CVEs from 2012
Total
5,200
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
3.2%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-1772 | low | — | 2.1 | 14y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors relat… | |||
| CVE-2012-1771 | low | — | 2.1 | 14y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors relat… | |||
| CVE-2012-1770 | low | — | 2.1 | 14y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors relat… | |||
| CVE-2012-1769 | low | — | 2.1 | 14y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors relat… | |||
| CVE-2012-1768 | low | — | 2.1 | 14y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outs… | |||
| CVE-2012-1767 | low | — | 2.1 | 14y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors relat… | |||
| CVE-2012-1766 | low | — | 2.1 | 14y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors relat… | |||
| CVE-2012-1744 | low | — | 2.1 | 14y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent users to affect availability via unknown vectors related t… | |||
| CVE-2012-0563 | low | — | 2.1 | 14y ago | Unspecified vulnerability in Oracle Solaris 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kerberos/klist. | |||
| CVE-2012-0800 | low | — | 2.1 | 14y ago | The form-autocompletion functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 makes it easier for physically proximate attackers to discover passwords by reading the … | |||
| CVE-2012-2314 | low | — | 2.1 | 14y ago | The bootloader configuration module (pyanaconda/bootloader.py) in Anaconda uses 755 permissions for /etc/grub.d, which allows local users to obtain password hashes and conduct brute force password gu… | |||
| CVE-2012-2746 | low | — | 2.1 | 14y ago | 389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log … | |||
| CVE-2012-2690 | low | — | 2.1 | 14y ago | virt-edit in libguestfs before 1.18.0 does not preserve the permissions from the original file and saves the new file with world-readable permissions when editing, which might allow local guest users… | |||
| CVE-2012-0813 | low | — | 2.1 | 14y ago | Wicd before 1.7.1 saves sensitive information in log files in /var/log/wicd, which allows context-dependent attackers to obtain passwords and other sensitive information. | |||
| CVE-2012-3818 | low | — | 2.1 | 14y ago | The fpm exporter in Revelation 0.4.13-2 and earlier encrypts the version number but not the password when exporting a file, which might allow local users to obtain sensitive information. | |||
| CVE-2012-3800 | low | — | 2.1 | 14y ago | Cross-site scripting (XSS) vulnerability in og.js in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal, when used with the Vertical Tabs module, allows remote authenticated users to in… | |||
| CVE-2012-2726 | low | — | 2.1 | 14y ago | Cross-site scripting (XSS) vulnerability in the Protest module 6.x-1.x before 6.x-1.2 or 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer protest" permission t… | |||
| CVE-2012-2711 | low | — | 2.1 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy List module 6.x-1.x before 6.x-1.4 for Drupal allow remote authenticated users with create or edit taxonomy terms permissions to in… | |||
| CVE-2012-2708 | low | — | 2.1 | 14y ago | Cross-site scripting (XSS) vulnerability in the _hosting_task_log_table function in modules/hosting/task/hosting_task.module in the Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal allows … | |||
| CVE-2012-2705 | low | — | 2.1 | 14y ago | The filter_titles function in the Smart Breadcrumb module 6.x-1.x before 6.x-1.3 for Drupal does not properly convert a title to plain-text, which allows remote authenticated users with create or edi… | |||
| CVE-2012-2389 | low | — | 2.1 | 14y ago | hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permissions for /etc/hostapd/hostapd.conf, which might allow local users to obtain sensitive information such as credentials. | |||
| CVE-2012-2672 | low | — | 2.1 | 14y ago | Oracle Mojarra 2.1.7 does not properly "clean up" the FacesContext reference during startup, which allows local users to obtain context information an access resources from another WAR file by callin… | |||
| CVE-2012-1717 | low | — | 2.1 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows l… | |||
| CVE-2012-0948 | low | — | 2.1 | 14y ago | DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uses weak permissions for (1) apt-clone_system_state.tar.gz and (2) system_state.tar.gz, which allows … | |||
| CVE-2012-1986 | low | — | 2.1 | 14y ago | Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and ce… | |||
| CVE-2012-0657 | low | — | 2.1 | 14y ago | Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspeci… | |||
| CVE-2012-1698 | low | — | 2.1 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows remote authenticated users to affect confidentiality, related to Kernel/GLD. | |||
| CVE-2012-0548 | low | — | 2.1 | 14y ago | Unspecified vulnerability in Oracle SPARC Enterprise M Series Servers XCP 1110 and earlier allows local users to affect confidentiality, related to XSCF Control Package (XCP). | |||
| CVE-2012-0863 | low | — | 2.1 | 14y ago | Mumble 1.2.3 and earlier uses world-readable permissions for .local/share/data/Mumble/.mumble.sqlite files in home directories, which might allow local users to obtain a cleartext password and config… | |||
| CVE-2012-1923 | low | — | 2.1 | 14y ago | RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x store passwords in cleartext under adm_b_db\users\, which allows local users to obtain sensitive information by reading a database. | |||
