CVSS: 4.3EPSS: 0%CPEs: 47EXPL: 2CVE-2012-3867 – puppet: insufficient validation of agent names in CN of SSL certificate requests
https://notcve.org/view.php?id=CVE-2012-3867
lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences. lib/puppet/ssl/certificate_authority.rb en Puppet anteriores a v2.6.17 y v2.7.x anteriores a v2.7.18, y Puppet Enterprise anterior a v2.5.2, no restringe de forma adecuada los caracteres en el campo Common Name de una Certificate Signing Request (CSR), lo que facilita a atacantes remotos asistidos por usuarios a engañar a los administradores para firmar un certificado manipulado a través de secuencias de control ANSI. • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html http://puppetlabs.com/security/cve/cve-2012-3867 http://secunia.com/advisories/50014 http://www.debian.org/security/2012/dsa-2511 http://www.ubuntu.com/usn/USN-1506-1 https://bugzilla.redhat.com/show_bug.cgi?id=839158 https://github.com/puppetlabs/puppet/commit/dfedaa5fa841ccf335245a748b347b7c7c236640 https://github.com/puppetlabs/puppet/commit/f3419620b4 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 174EXPL: 0CVE-2012-1717 – OpenJDK: insecure temporary file permissions (JRE, 7143606)
https://notcve.org/view.php?id=CVE-2012-1717
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux. Vulnerabilidad no especificada en el Java Runtime Environment (JRE), componente de Oracle Java SE 7 Update 4 y anteriores, 6 Update 32 y anteriores, 5 actualización 35 y anteriores, y v1.4.2_37 y anteriores permite a usuarios locales afectar la confidencialidad a través de vectores desconocidos relacionados con el la impresión en Solaris o Linux. • http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00035.html http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-June/019076.html http://rhn.redhat.com/errata/RHSA-2012-0734.html http://rhn.redhat.com/errata/RHSA-2012-1243.html http://rhn.redhat& • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.3EPSS: 1%CPEs: 25EXPL: 0CVE-2012-2037 – flash-plugin: multiple code execution flaws (APSB12-14)
https://notcve.org/view.php?id=CVE-2012-2037
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2034. Adobe Flash Player anterior a v10.3.183.20 y v11.x anterior a v11.3.300.257 en Windows y Mac OS X; anterior a v10.3.183.20 y v11.x anterior a v11.2.202.236 en Linux; anterior a v11.1.111.10 en Android v2.x y v3.x; y anterior a v11.1.115.9 en Android v4.x, y Adobe AIR anterior a v3.3.0.3610, permite a atacantes ejecutar comandos o provocar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, es una vulnerabilidad distinta a CVE-2012-2034. • http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00007.html http://rhn.redhat.com/errata/RHSA-2012-0722.html http://www.adobe.com/support/security/bulletins/apsb12-14.html https://access.redhat.com/security/cve/CVE-2012-2037 https://bugzilla.redhat.com/show_bug.cgi?id=830310 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 25EXPL: 0CVE-2012-2034 – Adobe Flash Player Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2012-2034
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2037. Adobe Flash Player anterior a v10.3.183.20 y v11.x anterior a v11.3.300.257 en Windows y Mac OS X; anterior a v10.3.183.20 y v11.x anterior a v11.2.202.236 en Linux; anterior a v11.1.111.10 en Android v2.x y v3.x; y anterior a v11.1.115.9 en Android v4.x, y Adobe AIR anterior a v3.3.0.3610, permite a atacantes ejecutar comandos o provocar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, es una vulnerabilidad distinta a CVE-2012-2034. Adobe Flash Player contains a memory corruption vulnerability that allows for remote code execution or denial-of-service (DoS). • http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00007.html http://rhn.redhat.com/errata/RHSA-2012-0722.html http://www.adobe.com/support/security/bulletins/apsb12-14.html https://access.redhat.com/security/cve/CVE-2012-2034 https://bugzilla.redhat.com/show_bug.cgi?id=830310 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 17EXPL: 0CVE-2012-2040
https://notcve.org/view.php?id=CVE-2012-2040
Untrusted search path vulnerability in the installer in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows local users to gain privileges via a Trojan horse executable file in an unspecified directory. Vulnerabilidad de path de búsqueda no seguro en el instalador de Adobe Flash Player anteriores a v10.3.183.20 y 11.x anteriores a v11.3.300.257 en Windows y Mac OS X; anteriores a v10.3.183.20 y 11.x anteriores a v11.2.202.236 en Linux; anteriores a v11.1.111.10 en Android v2.x y v3.x; y anteriores a vv11.1.115.9 en Android v4.x, y Adobe AIR anteriores a v3.3.0.3610, permite a usuarios locales obtener privilegios a través de un programa troyano en un fichero no especificado. • http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00007.html http://www.adobe.com/support/security/bulletins/apsb12-14.html • CWE-426: Untrusted Search Path •