CVEs from 2012
Total
5,200
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.7%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-4877 | medium | — | 7.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that a… | |||
| CVE-2012-1112 | medium | — | 7.8 | 14y ago | Directory traversal vulnerability in Open-Realty CMS 2.5.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the select_users_template parameter t… | |||
| CVE-2012-3012 | high | — | 7.8 | 14y ago | The Arbiter Power Sentinel 1133A device with firmware before 11Jun2012 Rev 421 allows remote attackers to cause a denial of service (Ethernet outage) via unspecified Ethernet traffic that fills a buf… | |||
| CVE-2012-4746 | medium | — | 7.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in accessaccount.cgi in ZTE ZXDSL 831IIV7.5.0a_Z29_OV allows remote attackers to hijack the authentication of administrators for requests that change t… | |||
| CVE-2012-0308 | medium | — | 7.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to hijack the authentication of administrators. | |||
| CVE-2012-4036 | medium | — | 7.8 | 14y ago | Unrestricted file upload vulnerability in admin.php in PBBoard 2.1.4 allows remote administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via… | |||
| CVE-2012-1933 | medium | — | 7.8 | 14y ago | Multiple PHP remote file inclusion vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4 before RC4, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in… | |||
| CVE-2012-2104 | medium | — | 7.8 | 14y ago | cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequenc… | |||
| CVE-2012-1921 | medium | — | 7.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in goform/admin/formWlEncrypt in Sitecom WLM-2501 allows remote attackers to hijack the authentication of administrators for requests that change the r… | |||
| CVE-2012-3252 | high | — | 7.8 | 14y ago | Unspecified vulnerability in HP Serviceguard A.11.19 and A.11.20 allows remote attackers to cause a denial of service via unknown vectors. | |||
| CVE-2012-4237 | medium | — | 7.8 | 14y ago | Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subject_module_id param… | |||
| CVE-2012-3294 | medium | — | 7.8 | 14y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier, and WebSphere MQ - Managed File Transfer 7.5, allo… | |||
| CVE-2012-4325 | medium | — | 7.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in upload/users.php in Utopia News Pro (UNP) 1.4.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that… | |||
| CVE-2012-4280 | medium | — | 7.8 | 14y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in admin/agenteditor.php in Free Realty 3.1-0.6 allow remote attackers to hijack the authentication of administrators for requests that (1) … | |||
| CVE-2012-2602 | medium | — | 7.8 | 14y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to hijack the authentication of administrators fo… | |||
| CVE-2012-2744 | high | — | 7.8 | 14y ago | net/ipv6/netfilter/nf_conntrack_reasm.c in the Linux kernel before 2.6.34, when the nf_conntrack_ipv6 module is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference… | |||
| CVE-2012-1350 | high | — | 7.8 | 14y ago | Cisco IOS 12.3 and 12.4 on Aironet access points allows remote attackers to cause a denial of service (radio-interface input-queue hang) via IAPP 0x3281 packets, aka Bug ID CSCtc12426. | |||
| CVE-2012-2472 | high | — | 7.8 | 14y ago | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 and 8.4, when SIP inspection is enabled, create many identical pre-allocated secondary pinholes, which might allow remot… | |||
| CVE-2012-2469 | high | — | 7.8 | 14y ago | Cisco NX-OS 4.2, 5.0, 5.1, and 5.2 on Nexus 7000 series switches, when the High Availability (HA) policy is configured for Reset, allows remote attackers to cause a denial of service (device reset) v… | |||
| CVE-2012-3017 | high | — | 7.8 | 14y ago | Siemens SIMATIC S7-400 PN CPU devices with firmware 5.x allow remote attackers to cause a denial of service (defect-mode transition and service outage) via (1) malformed HTTP traffic or (2) malformed… | |||
| CVE-2012-3016 | high | — | 7.8 | 14y ago | Siemens SIMATIC S7-400 PN CPU devices with firmware 6 before 6.0.3 allow remote attackers to cause a denial of service (defect-mode transition and service outage) via crafted ICMP packets. | |||
| CVE-2012-3817 | high | — | 7.8 | 14y ago | ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initializ… | |||
| CVE-2012-3120 | high | — | 7.8 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 8 allows remote attackers to affect availability, related to TCP/IP. | |||
| CVE-2012-1740 | high | — | 7.8 | 14y ago | Unspecified vulnerability in the Oracle Application Express Listener component in Oracle Application Express Listener 1.1-ea, 1.1.1, 1.1.2, and 1.1.3 allows remote attackers to affect confidentiality… | |||
