Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2012-10-29	CVE-2012-4194	Cross-Site Scripting vulnerability in multiple products Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 do not prevent use of the valueOf method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin. network mozilla opensuse suse canonical redhat CWE-79	4.3
2012-10-03	CVE-2012-3489	XXE vulnerability in multiple products The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue. network low complexity postgresql opensuse apple canonical debian redhat CWE-611	6.5
2012-08-31	CVE-2012-3534	Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products GNU Gatekeeper before 3.1 does not limit the number of connections to the status port, which allows remote attackers to cause a denial of service (connection and thread consumption) via a large number of connections. network low complexity opensuse gnugk CWE-119	5.0
2012-08-29	CVE-2012-3976	Information Exposure vulnerability in multiple products Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page. network mozilla opensuse suse redhat canonical CWE-200	4.3
2012-08-29	CVE-2012-3972	Information Exposure vulnerability in multiple products The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based buffer over-read. network low complexity mozilla opensuse suse redhat canonical debian CWE-200	5.0
2012-08-06	CVE-2012-3867	Permissions, Privileges, and Access Controls vulnerability in multiple products lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences. network puppet puppetlabs debian canonical opensuse suse CWE-264	4.3
2012-07-22	CVE-2009-5031	Cross-Site Scripting vulnerability in multiple products ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the Content-Disposition field of a request with a multipart/form-data Content-Type header. network trustwave opensuse CWE-79	4.3
2012-06-09	CVE-2012-2038	Information Exposure vulnerability in multiple products Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. network adobe opensuse suse redhat CWE-200	4.3
2012-06-05	CVE-2012-1798	Out-Of-Bounds Read vulnerability in Imagemagick The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image. network imagemagick debian redhat opensuse CWE-125	4.3
2012-06-05	CVE-2012-1610	Integer Overflow OR Wraparound vulnerability in multiple products Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service (out-of-bounds read) via a large component count for certain EXIF tags in a JPEG image. network low complexity imagemagick debian canonical opensuse CWE-190	5.0