CVEs from 2012
Total
5,200
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.7%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-5660 | medium | — | 6.9 | 13y ago | abrt-action-install-debuginfo in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to set world-writable permissions for arbitrary files and possibly gain privileges via a syml… | |||
| CVE-2012-4351 | medium | — | 6.9 | 14y ago | Integer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 allows local users to gain privileges via a crafted application. | |||
| CVE-2012-4696 | medium | — | 6.9 | 14y ago | Buffer overflow in Beijer ADP 6.5.0-180_R1967 and 6.5.1-186_R2942, and H-Designer 6.5.0 B180_R1967, allows local users to gain privileges by inserting a long string into a DLL file. | |||
| CVE-2012-2137 | medium | — | 6.9 | 14y ago | Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Linux kernel before 3.2.24 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via vectors r… | |||
| CVE-2012-5513 | medium | — | 6.9 | 14y ago | The XENMEM_exchange handler in Xen 4.2 and earlier does not properly check the memory address, which allows local PV guest OS administrators to cause a denial of service (crash) or possibly gain priv… | |||
| CVE-2012-3317 | medium | — | 6.9 | 14y ago | IBM WebSphere Message Broker 6.1 before 6.1.0.11, 7.0 before 7.0.0.5, and 8.0 before 8.0.0.2 has incorrect ownership of certain uninstaller Java Runtime Environment (JRE) files, which might allow loc… | |||
| CVE-2012-6035 | medium | — | 6.9 | 14y ago | The do_tmem_destroy_pool function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly validate pool ids, which allows local guest OS users to cause a denial of service (memor… | |||
| CVE-2012-3516 | medium | — | 6.9 | 14y ago | The GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall in Xen 4.2 and Citrix XenServer 6.0.2 allows local guest kernels or administrators to cause a denial of service (host crash) and… | |||
| CVE-2012-3497 | medium | — | 6.9 | 14y ago | (1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2) TMEMC_SAVE_GET_CLIENT_CAP, (3) TMEMC_SAVE_GET_CLIENT_FLAGS and (4) TMEMC_SAVE_END in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS… | |||
| CVE-2012-4206 | medium | — | 6.9 | 14y ago | Untrusted search path vulnerability in the installer in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 on Windows allows local users to gain privileges via a Trojan horse DLL in the … | |||
| CVE-2012-4613 | medium | — | 6.9 | 14y ago | EMC RSA Data Protection Manager Appliance 2.7.x and 3.x before 3.2.1 does not properly restrict the number of authentication attempts by a user account, which makes it easier for local users to bypas… | |||
| CVE-2012-3187 | medium | — | 6.9 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel. | |||
| CVE-2012-5303 | medium | — | 6.9 | 14y ago | Monkey HTTP Daemon 0.9.3 might allow local users to overwrite arbitrary files via a symlink attack on a PID file, as demonstrated by a pathname different from the default /var/run/monkey.pid pathname. | |||
| CVE-2012-4897 | medium | — | 6.9 | 14y ago | Untrusted search path vulnerability in the installer in VMware Movie Decoder before 9.0 allows local users to gain privileges via a Trojan horse executable file in the installer directory. | |||
| CVE-2012-4443 | medium | — | 6.9 | 14y ago | Monkey HTTP Daemon 0.9.3 uses a real UID of root and a real GID of root during execution of CGI scripts, which might allow local users to gain privileges by leveraging cgi-bin write access. | |||
| CVE-2012-3728 | medium | — | 6.9 | 14y ago | The kernel in Apple iOS before 6 dereferences invalid pointers during the handling of packet-filter data structures, which allows local users to gain privileges via a crafted program that makes packe… | |||
| CVE-2012-3052 | medium | — | 6.9 | 14y ago | Untrusted search path vulnerability in Cisco VPN Client 5.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka Bug ID CSCua28747. | |||
| CVE-2012-3004 | medium | — | 6.9 | 14y ago | Multiple untrusted search path vulnerabilities in RealFlex RealWin before 2.1.13, FlexView before 3.1.86, and RealWinDemo before 2.1.13 allow local users to gain privileges via a Trojan horse (1) rea… | |||
| CVE-2012-4883 | medium | — | 6.9 | 14y ago | Multiple untrusted search path vulnerabilities in 3DVIA Composer V6R2012 HF1 Build 6.8.1.1652 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) ibfs32.dll file in the curr… | |||
| CVE-2012-4882 | medium | — | 6.9 | 14y ago | Multiple untrusted search path vulnerabilities in 3D XML Player 6.212.13.12076 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) JT0DevPhase.dll file in the current workin… | |||
| CVE-2012-4881 | medium | — | 6.9 | 14y ago | Untrusted search path vulnerability in moviEZ HD 1.0 Build 2554-29894-A allows local users to gain privileges via a Trojan horse avrt.dll file in the current working directory, as demonstrated by a d… | |||
