CVEs from 2012
Total
5,199
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.7%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-3913 | medium | — | 5.0 | 13y ago | The Cisco VC220 and VC240 cameras allow remote attackers to cause a denial of service (WebUI outage) via crafted packets, aka Bug IDs CSCtf73188, CSCtf88059, CSCtf87951, CSCtf87908, and CSCtf88019. | |||
| CVE-2012-5217 | medium | — | 5.0 | 13y ago | HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability tha… | |||
| CVE-2012-5936 | medium | — | 5.0 | 13y ago | IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 do not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capt… | |||
| CVE-2012-3544 | medium | — | 5.0 | 13y ago | Apache Tomcat Vulnerable to Denial of Service (DoS) via Improper Handling of chunk extensions | |||
| CVE-2012-5657 | medium | — | 5.0 | 13y ago | Zend Framework XXE Vulnerability | |||
| CVE-2012-5222 | medium | — | 5.0 | 13y ago | HP Service Manager Web Tier 9.31 before 9.31.2004 p2 allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2012-4952 | medium | — | 5.0 | 13y ago | Henry Schein Dentrix G5 before 15.1.294 has a single internal-database password that is shared across different customers' installations, which allows remote attackers to obtain sensitive information… | |||
| CVE-2012-5221 | medium | — | 5.0 | 13y ago | Directory traversal vulnerability in the PostScript Interpreter, as used on the HP LaserJet 4xxx, 5200, 90xx, M30xx, M4345, M50xx, M90xx, P3005, and P4xxx; LaserJet Enterprise P3015; Color LaserJet 3… | |||
| CVE-2012-4466 | medium | — | 5.0 | 13y ago | Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the… | |||
| CVE-2012-4464 | medium | — | 5.0 | 13y ago | Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the (1) exc_to_s or (2) name_err_… | |||
| CVE-2012-6551 | medium | — | 5.0 | 13y ago | Apache ActiveMQ default configuration subject to denial of service | |||
| CVE-2012-6139 | medium | — | 5.0 | 13y ago | libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (… | |||
| CVE-2012-4460 | medium | — | 5.0 | 13y ago | The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via … | |||
| CVE-2012-4459 | medium | — | 5.0 | 13y ago | Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which trigge… | |||
| CVE-2012-4458 | medium | — | 5.0 | 13y ago | The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the clien… | |||
| CVE-2012-4066 | medium | — | 5.0 | 13y ago | The internal message protocol for Walrus in Eucalyptus 3.2.0 and earlier does not require signatures for unspecified request headers, which allows attackers to (1) delete or (2) upload snapshots. | |||
| CVE-2012-3411 | medium | — | 5.0 | 13y ago | Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplificat… | |||
| CVE-2012-4840 | medium | — | 5.0 | 13y ago | IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote attackers to conduct XPath injection attacks, and call XPath extension fu… | |||
| CVE-2012-1016 | medium | — | 5.0 | 13y ago | The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 attempts t… | |||
| CVE-2012-6128 | medium | — | 5.0 | 13y ago | Multiple stack-based buffer overflows in http.c in OpenConnect before 4.08 allow remote VPN gateways to cause a denial of service (application crash) via a long (1) hostname, (2) path, or (3) cookie … | |||
| CVE-2012-5952 | medium | — | 5.0 | 14y ago | IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, and 8.0 before 8.0.0.2 does not validate Basic Authentication credentials before proceeding to WS-Addressing and WS-Security oper… | |||
| CVE-2012-5375 | medium | — | 5.0 | 14y ago | The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (prevention of file creation) by leveraging the ability to write to a… | |||
| CVE-2012-5198 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in HP ArcSight Connector Appliance before 6.3 and ArcSight Logger 5.2 and earlier allows remote attackers to obtain sensitive information via unknown vectors. | |||
| CVE-2012-4712 | medium | — | 5.0 | 14y ago | Moxa EDR-G903 series routers with firmware before 2.11 have a hardcoded account, which allows remote attackers to obtain unspecified device access via unknown vectors. | |||
| CVE-2012-6532 | medium | — | 5.0 | 14y ago | Zend Framework XEE Vulnerability | |||
| CVE-2012-6352 | medium | — | 5.0 | 14y ago | The Session Manager in IBM Sterling Connect:Direct through 4.1.0.3 on UNIX allows remote attackers to cause a denial of service (daemon crash and disk consumption) via crafted data. | |||
| CVE-2012-6112 | medium | — | 5.0 | 14y ago | classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x be… | |||
| CVE-2012-6105 | medium | — | 5.0 | 14y ago | blog/rsslib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 continues to provide a blog RSS feed after blogging is disabled, which allows remote atta… | |||
| CVE-2012-6104 | medium | — | 5.0 | 14y ago | blog/rsslib.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allows remote attackers to obtain sensitive information from site-level blogs by leveraging the guest role and… | |||
| CVE-2012-4917 | medium | — | 5.0 | 14y ago | The TripAdvisor app 6.6 for iOS sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. | |||
