CVE-2012-4582

McAfee Email and Web Security EWS 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway MEG 7.0 before Patch 1, allows remote authenticated users to reset the passwords of arbitrary administrative accounts via unspecified vectors...

CVE-2012-4583

McAfee Email and Web Security EWS 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway MEG 7.0 before Patch 1, allows remote authenticated users to obtain the session tokens of arbitrary users by navigating within the Dashboard...

CVE-2012-4585

CVE-2012-4585 affects McAfee Email and Web Security (EWS) 5.x prior to 5.5 Patch 6 and 5.6 prior to Patch 3, and McAfee Email Gateway (MEG) 7.0 prior to Patch 1. The vulnerability allows remote authenticated users to read arbitrary files via a crafted URL. The available documents do not provide e...

CVE-2012-4596

CVE-2012-4596 is a directory traversal vulnerability in McAfee Email Gateway (MEG) 7.0.0 and 7.0.1 . The issue allows remote authenticated users to bypass access restrictions and download arbitrary files via a crafted URL, potentially impacting confidentiality. The documents explicitly describe t...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allows remote attackers to bypass authentication by connecting with a SSL connection...

CVE-2012-2168

IBM Rational ClearQuest Web versions prior to 7.1.2.7 and 8.0.0.3 are affected by CVE-2012-2168, which allows remote authenticated users to obtain sensitive stack-trace information from CM server error messages via an invalid parameter. The issue is a information disclosure in ClearQuest Web erro...

CVE-2012-1585

OpenStack Compute Nova Essex before 2011.3 allows remote authenticated users to cause a denial of service Nova-API log file and disk consumption via a long server name...

CVE-2012-3249

CVE-2012-3249 affects HP Fortify Software Security Center versions 3.1, 3.3, 3.4, and 3.5. The issue allows remote authenticated users to obtain sensitive information via unspecified vectors. HP’s Security Bulletin notes a privileged information disclosure vulnerability and lists affected platfor...

CSRF on jmx-console allows invocation of operations on mbeans

Cross-site request forgery CSRF vulnerability in the JMX Console jmx-console in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests that...

CSRF on jmx-console allows invocation of operations on mbeans

Cross-site request forgery CSRF vulnerability in the JMX Console jmx-console in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests that...

CVE-2012-3445

The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain API calls with typed parameters, which might allow remote authenticated users to cause a denial of service libvirtd crash via an RPC command with nparams set to zero, which triggers an out-of-bounds read...

CVE-2012-1338

Cisco IOS 15.0 and 15.1 on Catalyst 3560 and 3750 series switches allows remote authenticated users to cause a denial of service device reload by completing local web authentication quickly, aka Bug ID CSCts88664...

CVE-2012-3864

Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request...

CVE-2012-1364

Cisco Unified Computing System UCS 1.4 and 2.0 allows remote authenticated users to cause a denial of service device reload via a malformed SNMP request to a Fabric Interconnect FI device, aka Bug ID CSCts32452...

krb5: kadmind denial of service

The check16dummy function in lib/kadm5/srv/svrprincipal.c in kadmind in MIT Kerberos 5 aka krb5 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows remote authenticated administrators to cause a denial of service NULL pointer dereference and daemon crash via a KRB5KDBDISALLOWALLTIX create request that...

CVE-2012-3426

OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by 1 creating new tokens through token chaining, 2 leveraging...

CVE-2012-3426

OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by 1 creating new tokens through token chaining, 2 leveraging...

CVE-2012-2163

IBM Scale Out Network Attached Storage SONAS 1.1 through 1.3.1 allows remote authenticated administrators to execute arbitrary Linux commands via the 1 Command Line Interface or 2 Graphical User Interface, related to a "code injection" issue...

CVE-2012-3426

OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by 1 creating new tokens through token chaining, 2 leveraging...

CVE-2012-2202

CVE-2012-2202 is a directory-traversal vulnerability affecting IBM Lotus Protector for Mail Security (versions 2.1, 2.5, 2.5.1, 2.8) and IBM Proventia Network Mail Security System. The issue is in javatester_init.php where an unvalidated parameter (after authentication) enables an arbitrary file ...