CVEs from 2012
Total
5,199
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.7%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-3688 | medium | — | 6.8 | 14y ago | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differe… | |||
| CVE-2012-3685 | medium | — | 6.8 | 14y ago | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differe… | |||
| CVE-2012-3684 | medium | — | 6.8 | 14y ago | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differe… | |||
| CVE-2012-3677 | medium | — | 6.8 | 14y ago | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differe… | |||
| CVE-2012-3676 | medium | — | 6.8 | 14y ago | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differe… | |||
| CVE-2012-3675 | medium | — | 6.8 | 14y ago | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differe… | |||
| CVE-2012-3673 | medium | — | 6.8 | 14y ago | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differe… | |||
| CVE-2012-3672 | medium | — | 6.8 | 14y ago | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differe… | |||
| CVE-2012-3671 | medium | — | 6.8 | 14y ago | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differe… | |||
| CVE-2012-3660 | medium | — | 6.8 | 14y ago | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differe… | |||
| CVE-2012-3659 | medium | — | 6.8 | 14y ago | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differe… | |||
| CVE-2012-3658 | medium | — | 6.8 | 14y ago | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differe… | |||
| CVE-2012-3657 | medium | — | 6.8 | 14y ago | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differe… | |||
| CVE-2012-3654 | medium | — | 6.8 | 14y ago | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differe… | |||
| CVE-2012-3652 | medium | — | 6.8 | 14y ago | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differe… | |||
| CVE-2012-3651 | medium | — | 6.8 | 14y ago | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differe… | |||
| CVE-2012-3649 | medium | — | 6.8 | 14y ago | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differe… | |||
| CVE-2012-3648 | medium | — | 6.8 | 14y ago | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differe… | |||
| CVE-2012-3647 | medium | — | 6.8 | 14y ago | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differe… | |||
| CVE-2012-3643 | medium | — | 6.8 | 14y ago | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differe… | |||
| CVE-2012-3624 | medium | — | 6.8 | 14y ago | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differe… | |||
| CVE-2012-3623 | medium | — | 6.8 | 14y ago | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differe… | |||
| CVE-2012-3622 | medium | — | 6.8 | 14y ago | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differe… | |||
| CVE-2012-3617 | medium | — | 6.8 | 14y ago | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differe… | |||
| CVE-2012-3616 | medium | — | 6.8 | 14y ago | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differe… | |||
| CVE-2012-3614 | medium | — | 6.8 | 14y ago | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differe… | |||
| CVE-2012-3613 | medium | — | 6.8 | 14y ago | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differe… | |||
| CVE-2012-3612 | medium | — | 6.8 | 14y ago | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differe… | |||
| CVE-2012-3602 | medium | — | 6.8 | 14y ago | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differe… | |||
| CVE-2012-3601 | medium | — | 6.8 | 14y ago | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differe… | |||
| CVE-2012-3598 | medium | — | 6.8 | 14y ago | WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differe… | |||
| CVE-2012-2410 | medium | — | 6.8 | 14y ago | Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service or possibly ha… | |||
| CVE-2012-2408 | medium | — | 6.8 | 14y ago | The AAC SDK in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service (heap memory corru… | |||
| CVE-2012-4893 | medium | — | 6.8 | 14y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in file/show.cgi in Webmin 1.590 and earlier allow remote attackers to hijack the authentication of privileged users for requests that (1) r… | |||
| CVE-2012-2184 | medium | — | 6.8 | 14y ago | Session fixation vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk,… | |||
| CVE-2012-2183 | medium | — | 6.8 | 14y ago | Session fixation vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk,… | |||
| CVE-2012-0714 | medium | — | 6.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Max… | |||
| CVE-2012-1580 | medium | — | 6.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in Special:Upload in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to hijack the authentication of unspecified victim… | |||
| CVE-2012-1578 | medium | — | 6.8 | 14y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allow remote attackers to hijack the authentication of users with the block permi… | |||
| CVE-2012-3256 | medium | — | 6.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in HP Business Availability Center (BAC) 8.07 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||
| CVE-2012-6134 | medium | — | 6.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in the omniauth-oauth2 gem 1.1.1 and earlier for Ruby allows remote attackers to hijack the authentication of users for requests that modify session st… | |||
