CVEs from 2012
Total
5,200
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.7%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-5760 | medium | — | 6.5 | 14y ago | SQL injection vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2012-3321 | medium | — | 6.5 | 14y ago | IBM SmartCloud Control Desk 7.5 allows remote authenticated users to bypass intended access restrictions via vectors involving an expired password. | |||
| CVE-2012-3286 | medium | — | 6.5 | 14y ago | Unspecified vulnerability in HP ArcSight Connector Appliance 6.3 and earlier and ArcSight Logger 5.2 and earlier allows remote authenticated users to obtain sensitive information, modify data, or cau… | |||
| CVE-2012-2293 | medium | — | 6.5 | 14y ago | Directory traversal vulnerability in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allows remote authenticated users to upload files, and consequently execute arbitrary… | |||
| CVE-2012-0701 | medium | — | 6.5 | 14y ago | The client applications in the DataStage Administrator client in InfoSphere DataStage in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 rely on client-side access control, which allow… | |||
| CVE-2012-0205 | medium | — | 6.5 | 14y ago | InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly restrict use of the troubleshooting feature, which allows remot… | |||
| CVE-2012-4414 | medium | — | 6.5 | 14y ago | Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5… | |||
| CVE-2012-4549 | medium | 6.5 | 6.5 | 14y ago | A flaw was found in JBoss Enterprise Application Platform. The `processInvocation` function within the `org.jboss.as.ejb3.security.AuthorizationInterceptor` component incorrectly authorizes all reque… | |||
| CVE-2012-5931 | medium | — | 6.5 | 14y ago | Directory traversal vulnerability in the set_log_config function in regclnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote authenticated users to create or ov… | |||
| CVE-2012-5610 | medium | — | 6.5 | 14y ago | Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud before 4.0.9 and 4.5.x before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a spe… | |||
| CVE-2012-5609 | medium | — | 6.5 | 14y ago | Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted mount.php file in a ZIP file. | |||
| CVE-2012-4974 | medium | — | 6.5 | 14y ago | Layton Helpbox 4.4.0 allows remote authenticated users to change the login context and gain privileges via a modified (1) loggedinenduser, (2) loggedinendusername, (3) loggedinuserusergroup, (4) logg… | |||
| CVE-2012-5479 | medium | — | 6.5 | 14y ago | The Portfolio plugin in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to upload and execute files via a modified Portfolio API callback. | |||
| CVE-2012-5471 | medium | — | 6.5 | 14y ago | Moodle Allows Unauthenticated Dropbox Access | |||
| CVE-2012-5910 | medium | — | 6.5 | 14y ago | SQL injection vulnerability in blogs/htsrv/viewfile.php in b2evolution 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via the root parameter. | |||
| CVE-2012-5454 | medium | — | 6.5 | 14y ago | user/index_inline_editor_submit.php in ATutor AContent 1.2-1 does not properly restrict access, which allows remote authenticated users to modify arbitrary user passwords via a crafted request. NOTE… | |||
| CVE-2012-1751 | medium | — | 6.5 | 14y ago | Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect confidentiality, integrity, and availabili… | |||
| CVE-2012-4465 | medium | — | 6.5 | 14y ago | Heap-based buffer overflow in the substr function in parsing.c in cgit 0.9.0.3 and earlier allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code v… | |||
| CVE-2012-5328 | medium | — | 6.5 | 14y ago | Multiple SQL injection vulnerabilities in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress might allow remote authenticated users to execute arbitrary SQL commands via … | |||
| CVE-2012-5327 | medium | — | 6.5 | 14y ago | Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress allow remote authenticated users to execute arbitrar… | |||
| CVE-2012-3489 | medium | 6.5 | 6.5 | 14y ago | The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users… | |||
| CVE-2012-4064 | medium | — | 6.5 | 14y ago | Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to gain privileges by sending a message to (1) Cloud Con… | |||
| CVE-2012-5162 | medium | — | 6.5 | 14y ago | Multiple SQL injection vulnerabilities in oc-admin/ajax/ajax.php in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) edit_category_post or (… | |||
