CVEs from 2012
Total
5,200
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
3.2%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-4883 | medium | — | 6.9 | 14y ago | Multiple untrusted search path vulnerabilities in 3DVIA Composer V6R2012 HF1 Build 6.8.1.1652 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) ibfs32.dll file in the curr… | |||
| CVE-2012-4882 | medium | — | 6.9 | 14y ago | Multiple untrusted search path vulnerabilities in 3D XML Player 6.212.13.12076 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) JT0DevPhase.dll file in the current workin… | |||
| CVE-2012-4881 | medium | — | 6.9 | 14y ago | Untrusted search path vulnerability in moviEZ HD 1.0 Build 2554-29894-A allows local users to gain privileges via a Trojan horse avrt.dll file in the current working directory, as demonstrated by a d… | |||
| CVE-2012-4880 | medium | — | 6.9 | 14y ago | Multiple untrusted search path vulnerabilities in DVD Architect Pro 5.2 Build 133 and DVD Architect Studio 5.0 Build 156 allow local users to gain privileges via a Trojan horse (1) enc_mp2v.200 or (2… | |||
| CVE-2012-4866 | medium | — | 6.9 | 14y ago | Untrusted search path vulnerability in Xtreme RAT 3.5 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder a… | |||
| CVE-2012-4759 | medium | — | 6.9 | 14y ago | Untrusted search path vulnerability in facebook_plugin.fpi in the Facebook plug-in in Foxit Reader 5.3.1.0606 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current w… | |||
| CVE-2012-4758 | medium | — | 6.9 | 14y ago | Multiple untrusted search path vulnerabilities in CyberLink PowerProducer 5.5.3.2325 allow local users to gain privileges via a Trojan horse (1) mfc71loc.dll or (2) mfc71enu.dll file in the current w… | |||
| CVE-2012-4757 | medium | — | 6.9 | 14y ago | Multiple untrusted search path vulnerabilities in CyberLink StreamAuthor 4.0 build 3308 allow local users to gain privileges via a Trojan horse (1) mfc71loc.dll or (2) mfc71enu.dll file in the curren… | |||
| CVE-2012-4756 | medium | — | 6.9 | 14y ago | Multiple untrusted search path vulnerabilities in CyberLink LabelPrint 2.5.3602 allow local users to gain privileges via a Trojan horse (1) mfc71loc.dll or (2) mfc71enu.dll file in the current workin… | |||
| CVE-2012-4755 | medium | — | 6.9 | 14y ago | Untrusted search path vulnerability in SciTools Understand before 2.6 build 600 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonst… | |||
| CVE-2012-3974 | medium | — | 6.9 | 14y ago | Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 on Windows allows … | |||
| CVE-2012-3486 | medium | — | 6.9 | 14y ago | Tunnelblick 3.3beta20 and earlier allows local users to gain privileges via an OpenVPN configuration file that specifies execution of a script upon occurrence of an OpenVPN event. | |||
| CVE-2012-3015 | medium | — | 6.9 | 14y ago | Untrusted search path vulnerability in Siemens SIMATIC STEP7 before 5.5 SP1, as used in SIMATIC PCS7 7.1 SP3 and earlier and other products, allows local users to gain privileges via a Trojan horse D… | |||
| CVE-2012-3005 | medium | — | 6.9 | 14y ago | Untrusted search path vulnerability in Invensys Wonderware InTouch 2012 and earlier, as used in Wonderware Application Server, Wonderware Information Server, Foxboro Control Software, InFusion CE/FE/… | |||
| CVE-2012-4054 | medium | — | 6.9 | 14y ago | Buffer overflow in the readfile function in CPE17 Autorun Killer 1.7.1 and earlier allows physically proximate attackers to execute arbitrary code via a crafted inf file. | |||
| CVE-2012-1894 | medium | — | 6.9 | 14y ago | Microsoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, which allows local users to gain privileges by pla… | |||
| CVE-2012-2179 | medium | — | 6.9 | 14y ago | libodm.a in IBM AIX 5.3, 6.1, and 7.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | |||
| CVE-2012-0304 | medium | — | 6.9 | 14y ago | Symantec LiveUpdate Administrator before 2.3.1 uses weak permissions (Everyone: Full Control) for the installation directory, which allows local users to gain privileges via a Trojan horse file. | |||
| CVE-2012-2753 | medium | — | 6.9 | 14y ago | Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and E80.x on the VPN blade platform, Endpoint Security VPN R75, Endpoint … | |||
| CVE-2012-1868 | medium | — | 6.9 | 14y ago | Race condition in the thread-creation implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application, aka "Win32k.… | |||
| CVE-2012-1943 | medium | — | 6.9 | 14y ago | Untrusted search path vulnerability in Updater.exe in the Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allows local users to gain privileges via a T… | |||
| CVE-2012-1053 | medium | — | 6.9 | 14y ago | The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 … | |||