| CVE-2012-0321 | low | — | 2.1 | 14y ago | Unspecified vulnerability in the device driver in Kingsoft Internet Security 2011 allows local users to cause a denial of service via a crafted application. | |||
| CVE-2012-1060 | low | — | 2.1 | 15y ago | Multiple cross-site scripting (XSS) vulnerabilities in revisioning_theme.inc in the Taxonomy module in the Revisioning module 6.x-3.13 and other versions before 6.x-3.14 for Drupal allow remote authe… | |||
| CVE-2012-1004 | low | — | 2.1 | 15y ago | Multiple cross-site scripting (XSS) vulnerabilities in UI/Register.pm in Foswiki before 1.1.5 allow remote authenticated users with CHANGE privileges to inject arbitrary web script or HTML via the (1… | |||
| CVE-2012-0976 | low | — | 2.1 | 15y ago | Cross-site scripting (XSS) vulnerability in admin/EditForm in SilverStripe 2.4.6 allows remote authenticated users with Content Authors privileges to inject arbitrary web script or HTML via the Title… | |||
| CVE-2012-0450 | low | — | 2.1 | 15y ago | Mozilla Firefox 4.x through 9.0 and SeaMonkey before 2.7 on Linux and Mac OS X set weak permissions for Firefox Recovery Key.html, which might allow local users to read a Firefox Sync key via standar… | |||
| CVE-2012-0493 | low | — | 2.1 | 15y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-011… | |||
| CVE-2012-0492 | low | — | 2.1 | 15y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CV… | |||
| CVE-2012-0097 | low | — | 2.1 | 15y ago | Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect confidentiality via unknown vectors related to ksh93 Shell. | |||
| CVE-2012-6140 | low | — | 1.9 | 13y ago | pam_google_authenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions… | |||
| CVE-2012-6549 | low | — | 1.9 | 13y ago | The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from k… | |||
| CVE-2012-6548 | low | — | 1.9 | 13y ago | The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap m… | |||
| CVE-2012-6547 | low | — | 1.9 | 13y ago | The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack me… | |||
| CVE-2012-6546 | low | — | 1.9 | 13y ago | The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted applicati… | |||
| CVE-2012-6545 | low | — | 1.9 | 13y ago | The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a c… | |||
| CVE-2012-6544 | low | — | 1.9 | 13y ago | The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a cr… | |||
| CVE-2012-6543 | low | — | 1.9 | 13y ago | The l2tp_ip6_getname function in net/l2tp/l2tp_ip6.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kerne… | |||
| CVE-2012-6542 | low | — | 1.9 | 13y ago | The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel before 3.6 has an incorrect return value in certain circumstances, which allows local users to obtain sensitive information from ke… | |||
| CVE-2012-6541 | low | — | 1.9 | 13y ago | The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from ker… | |||
| CVE-2012-6540 | low | — | 1.9 | 13y ago | The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 3.6 does not initialize a certain structure for IP_VS_SO_GET_TIMEOUT commands, which allows local users to o… | |||
| CVE-2012-6539 | low | — | 1.9 | 13y ago | The dev_ifconf function in net/socket.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a… | |||
| CVE-2012-6538 | low | — | 1.9 | 13y ago | The copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux kernel before 3.6 uses an incorrect C library function for copying a string, which allows local users to obtain sensitive informati… | |||
| CVE-2012-6537 | low | — | 1.9 | 13y ago | net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN… | |||
| CVE-2012-1568 | low | — | 1.9 | 13y ago | The ExecShield feature in a certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 5 and 6 and Fedora 15 and 16 does not properly handle use of many shared libraries by a 32-bi… | |||
| CVE-2012-4832 | low | — | 1.9 | 14y ago | Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 and InfoSphere Business Glossary 8.1.1 and 8.1.2 does not have an off autocomplete attribute for… | |||
| CVE-2012-0700 | low | — | 1.9 | 14y ago | The client in InfoSphere FastTrack 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly store credentials, which allows local users to bypass intended a… | |||
| CVE-2012-4461 | low | — | 1.9 | 14y ago | The KVM subsystem in the Linux kernel before 3.6.9, when running on hosts that use qemu userspace without XSAVE, allows local users to cause a denial of service (kernel OOPS) by using the KVM_SET_SRE… | |||
| CVE-2012-4508 | low | — | 1.9 | 14y ago | Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from a deleted file by reading an extent that was not properly marked as unini… | |||
| CVE-2012-4693 | low | — | 1.9 | 14y ago | Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ProcessSuite use a weak encryption algorithm for data in Ps_security.ini, which makes it easier for local users to discover passwords by re… | |||
| CVE-2012-4838 | low | — | 1.9 | 14y ago | IBM Flex System Chassis Management Module (CMM) and Integrated Management Module 2 (IMM2) allow local users to obtain sensitive information about (1) local accounts, (2) SSH private keys, (3) SSL/TLS… | |||
| CVE-2012-3432 | low | — | 1.9 | 14y ago | The handle_mmio function in arch/x86/hvm/io.c in the MMIO operations emulator for Xen 3.3 and 4.x, when running an HVM guest, does not properly reset certain state information between emulation cycle… | |||
| CVE-2012-2934 | low | — | 1.9 | 14y ago | Xen 4.0, and 4.1, when running a 64-bit PV guest on "older" AMD CPUs, does not properly protect against a certain AMD processor bug, which allows local guest OS users to cause a denial of service (ho… | |||
