through 5.3.4 allows remote authenticated users to affect confidentiality, related to BASE. | |||||
| CVE-2012-3145 | 1 Oracle | 1 Financial Services Software | 2017-08-29 | 1.5 LOW | N/A |
| Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.0.5, 5.1.0, 5.2.0, 5.3.0 through 5.3.4, and 6.2.0 allows local users to affect confidentiality, related to BASE. | |||||
| CVE-2012-3152 | 1 Oracle | 1 Fusion Middleware | 2017-08-29 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component. NOTE: the previous information is from the October 2012 CPU. Oracle has not commented on claims from the original researcher that the URLPARAMETER functionality allows remote attackers to read and upload arbitrary files to reports/rwservlet, and that this issue occurs in earlier versions. NOTE: this can be leveraged with CVE-2012-3153 to execute arbitrary code by uploading a .jsp file. | |||||
| CVE-2012-3153 | 1 Oracle | 1 Fusion Middleware | 2017-08-29 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Servlet. NOTE: the previous information is from the October 2012 CPU. Oracle has not commented on claims from the original researcher that the PARSEQUERY function allows remote attackers to obtain database credentials via reports/rwservlet/parsequery, and that this issue occurs in earlier versions. NOTE: this can be leveraged with CVE-2012-3152 to execute arbitrary code by uploading a .jsp file. | |||||
| CVE-2012-3157 | 1 Oracle | 1 Financial Services Software | 2017-08-29 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.0.5, 5.1.0, 5.2.0, 5.3.0 through 5.3.4, 6.0.1, 6.2.0, and 12 allows remote authenticated users to affect integrity, related to BASE. | |||||
| CVE-2012-3223 | 1 Oracle | 1 Financial Services Software | 2017-08-29 | 2.1 LOW | N/A |
| Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.0.5, 5.1.0, 5.2.0, 5.3.0 through 5.3.4, and 6.0.1 allows remote authenticated users to affect confidentiality, related to BASE. | |||||
| CVE-2012-3224 | 1 Oracle | 1 Financial Services Software | 2017-08-29 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.1.0, 5.2.0, and 5.3.0 through 5.3.4 allows remote authenticated users to affect confidentiality, related to BASE. | |||||
| CVE-2012-3225 | 1 Oracle | 1 Financial Services Software | 2017-08-29 | 3.6 LOW | N/A |
| Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.3.0 through 5.3.4 allows remote authenticated users to affect confidentiality and integrity, related to BASE. | |||||
| CVE-2012-3227 | 1 Oracle | 1 Financial Services Software | 2017-08-29 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0, and 11.0.0 through 11.2.0 allows remote authenticated users to affect integrity, related to BASE, a different vulnerability than CVE-2012-3141. | |||||
| CVE-2012-3228 | 1 Oracle | 1 Financial Services Software | 2017-08-29 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.0.5, 5.1.0, 5.2.0, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect integrity and availability, related to BASE. | |||||
| CVE-2012-3233 | 1 Kayako | 1 Fusion | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in __swift/thirdparty/PHPExcel/PHPExcel/Shared/JAMA/docs/download.php in Kayako Fusion 4.40.1148, and possibly before 4.50.1581, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||||
| CVE-2012-3234 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2017-08-29 | 7.5 HIGH | N/A |
| RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 do not properly handle codec frame sizes in RealAudio files, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) or possibly have unspecified other impact via a crafted file. | |||||
| CVE-2012-3258 | 1 Hp | 1 Operations Orchestration | 2017-08-29 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP Operations Orchestration 9.0 before 9.03 allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2012-3259 | 1 Hp | 1 Sitescope | 2017-08-29 | 10.0 HIGH | N/A |
| Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1461. | |||||
| CVE-2012-3267 | 1 Hp | 1 Network Node Manager I | 2017-08-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.20 allows remote attackers to obtain sensitive information via unknown vectors. | |||||