| CVE-2012-4994 | medium | — | 6.5 | 14y ago | SQL injection vulnerability in admin/admin.php in LimeSurvey before 1.91+ Build 120224 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a browse action. NO… | |||
| CVE-2012-0747 | medium | — | 6.5 | 14y ago | SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, an… | |||
| CVE-2012-0728 | medium | — | 6.5 | 14y ago | SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, an… | |||
| CVE-2012-0727 | medium | — | 6.5 | 14y ago | SQL injection vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and… | |||
| CVE-2012-3132 | medium | — | 6.5 | 14y ago | SQL injection vulnerability in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to execute arbitrary SQL commands via vectors in… | |||
| CVE-2012-3395 | medium | — | 6.5 | 14y ago | SQL injection vulnerability in mod/feedback/complete.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to execute arbitrary SQL commands … | |||
| CVE-2012-2363 | medium | — | 6.5 | 14y ago | SQL injection vulnerability in calendar/event.php in the calendar implementation in Moodle 1.9.x before 1.9.18 allows remote authenticated users to execute arbitrary SQL commands via a crafted calend… | |||
| CVE-2012-2359 | medium | — | 6.5 | 14y ago | admin/roles/override.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to gain privileges by leveraging the teacher role and modifying the… | |||
| CVE-2012-0866 | medium | — | 6.5 | 14y ago | CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY … | |||
| CVE-2012-1571 | medium | 6.5 | 6.5 | 14y ago | file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid po… | |||
| CVE-2012-0795 | medium | — | 6.5 | 14y ago | Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 does not validate e-mail address settings, which allows remote authenticated users to have an unspecified im… | |||
| CVE-2012-2282 | medium | — | 6.5 | 14y ago | EMC Celerra Network Server 6.x before 6.0.61.0, VNX 7.x before 7.0.53.2, and VNXe 2.0 and 2.1 before 2.1.3.19077 (aka MR1 SP3.2) and 2.2 before 2.2.0.19078 (aka MR2 SP0.2) do not properly implement N… | |||
| CVE-2012-1037 | medium | — | 6.5 | 14y ago | PHP remote file inclusion vulnerability in front/popup.php in GLPI 0.78 through 0.80.61 allows remote authenticated users to execute arbitrary PHP code via a URL in the sub_type parameter. | |||
| CVE-2012-2670 | medium | — | 6.5 | 14y ago | manageuser.php in Collabtive before 0.7.6 allows remote authenticated users, and possibly unauthenticated attackers, to bypass intended access restrictions and upload and execute arbitrary files by u… | |||
| CVE-2012-0037 | medium | 6.5 | 6.5 | 14y ago | Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read… | |||
| CVE-2012-1828 | medium | — | 6.5 | 14y ago | The administrative functions in AutoFORM PDM Archive before 7.1 do not have authorization requirements, which allows remote authenticated users to perform administrative actions by leveraging knowled… | |||
| CVE-2012-1827 | medium | — | 6.5 | 14y ago | The web service in AutoFORM PDM Archive before 7.1 does not have authorization requirements, which allows remote authenticated users to perform database operations via a SOAP request, as demonstrated… | |||
| CVE-2012-2603 | medium | — | 6.5 | 14y ago | The server in CollabNet ScrumWorks Pro before 6.0 allows remote authenticated users to gain privileges and obtain sensitive information via a modified desktop client. | |||
| CVE-2012-1798 | medium | 6.5 | 6.5 | 14y ago | The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF … | |||
| CVE-2012-0260 | medium | 6.5 | 6.5 | 14y ago | The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of re… | |||
| CVE-2012-0259 | medium | 6.5 | 6.5 | 14y ago | The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolu… | |||
| CVE-2012-2435 | medium | — | 6.5 | 14y ago | Directory traversal vulnerability in the captcha module in Pligg CMS before 1.2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the captcha para… | |||
| CVE-2012-0564 | medium | — | 6.5 | 14y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50 and 8.51 allows remote authenticated users to affect confidentiality, integrity, and av… | |||
| CVE-2012-0337 | medium | — | 6.5 | 14y ago | SQL injection vulnerability in the web component in Cisco Unified MeetingPlace 7.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtx08939. | |||
| CVE-2012-2416 | medium | — | 6.5 | 14y ago | chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.11.1 and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4, when the trustrpid option is enabled, all… | |||