| CVE-2012-4880 | medium | — | 6.9 | 14y ago | Multiple untrusted search path vulnerabilities in DVD Architect Pro 5.2 Build 133 and DVD Architect Studio 5.0 Build 156 allow local users to gain privileges via a Trojan horse (1) enc_mp2v.200 or (2… | |||
| CVE-2012-4866 | medium | — | 6.9 | 14y ago | Untrusted search path vulnerability in Xtreme RAT 3.5 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder a… | |||
| CVE-2012-4759 | medium | — | 6.9 | 14y ago | Untrusted search path vulnerability in facebook_plugin.fpi in the Facebook plug-in in Foxit Reader 5.3.1.0606 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current w… | |||
| CVE-2012-4758 | medium | — | 6.9 | 14y ago | Multiple untrusted search path vulnerabilities in CyberLink PowerProducer 5.5.3.2325 allow local users to gain privileges via a Trojan horse (1) mfc71loc.dll or (2) mfc71enu.dll file in the current w… | |||
| CVE-2012-4757 | medium | — | 6.9 | 14y ago | Multiple untrusted search path vulnerabilities in CyberLink StreamAuthor 4.0 build 3308 allow local users to gain privileges via a Trojan horse (1) mfc71loc.dll or (2) mfc71enu.dll file in the curren… | |||
| CVE-2012-4756 | medium | — | 6.9 | 14y ago | Multiple untrusted search path vulnerabilities in CyberLink LabelPrint 2.5.3602 allow local users to gain privileges via a Trojan horse (1) mfc71loc.dll or (2) mfc71enu.dll file in the current workin… | |||
| CVE-2012-4755 | medium | — | 6.9 | 14y ago | Untrusted search path vulnerability in SciTools Understand before 2.6 build 600 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonst… | |||
| CVE-2012-3974 | medium | — | 6.9 | 14y ago | Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 on Windows allows … | |||
| CVE-2012-3486 | medium | — | 6.9 | 14y ago | Tunnelblick 3.3beta20 and earlier allows local users to gain privileges via an OpenVPN configuration file that specifies execution of a script upon occurrence of an OpenVPN event. | |||
| CVE-2012-3015 | medium | — | 6.9 | 14y ago | Untrusted search path vulnerability in Siemens SIMATIC STEP7 before 5.5 SP1, as used in SIMATIC PCS7 7.1 SP3 and earlier and other products, allows local users to gain privileges via a Trojan horse D… | |||
| CVE-2012-3005 | medium | — | 6.9 | 14y ago | Untrusted search path vulnerability in Invensys Wonderware InTouch 2012 and earlier, as used in Wonderware Application Server, Wonderware Information Server, Foxboro Control Software, InFusion CE/FE/… | |||
| CVE-2012-1894 | medium | — | 6.9 | 14y ago | Microsoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, which allows local users to gain privileges by pla… | |||
| CVE-2012-0304 | medium | — | 6.9 | 14y ago | Symantec LiveUpdate Administrator before 2.3.1 uses weak permissions (Everyone: Full Control) for the installation directory, which allows local users to gain privileges via a Trojan horse file. | |||
| CVE-2012-2753 | medium | — | 6.9 | 14y ago | Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and E80.x on the VPN blade platform, Endpoint Security VPN R75, Endpoint … | |||
| CVE-2012-1868 | medium | — | 6.9 | 14y ago | Race condition in the thread-creation implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application, aka "Win32k.… | |||
| CVE-2012-1943 | medium | — | 6.9 | 14y ago | Untrusted search path vulnerability in Updater.exe in the Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allows local users to gain privileges via a T… | |||
| CVE-2012-1053 | medium | — | 6.9 | 14y ago | The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 … | |||
| CVE-2012-2010 | medium | — | 6.9 | 14y ago | The ACMELOGIN implementation in HP OpenVMS 8.3 and 8.4 on the Alpha platform, and 8.3, 8.3-1H1, and 8.4 on the Itanium platform, when the SYS$ACM system service is enabled, allows local users to gain… | |||
| CVE-2012-0656 | medium | — | 6.9 | 14y ago | Race condition in LoginUIFramework in Apple Mac OS X 10.7.x before 10.7.4, when the Guest account is enabled, allows physically proximate attackers to login to arbitrary accounts by entering the acco… | |||
| CVE-2012-0649 | medium | — | 6.9 | 14y ago | Race condition in the initialization routine in blued in Bluetooth in Apple Mac OS X before 10.7.4 allows local users to gain privileges via vectors involving a temporary file. | |||
| CVE-2012-0279 | medium | — | 6.9 | 14y ago | Quest Toad for Data Analysts 3.0.1 uses weak permissions (Everyone: Full Control) for the %COMMONPROGRAMFILES%\Quest Shared directory, which allows local users to gain privileges via a Trojan horse f… | |||
| CVE-2012-1242 | medium | — | 6.9 | 14y ago | Untrusted search path vulnerability in JustSystems Ichitaro 2011 Sou, Ichitaro 2006 through 2011, Ichitaro Government 2006 through 2010, Ichitaro Portable with oreplug, Ichitaro Viewer, JUST School, … | |||
