CVEs from 2012
Total
5,199
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.7%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-1211 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in pfile/kommentar.php in Powie pFile 1.02 allows remote attackers to inject arbitrary web script or HTML via the filecat parameter. | |||
| CVE-2012-1208 | medium | — | 5.3 | 15y ago | Multiple cross-site scripting (XSS) vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allow remote attackers to inject arbitrary web script or… | |||
| CVE-2012-0873 | medium | — | 5.3 | 15y ago | Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin before 7.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) explain parameter to explanation.php or th… | |||
| CVE-2012-1224 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in system/classes/login.php in ContentLion Alpha 1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||
| CVE-2012-1217 | medium | — | 5.3 | 15y ago | Multiple cross-site scripting (XSS) vulnerabilities in STHS v2 Web Portal 2.2 allow remote attackers to inject arbitrary web script or HTML via the team parameter to (1) prospects.php, (2) prospect.p… | |||
| CVE-2012-1069 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in module/kb/search_word in the search module in lknSupport allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||
| CVE-2012-1065 | medium | — | 5.3 | 15y ago | Insecure method vulnerability in TuxScripting.dll in the TuxSystem ActiveX control in 2X ApplicationServer 10.1 Build 1224 allows remote attackers to create or overwrite arbitrary files via the Expor… | |||
| CVE-2012-1059 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Cart/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or … | |||
| CVE-2012-1049 | medium | — | 5.3 | 15y ago | Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ADManager Plus 5.2 Build 5210 allow remote attackers to inject arbitrary web script or HTML via the (1) domainName parameter to jsp… | |||
| CVE-2012-1048 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in communityplusplus/www/administrator.php in eFront Community++ edition 3.6.10, and possibly other editions, allows remote attackers to inject arbitrary web … | |||
| CVE-2012-0834 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a query_engi… | |||
| CVE-2012-1028 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in bin/index.php in SimpleGroupware 0.742 and other versions before 0.743 allows remote attackers to inject arbitrary web script or HTML via the export parame… | |||
| CVE-2012-1027 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in account-closed.tcl in ]project-open[ (aka ]po[) 3.4.x, 3.5.0.1-2, and possibly other versions allows remote attackers to inject arbitrary web script or HTM… | |||
| CVE-2012-1021 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in admin/categories.php in 4images 1.7.10 allows remote attackers to inject arbitrary web script or HTML via the cat_parent_id parameter in an addcat action. | |||
| CVE-2012-1018 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in includes/convert.php in D-Mack Media Currency Converter (mod_currencyconverter) module 1.0.0 for Joomla! allows remote attackers to inject arbitrary web sc… | |||
| CVE-2012-1005 | medium | — | 5.3 | 15y ago | Multiple cross-site scripting (XSS) vulnerabilities in Sphinx Software Mobile Web Server 3.1.2.47 allow remote attackers to inject arbitrary web script or HTML via the comment parameter to a blog, as… | |||
| CVE-2012-1007 | medium | — | 5.3 | 15y ago | Withdrawn Advisory: Apache Struts XSS | |||
| CVE-2012-1006 | medium | — | 5.3 | 15y ago | Apache Struts Multiple Cross-site Scripting Vulnerabilities | |||
| CVE-2012-0782 | medium | — | 5.3 | 15y ago | Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or … | |||
| CVE-2012-0932 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in admin/login.php in Lead Capture Page System allows remote attackers to inject arbitrary web script or HTML via the message parameter. | |||
| CVE-2012-0053 | medium | — | 5.3 | 15y ago | protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to … | |||
| CVE-2012-0389 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in MailEnable Professional, Enterprise, and Premium 4.26 and earlier, 5.x before 5.53, and 6.x before 6.03 allows remote attackers t… | |||
| CVE-2012-0285 | medium | — | 5.3 | 15y ago | Multiple cross-site scripting (XSS) vulnerabilities in Stoneware webNetwork before 6.0.8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-0904 | medium | — | 5.3 | 15y ago | VLC media player 1.1.11 allows remote attackers to cause a denial of service (crash) via a long string in an amr file. | |||
| CVE-2012-0901 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter. | |||
