CVE-2012-1064
published 2013-02-06CVE-2012-1064: Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to…
PriorityP416medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.37%
68.4th percentile
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| emc | rsa_archer_egrc | — | — |
| emc | rsa_archer_egrc | — | — |
| emc | rsa_archer_egrc | — | — |
| emc | rsa_archer_smartsuite | — | — |
| emc | rsa_archer_smartsuite | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat4.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m3vm-2hvx-m27f: Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer SmartSuite Framework 4
ghsa_unreviewed·2022-05-17
CVE-2012-1064 [MEDIUM] CWE-79 GHSA-m3vm-2hvx-m27f: Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer SmartSuite Framework 4
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Red Hat
kernel: cred: copy_process() should clear child->replacement_session_keyring
vendor_redhat·2012-07-10·CVSS 4.7
CVE-2012-2745 [MEDIUM] kernel: cred: copy_process() should clear child->replacement_session_keyring
kernel: cred: copy_process() should clear child->replacement_session_keyring
The copy_creds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users to cause a denial of service (panic) via a crafted application that uses the fork system call.
Statement: This issue did not affect the versions of the Linux kernel as shipped with Red
Hat Enterprise Linux 5 as they did not include support for
KEYCTL_SESSION_TO_PARENT keyctl IOCTL as introduced in upstream commit ee18d64c.
This issue did not affect the versions of the Linux kernel as shipped with Red
Hat Enterprise Linux MRG 2 as they already contain the fix.
This issue was addressed in Red Hat Enterprise Linux 6 via RHSA-2012:1064 https://rhn.redh
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2013-02-06
Published