| CVE-2012-2415 | medium | — | 6.5 | 14y ago | Heap-based buffer overflow in chan_skinny.c in the Skinny channel driver in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 allows remote authenticated use… | |||
| CVE-2012-2414 | medium | — | 6.5 | 14y ago | main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4 does not prop… | |||
| CVE-2012-2111 | medium | — | 6.5 | 14y ago | The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not p… | |||
| CVE-2012-2230 | medium | — | 6.5 | 14y ago | Cloudera Manager 3.7.x before 3.7.5 and Service and Configuration Manager 3.5, when Kerberos is not enabled, does not properly install taskcontroller.cfg, which allows remote authenticated users to i… | |||
| CVE-2012-1574 | medium | — | 6.5 | 14y ago | Apache Hadoop allows impersonation of arbitrary cluster user accounts | |||
| CVE-2012-0401 | medium | — | 6.5 | 14y ago | Multiple SQL injection vulnerabilities in EMC RSA enVision 4.x before 4.1 Patch 4 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2012-0319 | medium | — | 6.5 | 14y ago | The file-management system in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote authenticated users to execute arbitrary commands by leveraging the file-upload feature, r… | |||
| CVE-2012-1234 | medium | — | 6.5 | 15y ago | SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. NOTE: this vulnerability exists because of an… | |||
| CVE-2012-1079 | medium | — | 6.5 | 15y ago | Unspecified vulnerability in the Webservices for TYPO3 (typo3_webservice) extension before 0.3.8 for TYPO3 allows remote authenticated users to execute arbitrary code via unknown vectors. | |||
| CVE-2012-0814 | medium | 6.5 | 6.5 | 15y ago | The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain p… | |||
| CVE-2012-0806 | medium | — | 6.5 | 15y ago | Buffer overflow in Bip 0.8.8 and earlier might allow remote authenticated users to execute arbitrary code via vectors involving a series of TCP connections that triggers use of many open file descrip… | |||
| CVE-2012-4520 | medium | — | 6.4 | 4y ago | The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host… | |||
| CVE-2012-5486 | medium | — | 6.4 | 8y ago | ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character. | |||
| CVE-2012-2660 | medium | — | 6.4 | 9y ago | Action Pack contains database-query restrictions bypass | |||
| CVE-2012-5032 | medium | — | 6.4 | 12y ago | The Flex-VPN load-balancing feature in the ipsec-ikev2 implementation in Cisco IOS before 15.1(1)SY3 does not require authentication, which allows remote attackers to trigger the forwarding of VPN tr… | |||
| CVE-2012-6619 | medium | — | 6.4 | 12y ago | The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON obj… | |||
| CVE-2012-6634 | medium | — | 6.4 | 13y ago | wp-admin/media-upload.php in WordPress before 3.3.3 allows remote attackers to obtain sensitive information or bypass intended media-attachment restrictions via a post_id value. | |||
| CVE-2012-5575 | medium | — | 6.4 | 13y ago | Inadequate Encryption Strength in Apache CXF | |||
| CVE-2012-6579 | medium | — | 6.4 | 13y ago | Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to configure encryption or signing for certain outbound e-mail, and possibly cau… | |||
| CVE-2012-6531 | medium | — | 6.4 | 14y ago | Zend Framework XEE Vulnerability | |||
| CVE-2012-6102 | medium | — | 6.4 | 14y ago | lib.php in the Submission comments plugin in the Assignment module in Moodle 2.3.x before 2.3.4 and 2.4.x before 2.4.1 allows remote attackers to read or modify the submission comments (aka feedback … | |||
| CVE-2012-3190 | medium | — | 6.4 | 14y ago | Unspecified vulnerability in the Oracle Universal Work Queue component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and i… | |||
| CVE-2012-6080 | medium | — | 6.4 | 14y ago | Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary fi… | |||
| CVE-2012-6431 | medium | — | 6.4 | 14y ago | Symfony Allows URI Restrictions Bypass Via Double-Encoded String | |||
| CVE-2012-0430 | medium | — | 6.4 | 14y ago | Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks vi… | |||
| CVE-2012-5954 | medium | — | 6.4 | 14y ago | Unspecified vulnerability in IBM Tivoli Storage Manager for Space Management (aka TSM HSM) before 6.2.5.0 and 6.3.x before 6.3.1.0 allows remote attackers to read or modify HSM-managed file system ob… | |||
