Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-06-12 | CVE-2012-1868 | Race Condition vulnerability in Microsoft Windows XP Race condition in the thread-creation implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application, aka "Win32k.sys Race Condition Vulnerability." | 6.9 |
| 2012-06-12 | CVE-2012-1857 | Cross-Site Scripting vulnerability in Microsoft Dynamics AX 2012 Cross-site scripting (XSS) vulnerability in the Enterprise Portal component in Microsoft Dynamics AX 2012 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Dynamics AX Enterprise Portal XSS Vulnerability." | 4.3 |
| 2012-06-12 | CVE-2012-1849 | Unspecified vulnerability in Microsoft Lync 2010 Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading Vulnerability." Per: http://technet.microsoft.com/en-us/security/bulletin/ms12-039 AV:N per "How could an attacker exploit the vulnerability? An attacker could convince a user to open a legitimate Microsoft Lync related file (such as an .ocsmeet file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. | 9.3 |
| 2012-06-12 | CVE-2012-0217 | Buffer Errors vulnerability in Freebsd The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. | 7.2 |
| 2012-06-12 | CVE-2012-0677 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist. | 9.3 |
| 2012-06-11 | CVE-2012-2959 | Cross-Site Request Forgery (CSRF) vulnerability in BMC Identity Management Suite 7.5.00.103 Cross-site request forgery (CSRF) vulnerability in password-manager/changePasswords.do in BMC Identity Management Suite 7.5.00.103 allows remote attackers to hijack the authentication of administrators for requests that change passwords. | 5.1 |
| 2012-06-11 | CVE-2012-1825 | Cross-Site Scripting vulnerability in Forescout Counteract 6.3.3.2/6.3.4.10 Multiple cross-site scripting (XSS) vulnerabilities in the status program on the ForeScout CounterACT appliance with software 6.3.3.2 through 6.3.4.10 allow remote attackers to inject arbitrary web script or HTML via (1) the loginname parameter in a forgotpass action or (2) the username parameter. | 4.3 |
| 2012-06-09 | CVE-2012-3343 | Cross-Site Request Forgery (CSRF) vulnerability in Bloxx web Filtering Cross-site request forgery (CSRF) vulnerability in Microdasys before 3.5.1-B708, as used in Bloxx Web Filtering before 5.0.14 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that trigger error pages containing XSS sequences, a different vulnerability than CVE-2012-2564. | 6.8 |
| 2012-06-09 | CVE-2012-2566 | Permissions, Privileges, and Access Controls vulnerability in Bloxx web Filtering Bloxx Web Filtering before 5.0.14 does not properly interpret X-Forwarded-For headers during access-control and logging operations for HTTPS connection attempts, which allows remote attackers to bypass intended IP address and domain restrictions, and trigger misleading log entries, via a crafted header. | 5.0 |
| 2012-06-09 | CVE-2012-2565 | Permissions, Privileges, and Access Controls vulnerability in Bloxx web Filtering Bloxx Web Filtering before 5.0.14 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table approach. | 5.8 |