| CVE-2012-2010 | medium | — | 6.9 | 14y ago | The ACMELOGIN implementation in HP OpenVMS 8.3 and 8.4 on the Alpha platform, and 8.3, 8.3-1H1, and 8.4 on the Itanium platform, when the SYS$ACM system service is enabled, allows local users to gain… | |||
| CVE-2012-0656 | medium | — | 6.9 | 14y ago | Race condition in LoginUIFramework in Apple Mac OS X 10.7.x before 10.7.4, when the Guest account is enabled, allows physically proximate attackers to login to arbitrary accounts by entering the acco… | |||
| CVE-2012-0649 | medium | — | 6.9 | 14y ago | Race condition in the initialization routine in blued in Bluetooth in Apple Mac OS X before 10.7.4 allows local users to gain privileges via vectors involving a temporary file. | |||
| CVE-2012-0279 | medium | — | 6.9 | 14y ago | Quest Toad for Data Analysts 3.0.1 uses weak permissions (Everyone: Full Control) for the %COMMONPROGRAMFILES%\Quest Shared directory, which allows local users to gain privileges via a Trojan horse f… | |||
| CVE-2012-1242 | medium | — | 6.9 | 14y ago | Untrusted search path vulnerability in JustSystems Ichitaro 2011 Sou, Ichitaro 2006 through 2011, Ichitaro Government 2006 through 2010, Ichitaro Portable with oreplug, Ichitaro Viewer, JUST School, … | |||
| CVE-2012-0883 | medium | — | 6.9 | 14y ago | envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the … | |||
| CVE-2012-0008 | medium | — | 6.9 | 14y ago | Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual St… | |||
| CVE-2012-0644 | medium | — | 6.9 | 14y ago | Race condition in the Passcode Lock feature in Apple iOS before 5.1 allows physically proximate attackers to bypass intended passcode requirements via a slide-to-dial gesture. | |||
| CVE-2012-0056 | medium | — | 6.9 | 15y ago | The mem_write function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when writing to /proc/<pid>/mem, which allows local users to gain privileges by mod… | |||
| CVE-2012-0005 | medium | — | 6.9 | 15y ago | The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean syste… | |||
| CVE-2012-5485 | medium | — | 6.8 | 4y ago | registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface. | |||
| CVE-2012-1978 | medium | — | 6.8 | 11y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Simple PHP Agenda 2.2.8 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an ad… | |||
| CVE-2012-4902 | medium | — | 6.8 | 11y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Template CMS 2.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create an admi… | |||
| CVE-2012-6691 | medium | — | 6.8 | 11y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to hijack the authentication of administrators for requests that conduct SQ… | |||
| CVE-2012-2930 | medium | — | 6.8 | 11y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user … | |||
| CVE-2012-1415 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in lib/logout.php in DFLabs PTK 1.0.5 and earlier allows remote attackers to hijack the authentication of administrators or investigators for requests … | |||
| CVE-2012-1203 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in starnet/index.php in SyndeoCMS 3.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user acc… | |||
| CVE-2012-5242 | medium | — | 6.8 | 12y ago | Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parame… | |||
| CVE-2012-5695 | medium | — | 6.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of administrator… | |||
| CVE-2012-5694 | medium | — | 6.8 | 12y ago | Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the (1) agentPhNo, (2) controlPhNo… | |||
| CVE-2012-5701 | medium | — | 6.8 | 12y ago | Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search_string or (2) where parameter in a con… | |||
| CVE-2012-5683 | medium | — | 6.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in ZPanel 10.0.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create new FTP user… | |||
| CVE-2012-5395 | medium | — | 6.8 | 12y ago | Session fixation vulnerability in the CentralAuth extension for MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the centrala… | |||
| CVE-2012-5391 | medium | — | 6.8 | 12y ago | Session fixation vulnerability in Special:UserLogin in MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the session_id. | |||
| CVE-2012-5649 | medium | — | 6.8 | 12y ago | Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP callback, related to Adobe Flash. | |||
| CVE-2012-6342 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in logout.action in Atlassian Confluence 3.4.6 allows remote attackers to hijack the authentication of administrators for requests that logout the user… | |||
| CVE-2012-5422 | medium | — | 6.8 | 12y ago | Unspecified vulnerability in Cisco IOS before 15.3(2)T on AS5400 devices allows remote authenticated users to cause a denial of service (spurious errors) via unknown vectors, aka Bug ID CSCub61009. | |||