| CVE-2012-5480 | medium | — | 6.4 | 14y ago | The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote attackers to bypass intended restrictions on reading other participants' entries vi… | |||
| CVE-2012-4566 | medium | — | 6.4 | 14y ago | The DTLS support in radsecproxy before 1.6.2 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the ce… | |||
| CVE-2012-4523 | medium | — | 6.4 | 14y ago | radsecproxy before 1.6.1 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, whi… | |||
| CVE-2012-2455 | medium | — | 6.4 | 14y ago | Advanced Productivity Software DTE Axiom before 12.3.3 does not validate the registration ID, which allows remote attackers to bypass authentication and read or modify data about users, customers, an… | |||
| CVE-2012-4022 | medium | — | 6.4 | 14y ago | Pebble before 2.6.4 allows remote attackers to trigger loss of blog-entry viewability via a crafted comment. | |||
| CVE-2012-4196 | medium | — | 6.4 | 14y ago | Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same O… | |||
| CVE-2012-3196 | medium | — | 6.4 | 14y ago | Unspecified vulnerability in the Oracle Human Resources component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and availa… | |||
| CVE-2012-3147 | medium | — | 6.4 | 14y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote attackers to affect integrity and availability, related to MySQL Client. | |||
| CVE-2012-5074 | medium | — | 6.4 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality and integrity, related to JAX-WS. | |||
| CVE-2012-5071 | medium | — | 6.4 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to a… | |||
| CVE-2012-4416 | medium | — | 6.4 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality and … | |||
| CVE-2012-5351 | medium | — | 6.4 | 14y ago | Improper Authentication in Apache Axis2 | |||
| CVE-2012-3492 | medium | — | 6.4 | 14y ago | The filesystem authentication (condor_io/condor_auth_fs.cpp) in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 uses authentication directories even when they have weak permissions, which allows re… | |||
| CVE-2012-3305 | medium | — | 6.4 | 14y ago | Directory traversal vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to overwrite a… | |||
| CVE-2012-3732 | medium | — | 6.4 | 14y ago | Mail in Apple iOS before 6 uses an S/MIME message's From address as the displayed sender address, which allows remote attackers to spoof signed content via an e-mail message in which the From field d… | |||
| CVE-2012-2062 | medium | — | 6.4 | 14y ago | Open redirect vulnerability in the Redirecting click bouncer module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||
| CVE-2012-1635 | medium | — | 6.4 | 14y ago | The hook_node_access function in the revisioning module 7.x-1.x before 7.x-1.3 for Drupal checks the permissions of the current user even when it is called to check permissions of other users, which … | |||
| CVE-2012-4670 | medium | — | 6.4 | 14y ago | Tigase XMPP Server before 5.1.0 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Author… | |||
| CVE-2012-2135 | medium | — | 6.4 | 14y ago | The utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling the unicode_decode_call_errorhandler function, which allows remote attackers to obtain sensitive in… | |||
| CVE-2012-2330 | medium | — | 6.4 | 14y ago | The Update method in src/node_http_parser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive informatio… | |||
| CVE-2012-3473 | medium | — | 6.4 | 14y ago | The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and organiz… | |||
| CVE-2012-3472 | medium | — | 6.4 | 14y ago | The email API in application/libraries/api/MY_Email_Api_Object.php in the Ushahidi Platform before 2.5 does not require authentication, which allows remote attackers to list, delete, or organize mess… | |||
| CVE-2012-2969 | medium | — | 6.4 | 14y ago | Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to bypass intended restrictions on filename extensions for created files via a %00 sequence in a pathname within an HTTP… | |||
| CVE-2012-1950 | medium | — | 6.4 | 14y ago | The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 allows remote attackers to spoof the address bar by canceling a page load. | |||
| CVE-2012-2279 | medium | — | 6.4 | 14y ago | Open redirect vulnerability in the Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allows remote attackers to redirect users to arbi… | |||
| CVE-2012-2845 | medium | — | 6.4 | 14y ago | Integer overflow in the jpeg_data_load_data function in jpeg-data.c in libjpeg in exif 0.6.20 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain p… |