| CVE-2012-0900 | medium | — | 5.3 | 15y ago | Multiple cross-site scripting (XSS) vulnerabilities in Beehive Forum 1.0.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) forum/register.php or (2) forum/logon… | |||
| CVE-2012-0899 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in referencement/sites_inscription.php in Annuaire PHP allows remote attackers to inject arbitrary web script or HTML via the url parameter and possibly the n… | |||
| CVE-2012-0895 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in map/map.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map parameter. | |||
| CVE-2012-0007 | medium | — | 5.3 | 15y ago | The Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3.x and 4.0 does not properly evaluate characters after the detection of a Cascading Style Sheets (CSS) escaped character, which allows remot… | |||
| CVE-2012-2119 | medium | — | 5.2 | 14y ago | Buffer overflow in the macvtap device driver in the Linux kernel before 3.4.5, when running in certain configurations, allows privileged KVM guest users to cause a denial of service (crash) via a lon… | |||
| CVE-2012-1179 | medium | — | 5.2 | 14y ago | The Linux kernel before 3.3.1, when KVM is used, allows guest OS users to cause a denial of service (host OS crash) by leveraging administrative access to the guest OS, related to the pmd_none_or_cle… | |||
| CVE-2012-0878 | medium | — | 5.1 | 4y ago | Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leverag… | |||
| CVE-2012-4424 | medium | — | 5.1 | 13y ago | Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execut… | |||
| CVE-2012-4086 | medium | — | 5.1 | 13y ago | A setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows remote attackers to execute arbitrary commands via invalid parameters, aka Bug ID CSCtg20790. | |||
| CVE-2012-4087 | medium | — | 5.1 | 13y ago | A cluster setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows remote attackers to execute arbitrary commands via invalid parameters, aka Bug ID CSCtg20793. | |||
| CVE-2012-4545 | medium | — | 5.1 | 14y ago | The http_negotiate_create_context function in protocol/http/http_negotiate.c in ELinks 0.12 before 0.12pre6, when using HTTP Negotiate or GSS-Negotiate authentication, delegates user credentials thro… | |||
| CVE-2012-4472 | medium | — | 5.1 | 14y ago | Unrestricted file upload vulnerability in upload.php in the Drag & Drop Gallery module 6.x-1.5 and earlier for Drupal allows remote attackers to execute arbitrary PHP code by uploading a file with an… | |||
| CVE-2012-4463 | medium | — | 5.1 | 14y ago | Midnight Commander (mc) 4.8.5 does not properly handle the (1) MC_EXT_SELECTED or (2) MC_EXT_ONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote attac… | |||
| CVE-2012-1177 | medium | — | 5.1 | 14y ago | libgdata before 0.10.2 and 0.11.x before 0.11.1 does not validate SSL certificates, which allows remote attackers to obtain user names and passwords via a man-in-the-middle (MITM) attack with a spoof… | |||
| CVE-2012-2077 | medium | — | 5.1 | 14y ago | Cross-site request forgery (CSRF) vulnerability in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to hijack the authentication of users with administer sharethis permi… | |||
| CVE-2012-3129 | medium | — | 5.1 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, integrity, and availability, related to Gnome PDF viewer. | |||
| CVE-2012-3799 | medium | — | 5.1 | 14y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Maestro module 7.x-1.x before 7.x-1.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests t… | |||
| CVE-2012-2719 | medium | — | 5.1 | 14y ago | The filedepot module 6.x-1.x before 6.x-1.3 for Drupal, when accessed using multiple different browsers from the same IP address, causes Internet Explorer sessions to "switch users" when uploading a … | |||
| CVE-2012-2942 | medium | — | 5.1 | 14y ago | Buffer overflow in the trash buffer in the header capture functionality in HAProxy before 1.4.21, when global.tune.bufsize is set to a value greater than the default and header rewriting is enabled, … | |||
| CVE-2012-1248 | medium | — | 5.1 | 14y ago | app/config/core.php in baserCMS 1.6.15 and earlier does not properly handle installations in shared-hosting environments, which allows remote attackers to hijack sessions by leveraging administrative… | |||
| CVE-2012-0453 | medium | — | 5.1 | 15y ago | Cross-site request forgery (CSRF) vulnerability in xmlrpc.cgi in Bugzilla 4.0.2 through 4.0.4 and 4.1.1 through 4.2rc2, when mod_perl is used, allows remote attackers to hijack the authentication of … | |||
| CVE-2012-0440 | medium | — | 5.1 | 15y ago | Cross-site request forgery (CSRF) vulnerability in jsonrpc.cgi in Bugzilla 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 allows remote attackers to hij… | |||
| CVE-2012-0807 | medium | — | 5.1 | 15y ago | Stack-based buffer overflow in the suhosin_encrypt_single_cookie function in the transparent cookie-encryption feature in the Suhosin extension before 0.9.33 for PHP, when suhosin.cookie.encrypt and … | |||