| CVE-2012-5036 | medium | — | 6.8 | 12y ago | Cisco IOS before 12.2(50)SY1 allows remote authenticated users to cause a denial of service (memory consumption) via a sequence of VTY management sessions (aka exec sessions), aka Bug ID CSCtn43662. | |||
| CVE-2012-5017 | medium | — | 6.8 | 12y ago | Cisco IOS before 15.1(1)SY1 allows remote authenticated users to cause a denial of service (device reload) by establishing a VPN session and then sending malformed IKEv2 packets, aka Bug ID CSCub3926… | |||
| CVE-2012-4921 | medium | — | 6.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the DVS Custom Notification plugin 1.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators … | |||
| CVE-2012-3406 | medium | — | 6.8 | 13y ago | The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SP… | |||
| CVE-2012-6493 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Security Console before 5.5.4 allows remote attackers to hijack the authentication of unspecified victims for requests that delete sc… | |||
| CVE-2012-6631 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in accounts/admin/index.php in Vessio NetBill 1.2 allows remote attackers to hijack the authentication of administrators for requests that add accounts… | |||
| CVE-2012-6629 | medium | — | 6.8 | 13y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Newsletter Manager plugin 1.0.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for r… | |||
| CVE-2012-5394 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the CentralAuth extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to hijack the authenti… | |||
| CVE-2012-6303 | medium | — | 6.8 | 13y ago | Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile.c in the Snack Sound Toolkit, as used in WaveSurfer 1.8.8p4, allows remote attackers to cause a denial of service (crash… | |||
| CVE-2012-0826 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the Aggregator module in Drupal 6.x before 6.23 and 7.x before 7.11 allows remote attackers to hijack the authentication of unspecified victims for … | |||
| CVE-2012-0825 | medium | — | 6.8 | 13y ago | Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without det… | |||
| CVE-2012-4112 | medium | — | 6.8 | 13y ago | The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary commands via crafted command parameters within the comman… | |||
| CVE-2012-4121 | medium | — | 6.8 | 13y ago | Cisco NX-OS allows local users to gain privileges, and read or modify arbitrary files, via the sed (1) r and (2) w commands, aka Bug IDs CSCts56559, CSCts56565, CSCts56570, and CSCts56574. | |||
| CVE-2012-4077 | medium | — | 6.8 | 13y ago | Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via the sed e option, aka Bug IDs CSCtf25457 and CSCtf27651. | |||
| CVE-2012-4076 | medium | — | 6.8 | 13y ago | Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in a command that calls the system library function, aka Bug IDs CSCtf23559 and CSCtf27780. | |||
| CVE-2012-4108 | medium | — | 6.8 | 13y ago | The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary operating-system commands via crafted parameters to a file-relate… | |||
| CVE-2012-4106 | medium | — | 6.8 | 13y ago | The fabric-interconnect component in Cisco Unified Computing System (UCS) uses the same privilege level for execution of every script, which allows local users to gain privileges and execute arbitrar… | |||
| CVE-2012-4084 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the web-management interface in the fabric interconnect (FI) component in Cisco Unified Computing System (UCS) allows remote attackers to hijack the… | |||
| CVE-2012-4136 | medium | — | 6.8 | 13y ago | The high-availability service in the Fabric Interconnect component in Cisco Unified Computing System (UCS) does not properly bind the cluster service to the management interface, which allows remote … | |||
| CVE-2012-4111 | medium | — | 6.8 | 13y ago | The create certreq command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bu… | |||
| CVE-2012-4110 | medium | — | 6.8 | 13y ago | run-script in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86560. | |||
| CVE-2012-4109 | medium | — | 6.8 | 13y ago | The clear sshkey command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug … | |||
| CVE-2012-4103 | medium | — | 6.8 | 13y ago | ethanalyzer in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq02686. | |||
| CVE-2012-4102 | medium | — | 6.8 | 13y ago | The activate firmware command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka… | |||
| CVE-2012-3323 | medium | — | 6.8 | 13y ago | IBM Maximo Asset Management 6.2 before 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.3 allows remote attackers to gain privileges via unspecified vectors. | |||