| CVE-2012-0883 | medium | — | 6.9 | 14y ago | envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the … | |||
| CVE-2012-0008 | medium | — | 6.9 | 14y ago | Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual St… | |||
| CVE-2012-0644 | medium | — | 6.9 | 14y ago | Race condition in the Passcode Lock feature in Apple iOS before 5.1 allows physically proximate attackers to bypass intended passcode requirements via a slide-to-dial gesture. | |||
| CVE-2012-0005 | medium | — | 6.9 | 15y ago | The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean syste… | |||
| CVE-2012-5485 | medium | — | 6.8 | 4y ago | registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface. | |||
| CVE-2012-6691 | medium | — | 6.8 | 11y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to hijack the authentication of administrators for requests that conduct SQ… | |||
| CVE-2012-2930 | medium | — | 6.8 | 11y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user … | |||
| CVE-2012-5695 | medium | — | 6.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of administrator… | |||
| CVE-2012-5694 | medium | — | 6.8 | 12y ago | Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the (1) agentPhNo, (2) controlPhNo… | |||
| CVE-2012-5395 | medium | — | 6.8 | 12y ago | Session fixation vulnerability in the CentralAuth extension for MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the centrala… | |||
| CVE-2012-5391 | medium | — | 6.8 | 12y ago | Session fixation vulnerability in Special:UserLogin in MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the session_id. | |||
| CVE-2012-5649 | medium | — | 6.8 | 12y ago | Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP callback, related to Adobe Flash. | |||
| CVE-2012-6342 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in logout.action in Atlassian Confluence 3.4.6 allows remote attackers to hijack the authentication of administrators for requests that logout the user… | |||
| CVE-2012-5422 | medium | — | 6.8 | 12y ago | Unspecified vulnerability in Cisco IOS before 15.3(2)T on AS5400 devices allows remote authenticated users to cause a denial of service (spurious errors) via unknown vectors, aka Bug ID CSCub61009. | |||
| CVE-2012-5036 | medium | — | 6.8 | 12y ago | Cisco IOS before 12.2(50)SY1 allows remote authenticated users to cause a denial of service (memory consumption) via a sequence of VTY management sessions (aka exec sessions), aka Bug ID CSCtn43662. | |||
| CVE-2012-5017 | medium | — | 6.8 | 12y ago | Cisco IOS before 15.1(1)SY1 allows remote authenticated users to cause a denial of service (device reload) by establishing a VPN session and then sending malformed IKEv2 packets, aka Bug ID CSCub3926… | |||
| CVE-2012-4921 | medium | — | 6.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the DVS Custom Notification plugin 1.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators … | |||
| CVE-2012-3406 | medium | — | 6.8 | 13y ago | The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SP… | |||
| CVE-2012-6631 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in accounts/admin/index.php in Vessio NetBill 1.2 allows remote attackers to hijack the authentication of administrators for requests that add accounts… | |||
| CVE-2012-6629 | medium | — | 6.8 | 13y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Newsletter Manager plugin 1.0.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for r… | |||
| CVE-2012-5394 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the CentralAuth extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to hijack the authenti… | |||
| CVE-2012-0826 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the Aggregator module in Drupal 6.x before 6.23 and 7.x before 7.11 allows remote attackers to hijack the authentication of unspecified victims for … | |||
| CVE-2012-0825 | medium | — | 6.8 | 13y ago | Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without det… | |||
| CVE-2012-4112 | medium | — | 6.8 | 13y ago | The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary commands via crafted command parameters within the comman… | |||
| CVE-2012-4121 | medium | — | 6.8 | 13y ago | Cisco NX-OS allows local users to gain privileges, and read or modify arbitrary files, via the sed (1) r and (2) w commands, aka Bug IDs CSCts56559, CSCts56565, CSCts56570, and CSCts56574. | |||
| CVE-2012-4077 | medium | — | 6.8 | 13y ago | Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via the sed e option, aka Bug IDs CSCtf25457 and CSCtf27651. | |||
| CVE-2012-4076 | medium | — | 6.8 | 13y ago | Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in a command that calls the system library function, aka Bug IDs CSCtf23559 and CSCtf27780. | |||
| CVE-2012-4108 | medium | — | 6.8 | 13y ago | The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary operating-system commands via crafted parameters to a file-relate… | |||