| CVE-2012-0282 | medium | — | 7.8 | 14y ago | Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ImageLeftPosition value in … | |||
| CVE-2012-0277 | medium | — | 7.8 | 14y ago | Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PCT image. | |||
| CVE-2012-0276 | medium | — | 7.8 | 14y ago | Multiple heap-based buffer overflows in XnView before 1.99 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a (1) SGI32LogLum compressed… | |||
| CVE-2012-4028 | high | — | 7.8 | 14y ago | Tridium Niagara AX Framework does not properly store credential data, which allows context-dependent attackers to bypass intended access restrictions by using the stored information for authenticatio… | |||
| CVE-2012-3350 | medium | — | 7.8 | 14y ago | SQL injection vulnerability in index.php in Webmatic 3.1.1 allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header. | |||
| CVE-2012-2614 | medium | — | 7.8 | 14y ago | Buffer overflow in programmer.exe in Lattice Diamond Programmer 1.4.2 allows user-assisted remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long stri… | |||
| CVE-2012-3073 | high | — | 7.8 | 14y ago | The IP implementation on Cisco TelePresence Multipoint Switch before 1.8.1, Cisco TelePresence Manager before 1.9.0, and Cisco TelePresence Recording Server 1.8 and earlier allows remote attackers to… | |||
| CVE-2012-2970 | high | — | 7.8 | 14y ago | The Synel SY-780/A Time & Attendance terminal allows remote attackers to cause a denial of service (device hang) via network traffic to port (1) 1641, (2) 3734, or (3) 3735. | |||
| CVE-2012-2017 | high | — | 7.8 | 14y ago | Unspecified vulnerability on HP Photosmart Wireless e-All-in-One B110, e-All-in-One D110, Plus e-All-in-One B210, eStation All-in-One C510, Ink Advantage e-All-in-One K510, and Premium Fax e-All-in-O… | |||
| CVE-2012-2816 | high | — | 7.8 | 14y ago | Google Chrome before 20.0.1132.43 on Windows does not properly isolate sandboxed processes, which might allow remote attackers to cause a denial of service (process interference) via unspecified vect… | |||
| CVE-2012-3058 | high | — | 7.8 | 14y ago | Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(4.1), 8.5 before 8.5(1.11), and 8… | |||
| CVE-2012-3578 | medium | — | 7.8 | 14y ago | Unrestricted file upload vulnerability in html/Upload.php in the FCChat Widget plugin 2.2.13.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with a f… | |||
| CVE-2012-3289 | high | — | 7.8 | 14y ago | VMware Workstation 8.x before 8.0.4, VMware Player 4.x before 4.0.4, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow remote attackers to cause a denial of service (guest OS crash) v… | |||
| CVE-2012-3291 | high | — | 7.8 | 14y ago | Heap-based buffer overflow in OpenConnect 3.18 allows remote servers to cause a denial of service via a crafted greeting banner. | |||
| CVE-2012-1185 | high | 7.8 | 7.8 | 14y ago | Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execu… | |||
| CVE-2012-2488 | high | — | 7.8 | 14y ago | Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series devices allows remote attackers to cause a denial of service (packet transmission outage) via a crafted packet, aka Bug IDs CSCty94… | |||
| CVE-2012-2426 | high | — | 7.8 | 14y ago | The server in xArrow before 3.4.1 does not properly allocate memory, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via unspecified vectors. | |||
| CVE-2012-2320 | high | — | 7.8 | 14y ago | ConnMan before 0.85 does not ensure that netlink messages originate from the kernel, which allows remote attackers to bypass intended access restrictions and cause a denial of service via a crafted n… | |||
| CVE-2012-1097 | high | 7.8 | 7.8 | 14y ago | The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL poin… | |||
| CVE-2012-0044 | high | 7.8 | 7.8 | 14y ago | Integer overflow in the drm_mode_dirtyfb_ioctl function in drivers/gpu/drm/drm_crtc.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.1.5 allows local users to gain privi… | |||
| CVE-2012-1804 | high | — | 7.8 | 14y ago | The OPC server in Progea Movicon before 11.3 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted HTTP request. | |||
| CVE-2012-0180 | high | 7.8 | 7.8 | 14y ago | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 C… | |||
| CVE-2012-1936 | medium | — | 7.8 | 14y ago | The wp_create_nonce function in wp-includes/pluggable.php in WordPress 3.3.1 and earlier associates a nonce with a user account instead of a user session, which might make it easier for remote attack… | |||
| CVE-2012-0378 | high | — | 7.8 | 14y ago | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allow remote attackers to cause a denial of service (connection limit exceeded) by triggering a large number… | |||