| CVE-2012-2069 | medium | — | 6.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in the Wishlist module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.6 for Drupal allows remote attackers to hijack the authentication of arbitrary u… | |||
| CVE-2012-4753 | medium | — | 6.8 | 14y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.5 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||
| CVE-2012-4393 | medium | — | 6.8 | 14y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users for requests that use (1) addBookmark.php, (… | |||
| CVE-2012-4391 | medium | — | 6.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in core/ajax/appconfig.php in ownCloud before 4.0.7 allows remote attackers to hijack the authentication of administrators for requests that edit the a… | |||
| CVE-2012-4389 | medium | — | 6.8 | 14y ago | Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and access… | |||
| CVE-2012-4386 | medium | — | 6.8 | 14y ago | Cross-Site Request Forgery in Apache Struts | |||
| CVE-2012-3535 | medium | — | 6.8 | 14y ago | Heap-based buffer overflow in OpenJPEG 1.5.0 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted JPEG2000 file. | |||
| CVE-2012-2067 | medium | — | 6.8 | 14y ago | Unspecified vulnerability in the CKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal, when the core PHP module is enabled, allo… | |||
| CVE-2012-2116 | medium | — | 6.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in the Commerce Reorder module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that add … | |||
| CVE-2012-2871 | medium | — | 6.8 | 14y ago | libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attacke… | |||
| CVE-2012-2868 | medium | — | 6.8 | 14y ago | Race condition in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving improper interaction between w… | |||
| CVE-2012-4245 | medium | — | 6.8 | 14y ago | The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote attackers to execute arbitrary commands via the python-fu-eval command. | |||
| CVE-2012-4009 | medium | — | 6.8 | 14y ago | The WebView class in the Cybozu Live application 1.0.4 and earlier for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted applicatio… | |||
| CVE-2012-4008 | medium | — | 6.8 | 14y ago | The Cybozu Live application 1.0.4 and earlier for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web … | |||
| CVE-2012-3309 | medium | — | 6.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in the account-creation panel in IBM InfoSphere Guardium 8.2 and earlier, when the CSRF filtering (aka csrf_status) feature is disabled, allows remote … | |||
| CVE-2012-2285 | medium | — | 6.8 | 14y ago | EMC Cloud Tiering Appliance (aka CTA, formerly FMA) 9.0 and earlier, and Cloud Tiering Appliance Virtual Edition (CTA/VE) 9.0 and earlier, allows remote attackers to obtain GUI administrative access … | |||
| CVE-2012-3979 | medium | — | 6.8 | 14y ago | Mozilla Firefox before 15.0 on Android does not properly implement unspecified callers of the __android_log_print function, which allows remote attackers to execute arbitrary code via a crafted web p… | |||
| CVE-2012-3978 | medium | — | 6.8 | 14y ago | The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 does not prope… | |||
| CVE-2012-2085 | medium | — | 6.8 | 14y ago | The exec_command function in common/helpers.py in Gajim before 0.15 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an href attribute. | |||
| CVE-2012-2128 | medium | — | 6.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users. … | |||
| CVE-2012-1175 | medium | — | 6.8 | 14y ago | Integer overflow in the GnashImage::size method in libbase/GnashImage.h in GNU Gnash 0.8.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a craf… | |||
| CVE-2012-3481 | medium | — | 6.8 | 14y ago | Integer overflow in the ReadImage function in plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service (applicati… | |||
| CVE-2012-3479 | medium | — | 6.8 | 14y ago | lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remot… | |||
| CVE-2012-3403 | medium | — | 6.8 | 14y ago | Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted KiSS pa… | |||
| CVE-2012-3402 | medium | — | 6.8 | 14y ago | Integer overflow in plug-ins/common/psd.c in the Adobe Photoshop PSD plugin in GIMP 2.2.13 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a c… | |||
| CVE-2012-4581 | medium | — | 6.8 | 14y ago | McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, does not disable the server-side session token upon the closing o… | |||
| CVE-2012-0947 | medium | — | 6.8 | 14y ago | Heap-based buffer overflow in the vqa_decode_chunk function in the VQA codec (vqavideo.c) in libavcodec in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.2 all… | |||
| CVE-2012-0859 | medium | — | 6.8 | 14y ago | The render_line function in the vorbis codec (vorbis.c) in libavcodec in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary co… | |||
| CVE-2012-0858 | medium | — | 6.8 | 14y ago | The Shorten codec (shorten.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, all… | |||