| CVE-2012-3269 | 1 Hp | 1 Performance Insight | 2017-08-29 | 7.5 HIGH | N/A |
| Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and 5.41, when Sybase is used, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-3270. | |||||
| CVE-2012-3271 | 1 Hp | 2 Integrated Lights-out 3 Firmware, Integrated Lights-out 4 Firmware | 2017-08-29 | 9.3 HIGH | N/A |
| Unspecified vulnerability on the HP Integrated Lights-Out 3 (aka iLO3) with firmware before 1.50 and Integrated Lights-Out 4 (aka iLO4) with firmware before 1.13 allows remote attackers to obtain sensitive information via unknown vectors. | |||||
| CVE-2012-3293 | 1 Ibm | 1 Websphere Application Server | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving FRAME elements, related to a cross-frame scripting (XFS) issue. | |||||
| CVE-2012-3294 | 1 Ibm | 2 Websphere Mq, Websphere Mq Managed File Transfer | 2017-08-29 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier, and WebSphere MQ - Managed File Transfer 7.5, allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add user accounts via the /wmqfteconsole/Filespaces URI, (2) modify permissions via the /wmqfteconsole/FileSpacePermisssions URI, or (3) add MQ Message Descriptor (MQMD) user accounts via the /wmqfteconsole/UploadUsers URI. | |||||
| CVE-2012-3295 | 1 Ibm | 1 Websphere Mq | 2017-08-29 | 4.3 MEDIUM | N/A |
| IBM WebSphere MQ 7.1, when an SVRCONN channel is used, allows remote attackers to bypass the security-configuration setup step and obtain queue-manager access via unspecified vectors. | |||||
| CVE-2012-3296 | 1 Ibm | 1 Power Hardware Management Console | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Help link in the login panel in IBM Power Hardware Management Console (HMC) 7R7.1.0 before SP4, 7R7.2.0 before SP2, and 7R7.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-3297 | 1 Ibm | 1 Tivoli Monitoring | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the embedded HTTP server in the Service Console in IBM Tivoli Monitoring 6.2.2 before 6.2.2-TIV-ITM-FP0009 and 6.3.2 before 6.2.3-TIV-ITM-FP0001 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. | |||||
| CVE-2012-3298 | 1 Ibm | 1 Websphere Commerce | 2017-08-29 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the REST services framework in IBM WebSphere Commerce 7.0 Feature Pack 4 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors. | |||||
| CVE-2012-3300 | 1 Ibm | 1 Websphere Commerce | 2017-08-29 | 2.6 LOW | N/A |
| IBM WebSphere Commerce 7.0 before 7.0.0.6, when persistent sessions and personalization IDs are enabled, allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors. | |||||
| CVE-2012-3301 | 1 Ibm | 1 Lotus Domino | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple CRLF injection vulnerabilities in the HTTP server in IBM Lotus Domino 8.5.x before 8.5.4 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input involving (1) Mozilla Firefox 3.0.9 and earlier or (2) unspecified browsers. | |||||
| CVE-2012-3302 | 1 Ibm | 1 Lotus Domino | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Domino 7.x and 8.x before 8.5.4 allow remote attackers to inject arbitrary web script or HTML via (1) a URL accessed during use of the Mail template in the WebMail UI or (2) a URL accessed during use of Domino Help through the Domino HTTP server. | |||||
| CVE-2012-3304 | 1 Ibm | 1 Websphere Application Server | 2017-08-29 | 6.8 MEDIUM | N/A |
| The Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hijack sessions via unspecified vectors. | |||||
| CVE-2012-3305 | 1 Ibm | 1 Websphere Application Server | 2017-08-29 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to overwrite arbitrary files via a crafted application file. | |||||
| CVE-2012-3306 | 1 Ibm | 1 Websphere Application Server | 2017-08-29 | 6.8 MEDIUM | N/A |
| IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1, when multi-domain support is configured, does not purge password data from the authentication cache, which has unspecified impact and remote attack vectors. | |||||
| CVE-2012-3308 | 1 Ibm | 1 Sametime | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Sametime 8.0.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via an IM chat. | |||||