| CVE-2012-4106 | medium | — | 6.8 | 13y ago | The fabric-interconnect component in Cisco Unified Computing System (UCS) uses the same privilege level for execution of every script, which allows local users to gain privileges and execute arbitrar… | |||
| CVE-2012-4084 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the web-management interface in the fabric interconnect (FI) component in Cisco Unified Computing System (UCS) allows remote attackers to hijack the… | |||
| CVE-2012-4136 | medium | — | 6.8 | 13y ago | The high-availability service in the Fabric Interconnect component in Cisco Unified Computing System (UCS) does not properly bind the cluster service to the management interface, which allows remote … | |||
| CVE-2012-4111 | medium | — | 6.8 | 13y ago | The create certreq command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bu… | |||
| CVE-2012-4110 | medium | — | 6.8 | 13y ago | run-script in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86560. | |||
| CVE-2012-4109 | medium | — | 6.8 | 13y ago | The clear sshkey command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug … | |||
| CVE-2012-4103 | medium | — | 6.8 | 13y ago | ethanalyzer in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq02686. | |||
| CVE-2012-4102 | medium | — | 6.8 | 13y ago | The activate firmware command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka… | |||
| CVE-2012-3323 | medium | — | 6.8 | 13y ago | IBM Maximo Asset Management 6.2 before 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.3 allows remote attackers to gain privileges via unspecified vectors. | |||
| CVE-2012-4082 | medium | — | 6.8 | 13y ago | MCTools in the Cisco Management Controller in Cisco Unified Computing System (UCS) allows local users to gain privileges by entering crafted command-line parameters on a Fabric Interconnect device, a… | |||
| CVE-2012-6562 | medium | — | 6.8 | 13y ago | engine/lib/users.php in Elgg before 1.8.5 does not properly specify permissions for the useradd action, which allows remote attackers to create arbitrary accounts. | |||
| CVE-2012-0864 | medium | — | 6.8 | 13y ago | Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct for… | |||
| CVE-2012-5950 | medium | — | 6.8 | 13y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to hijack the authentication of arbitrary users fo… | |||
| CVE-2012-3532 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the GateIn Portal component in JBoss Enterprise Portal Platform 5.2.2 and earlier allows remote attackers to hijack the authentication of unspecifie… | |||
| CVE-2012-5216 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability on HP ProCurve 1700-8 (aka J9079A) switches with software before VA.02.09 and 1700-24 (aka J9080A) switches with software before VB.02.09 allows remote… | |||
| CVE-2012-4446 | medium | — | 6.8 | 13y ago | Improper Authentication in Apache Qpid | |||
| CVE-2012-1998 | medium | — | 6.8 | 13y ago | Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7.0 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, a diff… | |||
| CVE-2012-5212 | medium | — | 6.8 | 13y ago | Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive … | |||
| CVE-2012-5763 | medium | — | 6.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote attackers to hijack the authentication of unspecified victims … | |||
| CVE-2012-5199 | medium | — | 6.8 | 14y ago | Unspecified vulnerability in HP ArcSight Connector Appliance 6.3 and earlier and ArcSight Logger 5.2 and earlier allows remote authenticated users to execute arbitrary code via unknown vectors. | |||
| CVE-2012-2294 | medium | — | 6.8 | 14y ago | EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to conduct clickjacking attacks via a crafted web page. | |||
| CVE-2012-6103 | medium | — | 6.8 | 14y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in user/messageselect.php in the messaging system in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote atta… | |||
| CVE-2012-5060 | medium | — | 6.8 | 14y ago | Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability, related to GIS Extension. | |||
| CVE-2012-5156 | medium | — | 6.8 | 14y ago | Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving PDF fields. | |||
| CVE-2012-5151 | medium | — | 6.8 | 14y ago | Integer overflow in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code in a PDF document. | |||
| CVE-2012-6499 | medium | — | 6.8 | 14y ago | Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing … | |||
| CVE-2012-6498 | medium | — | 6.8 | 14y ago | Unrestricted file upload vulnerability in index.php in Atomymaxsite 2.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing … | |||
| CVE-2012-5581 | medium | — | 6.8 | 14y ago | Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF … | |||
| CVE-2012-0861 | medium | — | 6.8 | 14y ago | The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vds_bootstrap.py, which prevents … |