| CVE-2012-0853 | medium | — | 6.8 | 14y ago | The decodeTonalComponents function in the Actrac3 codec (atrac3.c) in libavcodec in FFmpeg 0.7.x before 0.7.12, and 0.8.x before 0.8.11; and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x bef… | |||
| CVE-2012-0852 | medium | — | 6.8 | 14y ago | The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers… | |||
| CVE-2012-0851 | medium | — | 6.8 | 14y ago | The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows … | |||
| CVE-2012-2155 | medium | — | 6.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in the CDN2 Video module 6.x for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||
| CVE-2012-2080 | medium | — | 6.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in the Node Limit Number module before 6.x-1.2 for Drupal allows remote attackers to hijack the authentication of users with the administer node limitn… | |||
| CVE-2012-4326 | medium | — | 6.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in commonsettings.php in AlstraSoft Site Uptime Enterprise, possibly 5.4, allows remote attackers to hijack the authentication of administrators. | |||
| CVE-2012-4324 | medium | — | 6.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in PHPJabbers Vacation Rental Script allows remote attackers to hijack the authentication of administrators for requests that add administrator account… | |||
| CVE-2012-2097 | medium | — | 6.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in the Autosave module 6.x before 6.x-2.10 and 7.x-2.x before 7.x-2.0 for Drupal allows remote attackers to hijack the authentication of arbitrary user… | |||
| CVE-2012-3401 | medium | — | 6.8 | 14y ago | The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF 4.0.2 and earlier does not properly initialize the T2P context struct pointer in certain error conditions, which allows conte… | |||
| CVE-2012-2862 | medium | — | 6.8 | 14y ago | Use-after-free vulnerability in the PDF functionality in Google Chrome before 21.0.1180.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted… | |||
| CVE-2012-2649 | medium | — | 6.8 | 14y ago | The Sleipnir Mobile application 2.2.0 and earlier and Sleipnir Mobile Black Edition application 2.2.0 and earlier for Android allow remote attackers to execute arbitrary Java methods, and obtain sens… | |||
| CVE-2012-3422 | medium | — | 6.8 | 14y ago | The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial… | |||
| CVE-2012-4143 | medium | — | 6.8 | 14y ago | Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a s… | |||
| CVE-2012-2860 | medium | — | 6.8 | 14y ago | The date-picker implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to cause a denial… | |||
| CVE-2012-2858 | medium | — | 6.8 | 14y ago | Buffer overflow in the WebP decoder in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of servi… | |||
| CVE-2012-2857 | medium | — | 6.8 | 14y ago | Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, al… | |||
| CVE-2012-2855 | medium | — | 6.8 | 14y ago | Use-after-free vulnerability in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause… | |||
| CVE-2012-2853 | medium | — | 6.8 | 14y ago | The webRequest API in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not properly interact with the Chrome Web Store, which allows … | |||
| CVE-2012-2852 | medium | — | 6.8 | 14y ago | The PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not properly handle object linkage, which allows remote att… | |||
| CVE-2012-2851 | medium | — | 6.8 | 14y ago | Multiple integer overflows in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allow remote attackers to cause a … | |||
| CVE-2012-2850 | medium | — | 6.8 | 14y ago | Multiple unspecified vulnerabilities in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allow remote attackers t… | |||
| CVE-2012-4059 | medium | — | 6.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in home/secretqtn.php in SocketMail Pro 2.2.9 allows remote attackers to hijack the authentication of arbitrary users for requests that change user sec… | |||
| CVE-2012-2307 | medium | — | 6.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in the Addressbook module for Drupal 6.x-4.2 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vector… | |||
| CVE-2012-2305 | medium | — | 6.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in the Node Gallery module for Drupal 6.x-3.1 and earlier allows remote attackers to hijack the authentication of certain users for requests that creat… | |||
| CVE-2012-4053 | medium | — | 6.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in eZOE flash player in eZ Publish 4.1 through 4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||
| CVE-2012-3384 | medium | — | 6.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in the customizer in WordPress before 3.4.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||
| CVE-2012-2113 | medium | — | 6.8 | 14y ago | Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tiff image, whi… | |||
| CVE-2012-4025 | medium | — | 6.8 | 14y ago | Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted block_log field in the superblock… | |||
| CVE-2012-4024 | medium | — | 6.8 | 14y ago | Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file (aka a cr… | |||
| CVE-2012-0868 | medium | — | 6.8 | 14y ago | CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary S… |