| CVE-2012-4082 | medium | — | 6.8 | 13y ago | MCTools in the Cisco Management Controller in Cisco Unified Computing System (UCS) allows local users to gain privileges by entering crafted command-line parameters on a Fabric Interconnect device, a… | |||
| CVE-2012-6562 | medium | — | 6.8 | 13y ago | engine/lib/users.php in Elgg before 1.8.5 does not properly specify permissions for the useradd action, which allows remote attackers to create arbitrary accounts. | |||
| CVE-2012-0864 | medium | — | 6.8 | 13y ago | Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct for… | |||
| CVE-2012-5950 | medium | — | 6.8 | 13y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to hijack the authentication of arbitrary users fo… | |||
| CVE-2012-3532 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the GateIn Portal component in JBoss Enterprise Portal Platform 5.2.2 and earlier allows remote attackers to hijack the authentication of unspecifie… | |||
| CVE-2012-5216 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability on HP ProCurve 1700-8 (aka J9079A) switches with software before VA.02.09 and 1700-24 (aka J9080A) switches with software before VB.02.09 allows remote… | |||
| CVE-2012-4446 | medium | — | 6.8 | 13y ago | Improper Authentication in Apache Qpid | |||
| CVE-2012-1998 | medium | — | 6.8 | 13y ago | Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7.0 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, a diff… | |||
| CVE-2012-5212 | medium | — | 6.8 | 13y ago | Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive … | |||
| CVE-2012-5763 | medium | — | 6.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote attackers to hijack the authentication of unspecified victims … | |||
| CVE-2012-5199 | medium | — | 6.8 | 14y ago | Unspecified vulnerability in HP ArcSight Connector Appliance 6.3 and earlier and ArcSight Logger 5.2 and earlier allows remote authenticated users to execute arbitrary code via unknown vectors. | |||
| CVE-2012-2294 | medium | — | 6.8 | 14y ago | EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to conduct clickjacking attacks via a crafted web page. | |||
| CVE-2012-0874 | medium | — | 6.8 | 14y ago | The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and … | |||
| CVE-2012-6103 | medium | — | 6.8 | 14y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in user/messageselect.php in the messaging system in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote atta… | |||
| CVE-2012-6518 | medium | — | 6.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in mod.php in DiY-CMS 1.0 allows remote attackers to hijack the authentication of administrators for requests that create a poll via an add action to t… | |||
| CVE-2012-6508 | medium | — | 6.8 | 14y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in NetArt Media Car Portal 3.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change arbitrary … | |||
| CVE-2012-1922 | medium | — | 6.8 | 14y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Sitecom WLM-2501 allow remote attackers to hijack the authentication of administrators for requests that modify settings for (1) Mac Filt… | |||
| CVE-2012-5060 | medium | — | 6.8 | 14y ago | Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability, related to GIS Extension. | |||
| CVE-2012-5156 | medium | — | 6.8 | 14y ago | Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving PDF fields. | |||
| CVE-2012-5151 | medium | — | 6.8 | 14y ago | Integer overflow in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code in a PDF document. | |||
| CVE-2012-6498 | medium | — | 6.8 | 14y ago | Unrestricted file upload vulnerability in index.php in Atomymaxsite 2.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing … | |||
| CVE-2012-5581 | medium | — | 6.8 | 14y ago | Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF … | |||
| CVE-2012-0861 | medium | — | 6.8 | 14y ago | The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vds_bootstrap.py, which prevents … | |||
| CVE-2012-6434 | medium | — | 6.8 | 14y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in e107_admin/download.php in e107 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL… | |||
| CVE-2012-6433 | medium | — | 6.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in e107_admin/newspost.php in e107 1.0.1 allows remote attackers to hijack the authentication of administrators for requests that conduct XSS attacks v… | |||
| CVE-2012-5445 | medium | — | 6.8 | 14y ago | The kernel in Cisco Native Unix (CNU) on Cisco Unified IP Phone 7900 series devices (aka TNP phones) with software before 9.3.1-ES10 does not properly validate unspecified system calls, which allows … |