| CVE-2012-0218 | low | — | 1.9 | 14y ago | Xen 3.4, 4.0, and 4.1, when the guest OS has not registered a handler for a syscall or sysenter instruction, does not properly clear a flag for exception injection when injecting a General Protection… | |||
| CVE-2012-4535 | low | — | 1.9 | 14y ago | Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS administrators to cause a denial of service (Xen infinite loop and physical CPU consumption) by setting a VCPU with an "inapp… | |||
| CVE-2012-3520 | low | — | 1.9 | 14y ago | The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCM_CREDENTIALS data, which might allow local users to spoof Netlink communication via a craft… | |||
| CVE-2012-3741 | low | — | 1.9 | 14y ago | The Restrictions (aka Parental Controls) implementation in Apple iOS before 6 does not properly handle purchase attempts after a Disable Restrictions action, which allows local users to bypass an int… | |||
| CVE-2012-3734 | low | — | 1.9 | 14y ago | Office Viewer in Apple iOS before 6 writes cleartext document data to a temporary file, which might allow local users to bypass a document's intended (1) Data Protection level or (2) encryption state… | |||
| CVE-2012-3729 | low | — | 1.9 | 14y ago | The Berkeley Packet Filter (BPF) interpreter implementation in the kernel in Apple iOS before 6 accesses uninitialized memory locations, which allows local users to obtain sensitive information about… | |||
| CVE-2012-2737 | low | — | 1.9 | 14y ago | The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache directo… | |||
| CVE-2012-3116 | low | — | 1.9 | 14y ago | Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, and 6.2 allows local users to affect confidentiality via unknown ve… | |||
| CVE-2012-1106 | low | — | 1.9 | 14y ago | The C handler plug-in in Automatic Bug Reporting Tool (ABRT), possibly 2.0.8 and earlier, does not properly set the group (GID) permissions on core dump files for setuid programs when the sysctl fs.s… | |||
| CVE-2012-0742 | low | — | 1.9 | 14y ago | IBM Tivoli Event Pump 4.2.2, when the LOG_REQUESTS and VALIDATE_SOAP_USERS options are enabled, places credentials into the AOPSCLOG (aka AOPLOG) data set, which allows local users to obtain sensitiv… | |||
| CVE-2012-0098 | low | — | 1.9 | 15y ago | Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2011-0813. | |||
| CVE-2012-2425 | low | — | 1.8 | 14y ago | The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allow remote atta… | |||
| CVE-2012-2424 | low | — | 1.8 | 14y ago | The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allow remote atta… | |||
| CVE-2012-2423 | low | — | 1.8 | 14y ago | The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, provide different… | |||
| CVE-2012-2421 | low | — | 1.8 | 14y ago | Absolute path traversal vulnerability in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Int… | |||
| CVE-2012-2420 | low | — | 1.8 | 14y ago | The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, might allow remot… | |||
| CVE-2012-2419 | low | — | 1.8 | 14y ago | Memory leak in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, al… | |||
| CVE-2012-3215 | low | — | 1.7 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC, allows local users to affect confidentiality via unknown vectors related to Kernel. | |||
| CVE-2012-3162 | low | — | 1.7 | 14y ago | Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows local users to affect confidentiality, related to MDS loading. | |||
| CVE-2012-0174 | low | — | 1.7 | 14y ago | Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packe… | |||
| CVE-2012-0494 | low | — | 1.7 | 15y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows local users to affect availability via unknown vectors. | |||
| CVE-2012-0075 | low | — | 1.7 | 15y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect integrity via unknown vectors. | |||
| CVE-2012-5616 | low | — | 1.5 | 14y ago | Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) t… | |||
| CVE-2012-3145 | low | — | 1.5 | 14y ago | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.0.5, 5.1.0, 5.2.0, 5.3.0 through 5.3.4, and 6.2.0 allows local users to affect… | |||
| CVE-2012-6095 | low | — | 1.2 | 14y ago | ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD command… | |||
| CVE-2012-3500 | low | — | 1.2 | 14y ago | scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2… | |||
| CVE-2012-2103 | low | — | 1.2 | 14y ago | The qmailscan plugin for Munin 1.4.5 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. | |||
| CVE-2012-4676 | low | — | 1.2 | 14y ago | The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and earlier allows local users to delete arbitrary files by constructing a (1) symlink or (2) hard link, a different vulnerability tha… | |||
| CVE-2012-3487 | low | — | 1.2 | 14y ago | Race condition in Tunnelblick 3.3beta20 and earlier allows local users to kill unintended processes by waiting for a specific PID value to be assigned to a target process. | |||
| CVE-2012-2678 | low | — | 1.2 | 14y ago | 389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers … | |||
| CVE-2012-2313 | low | — | 1.2 | 14y ago | The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet… | |||
| CVE-2012-0645 | low | — | 1.2 | 14y ago | Siri in Apple iOS before 5.1 does not properly restrict the ability of Mail.app to handle voice commands, which allows physically proximate attackers to bypass the locked state via a command that for… |