| CVE-2012-0550 | medium | — | 7.8 | 14y ago | Unspecified vulnerability in the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1 allows remote attackers to affect confidentiality, integrity, and… | |||
| CVE-2012-1802 | high | — | 7.8 | 14y ago | Buffer overflow in the embedded web server on the Siemens Scalance X Industrial Ethernet switch X414-3E before 3.7.1, X308-2M before 3.7.2, X-300EEC before 3.7.2, XR-300 before 3.7.2, and X-300 befor… | |||
| CVE-2012-1315 | high | — | 7.8 | 14y ago | Memory leak in the SIP inspection feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload)… | |||
| CVE-2012-1314 | high | — | 7.8 | 14y ago | The WAAS Express feature in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit traffic, aka Bug ID CSCtt45381. | |||
| CVE-2012-1311 | high | — | 7.8 | 14y ago | The RSVP feature in Cisco IOS 15.0 and 15.1 and IOS XE 3.2.xS through 3.4.xS before 3.4.2S, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue w… | |||
| CVE-2012-1310 | high | — | 7.8 | 14y ago | Memory leak in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted IP packets, aka B… | |||
| CVE-2012-0388 | high | — | 7.8 | 14y ago | Memory leak in the H.323 inspection feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reloa… | |||
| CVE-2012-0387 | high | — | 7.8 | 14y ago | Memory leak in the HTTP Inspection Engine feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device… | |||
| CVE-2012-0386 | high | — | 7.8 | 14y ago | The SSHv2 implementation in Cisco IOS 12.2, 12.4, 15.0, 15.1, and 15.2 and IOS XE 2.3.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.2S allows remote attackers to cause a denial of service (dev… | |||
| CVE-2012-0385 | high | — | 7.8 | 14y ago | The Smart Install feature in Cisco IOS 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (device reload) by sending a malformed Smart Install message over TCP, aka Bug I… | |||
| CVE-2012-0383 | high | — | 7.8 | 14y ago | Memory leak in the NAT feature in Cisco IOS 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (memory consumption, and device hang or reload) via SIP packets that require tran… | |||
| CVE-2012-1498 | medium | — | 7.8 | 14y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Webfolio CMS 1.1.4 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an adminis… | |||
| CVE-2012-1297 | medium | — | 7.8 | 14y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and earlier allow remote attackers to hijack the authentication of administrators for requ… | |||
| CVE-2012-0356 | high | — | 7.8 | 14y ago | Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 7.0 through 7.2 before 7.2(5.7), 8.0 before 8.0(… | |||
| CVE-2012-0355 | high | — | 7.8 | 14y ago | Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(2.11) and 8.5 before 8.5(1.4) all… | |||
| CVE-2012-0370 | high | — | 7.8 | 14y ago | Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.0 and 7.1 before 7.1.91.0, when WebAuth is enabled, allow remote attackers to cause a denial of service… | |||
| CVE-2012-0369 | high | — | 7.8 | 14y ago | Cisco Wireless LAN Controller (WLC) devices with software 6.0 and 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (device reloa… | |||
| CVE-2012-0368 | high | — | 7.8 | 14y ago | The administrative management interface on Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allows remo… | |||
| CVE-2012-0367 | high | — | 7.8 | 14y ago | Cisco Unity Connection before 7.1.5b(Su5), 8.0 and 8.5 before 8.5.1(Su3), and 8.6 before 8.6.2 allows remote attackers to cause a denial of service (services crash) via a series of crafted TCP segmen… | |||
| CVE-2012-0359 | high | — | 7.8 | 14y ago | The Cisco Cius with software before 9.2(1) SR2 allows remote attackers to cause a denial of service (device crash or hang) via malformed network traffic, aka Bug ID CSCto71445. | |||
| CVE-2012-0330 | high | — | 7.8 | 14y ago | Cisco TelePresence Video Communication Server with software before X7.0.1 allows remote attackers to cause a denial of service (device crash) via a malformed SIP message, aka Bug ID CSCtr20426. | |||
| CVE-2012-0364 | high | — | 7.8 | 15y ago | Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allow remote attackers to replace the configuration file via an upload reques… | |||
| CVE-2012-0997 | medium | — | 7.8 | 15y ago | Cross-site request forgery (CSRF) vulnerability in admin/index.php in 11in1 1.2.1 stable 12-31-2011 allows remote attackers to hijack the authentication of administrators for requests that add new to… | |||
| CVE-2012-1220 | medium | — | 7.8 | 15y ago | Cross-site request forgery (CSRF) vulnerability in modules/config/admin_utente.php in GAzie 5.20 and earlier allows remote attackers to hijack the authentication of administrators for requests that c… | |||
| CVE-2012-0352 | high | — | 7.8 | 15y ago | Cisco NX-OS 4.2.x before 4.2(1)SV1(5.1) on Nexus 1000v series switches; 4.x and 5.0.x before 5.0(2)N1(1) on Nexus 5000 series switches; and 4.2.x before 4.2.8, 5.0.x before 5.0.5, and 5.1.x before 5.… | |||