| CVE-2012-0268 | medium | — | 5.1 | 15y ago | Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafte… | |||
| CVE-2012-3443 | medium | — | 5.0 | 4y ago | The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a… | |||
| CVE-2012-3444 | medium | — | 5.0 | 4y ago | The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows re… | |||
| CVE-2012-5492 | medium | — | 5.0 | 4y ago | uid_catalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to obtain metadata about hidden objects via a crafted URL. | |||
| CVE-2012-5506 | medium | — | 5.0 | 4y ago | python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (infinite loop) via an RSS feed request for a folder the user does not have permissi… | |||
| CVE-2012-5497 | medium | — | 5.0 | 4y ago | membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL. | |||
| CVE-2012-1176 | medium | — | 5.0 | 4y ago | Buffer overflow in the fribidi_utf8_to_unicode function in PyFriBidi before 0.11.0 allows remote attackers to cause a denial of service (application crash) via a 4-byte utf-8 sequence. | |||
| CVE-2012-6661 | medium | — | 5.0 | 8y ago | Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via … | |||
| CVE-2012-2150 | medium | — | 5.0 | 11y ago | xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image. | |||
| CVE-2012-2808 | medium | — | 5.0 | 11y ago | The PRNG implementation in the DNS resolver in Bionic in Android before 4.1.1 incorrectly uses time and PID information during the generation of random numbers for query ID values and UDP source port… | |||
| CVE-2012-6687 | medium | — | 5.0 | 11y ago | FastCGI (aka fcgi and libfcgi) 2.4.0 allows remote attackers to cause a denial of service (segmentation fault and crash) via a large number of connections. | |||
| CVE-2012-6656 | medium | — | 5.0 | 12y ago | iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the ico… | |||
| CVE-2012-5508 | medium | — | 5.0 | 12y ago | The error pages in Plone before 4.2.3 and 4.3 before beta 1 allow remote attackers to obtain random numbers and derive the PRNG state for password resets via unspecified vectors. NOTE: this identifi… | |||
| CVE-2012-5696 | medium | — | 5.0 | 12y ago | Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 does not properly restrict access to frameworkgui/config, which allows remote attackers to obtain the plaintext database password via a d… | |||
| CVE-2012-5505 | medium | — | 5.0 | 12y ago | atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name. | |||
| CVE-2012-5503 | medium | — | 5.0 | 12y ago | ftp.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read hidden folder contents via unspecified vectors. | |||
| CVE-2012-5501 | medium | — | 5.0 | 12y ago | at_download.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary BLOBs (Files and Images) stored on custom content types via a crafted URL. | |||
| CVE-2012-5499 | medium | — | 5.0 | 12y ago | python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (memory consumption) via a large value, related to formatColumns. | |||
| CVE-2012-5498 | medium | — | 5.0 | 12y ago | queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to bypass caching and cause a denial of service via a crafted request to a collection. | |||
| CVE-2012-5496 | medium | — | 5.0 | 12y ago | kupu_spellcheck.py in Kupu in Plone before 4.0 allows remote attackers to cause a denial of service (ZServer thread lock) via a crafted URL. | |||
| CVE-2012-5495 | medium | — | 5.0 | 12y ago | python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to "go_back." | |||
| CVE-2012-5488 | medium | — | 5.0 | 12y ago | python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject. | |||
| CVE-2012-5621 | medium | — | 5.0 | 12y ago | lib/engine/components/opal/opal-call.cpp in ekiga before 4.0.0 allows remote attackers to cause a denial of service (crash) via an OPAL connection with a party name that contains invalid UTF-8 string… | |||
| CVE-2012-6651 | medium | — | 5.0 | 12y ago | Multiple directory traversal vulnerabilities in the Vitamin plugin before 1.1.0 for WordPress allow remote attackers to access arbitrary files via a .. (dot dot) in the path parameter to (1) add_head… | |||
| CVE-2012-2682 | medium | — | 5.0 | 12y ago | Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, allows attackers with certain database privileges to cause a denial of service (inaccessible page) via a non-ASCII character… | |||
| CVE-2012-3521 | medium | — | 5.0 | 12y ago | GeSHi vulnerable to Directory Traversal | |||
| CVE-2012-5572 | medium | — | 5.0 | 12y ago | CRLF injection vulnerability in the cookie method (lib/Dancer/Cookie.pm) in Dancer before 1.3114 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks v… | |||