| CVE-2012-0014 | high | 7.8 | 7.8 | 15y ago | Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to exe… | |||
| CVE-2012-0286 | medium | — | 7.8 | 15y ago | Cross-site request forgery (CSRF) vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to hijack the authentication of unspecified victims for requests that modify user accoun… | |||
| CVE-2012-0897 | medium | — | 7.8 | 15y ago | Stack-based buffer overflow in the JPEG2000 plugin in IrfanView PlugIns before 4.33 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QC… | |||
| CVE-2012-0094 | high | — | 7.8 | 15y ago | Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows remote attackers to affect availability, related to TCP/IP. | |||
| CVE-2012-0394 | medium | — | 7.8 | 15y ago | Apache Struts's DebuggingInterceptor component allows remote code execution in developer mode | |||
| CVE-2012-0392 | medium | — | 7.8 | 15y ago | Apache Struts's CookieInterceptor component does not use the parameter-name whitelist | |||
| CVE-2012-0024 | high | — | 7.8 | 15y ago | MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a den… | |||
| CVE-2012-5380 | medium | 6.7 | 7.7 | 14y ago | Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse … | |||
| CVE-2012-3014 | high | — | 7.7 | 14y ago | The Management Software application in GarrettCom Magnum MNS-6K before 4.4.0, and 14.x before 14.4.0, has a hardcoded password for an administrative account, which allows local users to gain privileg… | |||
| CVE-2012-3580 | high | — | 7.7 | 14y ago | Symantec Messaging Gateway (SMG) before 10.0 allows remote authenticated users to modify the web application by leveraging access to the management interface. | |||
| CVE-2012-1801 | high | — | 7.7 | 14y ago | Multiple stack-based buffer overflows in (1) COM and (2) ActiveX controls in ABB WebWare Server, WebWare SDK, Interlink Module, S4 OPC Server, QuickTeach, RobotStudio S4, and RobotStudio Lite allow r… | |||
| CVE-2012-4694 | high | — | 7.6 | 14y ago | Moxa EDR-G903 series routers with firmware before 2.11 do not use a sufficient source of entropy for (1) SSH and (2) SSL keys, which makes it easier for man-in-the-middle attackers to spoof a device … | |||
| CVE-2012-1543 | high | — | 7.6 | 14y ago | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a diff… | |||
| CVE-2012-4687 | high | — | 7.6 | 14y ago | Post Oak AWAM Bluetooth Reader Traffic System does not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof a device by predicting a key… | |||
| CVE-2012-5089 | high | — | 7.6 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to a… | |||
| CVE-2012-5084 | high | — | 7.6 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows… | |||
| CVE-2012-5080 | high | — | 7.6 | 14y ago | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a differ… | |||
| CVE-2012-3400 | high | — | 7.6 | 14y ago | Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel before 3.4.5 allows remote attackers to cause a denial of service (system crash) or possibly have … | |||
| CVE-2012-3973 | high | — | 7.6 | 14y ago | The debugger in the developer-tools subsystem in Mozilla Firefox before 15.0, when remote debugging is disabled, does not properly restrict access to the remote-debugging service, which allows remote… | |||
| CVE-2012-3555 | high | — | 7.6 | 14y ago | Opera before 11.65 does not ensure that keyboard sequences are associated with a visible window, which makes it easier for user-assisted remote attackers to conduct cross-site scripting (XSS) attacks… | |||
| CVE-2012-3292 | high | — | 7.6 | 14y ago | The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to… | |||
| CVE-2012-2562 | high | — | 7.6 | 14y ago | The Xelex MobileTrack application 2.3.7 and earlier for Android does not verify the origin of SMS commands, which allows remote attackers to execute a (1) LOCATE, (2) TRACK, (3) UPDATECFG, (4) UPDATE… | |||
| CVE-2012-0735 | high | — | 7.6 | 14y ago | IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly scan file: URLs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified oth… | |||
| CVE-2012-0734 | high | — | 7.6 | 14y ago | IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly import jobs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other i… | |||
| CVE-2012-0168 | high | — | 7.6 | 14y ago | Microsoft Internet Explorer 6 through 9 allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document that is not properly handled during a "Print table of links" print … | |||
| CVE-2012-0129 | high | — | 7.6 | 14y ago | HP Onboard Administrator (OA) before 3.50 allows remote attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors. | |||
| CVE-2012-0648 | high | — | 7.6 | 14y ago | WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to… |