| CVE-2012-6452 | medium | — | 5.0 | 12y ago | Axway Secure Messenger before 6.5 Updated Release 7, as used in Axway Email Firewall, provides different responses to authentication requests depending on whether the user exists, which allows remote… | |||
| CVE-2012-3946 | medium | — | 5.0 | 12y ago | Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops… | |||
| CVE-2012-4658 | medium | — | 5.0 | 12y ago | The ios-authproxy implementation in Cisco IOS before 15.1(1)SY3 allows remote attackers to cause a denial of service (webauth and HTTP service outage) via vectors that trigger incorrectly terminated … | |||
| CVE-2012-0360 | medium | — | 5.0 | 12y ago | Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376. | |||
| CVE-2012-0033 | medium | — | 5.0 | 12y ago | The CBounceDCCMod::OnPrivCTCP function in bouncedcc.cpp in the bouncedcc module in ZNC 0.200 and 0.202 allows remote attackers to cause a denial of service (crash) via a crafted DCC RESUME request. | |||
| CVE-2012-4920 | medium | — | 5.0 | 12y ago | Directory traversal vulnerability in the zing_forum_output function in forum.php in the Zingiri Forum (aka Forums) plugin before 1.4.4 for WordPress allows remote attackers to read arbitrary files vi… | |||
| CVE-2012-5641 | medium | — | 5.0 | 12y ago | Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0, as used in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1, allows … | |||
| CVE-2012-1171 | medium | — | 5.0 | 13y ago | The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use o… | |||
| CVE-2012-3405 | medium | — | 5.0 | 13y ago | The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to … | |||
| CVE-2012-3404 | medium | — | 5.0 | 13y ago | The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to … | |||
| CVE-2012-2328 | medium | — | 5.0 | 13y ago | internal/cimxml/sax/NodeFactory.java in Standards-Based Linux Instrumentation for Manageability (SBLIM) Common Information Model (CIM) Client (aka sblim-cim-client2) before 2.1.12 computes hash value… | |||
| CVE-2012-6152 | medium | — | 5.0 | 13y ago | The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service (application crash) via crafted byte … | |||
| CVE-2012-2250 | medium | — | 5.0 | 13y ago | Tor before 0.2.3.24-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) by performing link protocol negotiation incorrectly. | |||
| CVE-2012-2249 | medium | — | 5.0 | 13y ago | Tor before 0.2.3.23-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a renegotiation attempt that occurs after the initiation of the V3 link protocol. | |||
| CVE-2012-2997 | medium | — | 5.0 | 13y ago | XML External Entity (XXE) vulnerability in sam/admin/vpe2/public/php/server.php in F5 BIG-IP 10.0.0 through 10.2.4 and 11.0.0 through 11.2.1 allows remote authenticated users to read arbitrary files … | |||
| CVE-2012-2898 | medium | — | 5.0 | 13y ago | Google Chrome before 21.0.1180.82 on iOS on iPad devices allows remote attackers to spoof the Omnibox URL via vectors involving SSL error messages, a related issue to CVE-2012-0674. | |||
| CVE-2012-6616 | medium | — | 5.0 | 13y ago | The mov_text_decode_frame function in libavcodec/movtextdec.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via crafted 3GPP TS 26.245 dat… | |||
| CVE-2012-4503 | medium | — | 5.0 | 13y ago | cmdmon.c in Chrony before 1.29 allows remote attackers to obtain potentially sensitive information from stack memory via vectors related to (1) an invalid subnet in a RPY_SUBNETS_ACCESSED command to … | |||
| CVE-2012-4502 | medium | — | 5.0 | 13y ago | Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote attackers to cause a denial of service (crash) via a crafted (1) REQ_SUBNETS_ACCESSED or (2) REQ_CLIENT_ACCESSES command r… | |||
| CVE-2012-4098 | medium | — | 5.0 | 13y ago | The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka … | |||
| CVE-2012-4091 | medium | — | 5.0 | 13y ago | The RIP service engine in Cisco NX-OS allows remote attackers to cause a denial of service (engine restart) via a malformed (1) RIPv4 or (2) RIPv6 message, aka Bug ID CSCtj73415. | |||
| CVE-2012-5627 | medium | — | 5.0 | 13y ago | Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection wh… | |||
| CVE-2012-4079 | medium | — | 5.0 | 13y ago | The XML API service in the Fabric Interconnect component in Cisco Unified Computing System (UCS) allows remote attackers to cause a denial of service (API service outage) via a malformed XML document… | |||
| CVE-2012-4085 | medium | — | 5.0 | 13y ago | The Intelligent Platform Management Interface (IPMI) implementation in the Blade Management Controller in Cisco Unified Computing System (UCS) allows remote attackers to enumerate valid usernames by … | |||
| CVE-2012-6596 | medium | — | 5.0 | 13y ago | Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.3 stores cleartext LDAP bind passwords in authd.log, which allows context-dependent attackers to obtain sensitive information by read… |