| CVE-2012-6441 | medium | — | 5.0 | 14y ago | An information exposure of confidential information results when the device receives a specially crafted CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP. Successful expl… | |||
| CVE-2012-6515 | medium | — | 5.0 | 14y ago | eFront 3.6.10, 3.6.11 build 15059, and earlier allows remote attackers to obtain sensitive information via invalid courses_ID parameter in the lesson_info module to index.php, which reveals the insta… | |||
| CVE-2012-6512 | medium | — | 5.0 | 14y ago | The Organizer plugin 1.2.1 for WordPress allows remote attackers to obtain the installation path via unspecified vectors to (1) plugin_hook.php, (2) page/index.php, (3) page/dir.php (4) page/options.… | |||
| CVE-2012-3364 | medium | — | 5.0 | 14y ago | Multiple stack-based buffer overflows in the Near Field Communication Controller Interface (NCI) in the Linux kernel before 3.4.5 allow remote attackers to cause a denial of service (crash) and possi… | |||
| CVE-2012-6113 | medium | — | 5.0 | 14y ago | The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 through 5.3.13 does not initialize a certain variable, which allows remote attackers to obtain sensitive information from process me… | |||
| CVE-2012-2124 | medium | — | 5.0 | 14y ago | functions/imap_general.php in SquirrelMail, as used in Red Hat Enterprise Linux (RHEL) 4 and 5, does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial… | |||
| CVE-2012-5444 | medium | — | 5.0 | 14y ago | Cisco TelePresence Video Communication Server (VCS) X7.0.3 does not properly process certain search rules, which allows remote attackers to create conferences via an unspecified Conductor request, ak… | |||
| CVE-2012-3170 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to Siebel Core - Server Infrastru… | |||
| CVE-2012-3169 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to Siebel Core - Server Infrastru… | |||
| CVE-2012-1702 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors. | |||
| CVE-2012-1701 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Highly Interactive Web UI. | |||
| CVE-2012-5155 | medium | — | 5.0 | 14y ago | Google Chrome before 24.0.1312.52 on Mac OS X does not use an appropriate sandboxing approach for worker processes, which makes it easier for remote attackers to bypass intended access restrictions v… | |||
| CVE-2012-5152 | medium | — | 5.0 | 14y ago | Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving seek operations on video data. | |||
| CVE-2012-5146 | medium | — | 5.0 | 14y ago | Google Chrome before 24.0.1312.52 allows remote attackers to bypass the Same Origin Policy via a malformed URL. | |||
| CVE-2012-5976 | medium | — | 5.0 | 14y ago | Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Dig… | |||
| CVE-2012-5655 | medium | — | 5.0 | 14y ago | The Context module 6.x-3.x before 6.x-3.1 and 7.x-3.x before 7.x-3.0-beta6 for Drupal does not properly restrict access to block content, which allows remote attackers to obtain sensitive information… | |||
| CVE-2012-5652 | medium | — | 5.0 | 14y ago | Drupal 6.x before 6.27 allows remote attackers to obtain sensitive information about uploaded files via a (1) RSS feed or (2) search result. | |||
| CVE-2012-5651 | medium | — | 5.0 | 14y ago | Drupal 6.x before 6.27 and 7.x before 7.18 displays information for blocked users, which might allow remote attackers to obtain sensitive information by reading the search results. | |||
| CVE-2012-6471 | medium | — | 5.0 | 14y ago | Opera before 12.12 allows remote attackers to spoof the address field via a high rate of HTTP requests. | |||
| CVE-2012-6469 | medium | — | 5.0 | 14y ago | Opera before 12.11 allows remote attackers to determine the existence of arbitrary local files via vectors involving web script in an error page. | |||
| CVE-2012-6466 | medium | — | 5.0 | 14y ago | Opera before 12.10 does not properly handle incorrect size data in a WebP image, which allows remote attackers to obtain potentially sensitive information from process memory by using a crafted image… | |||
| CVE-2012-6462 | medium | — | 5.0 | 14y ago | Opera before 12.10 does not properly implement the Cross-Origin Resource Sharing (CORS) specification, which allows remote attackers to bypass intended page-content restrictions via a crafted request. | |||
| CVE-2012-6461 | medium | — | 5.0 | 14y ago | The X.509 certificate-validation functionality in the https implementation in Opera before 12.10 allows remote attackers to trigger a false indication of successful revocation-status checking by caus… | |||
| CVE-2012-6460 | medium | — | 5.0 | 14y ago | Opera before 11.67 and 12.x before 12.02 allows remote attackers to cause truncation of a dialog, and possibly trigger downloading and execution of arbitrary programs, via a crafted web site. | |||
| CVE-2012-6084 | medium | — | 5.0 | 14y ago | modules/m_capab.c in (1) ircd-ratbox before 3.0.8 and (2) Charybdis before 3.4.2 does not properly support capability negotiation during server handshakes, which allows remote attackers to cause a de… | |||
| CVE-2012-5573 | medium | — | 5.0 | 14y ago | The connection_edge_process_relay_cell function in or/relay.c in Tor before 0.2.3.25 maintains circuits even if an unexpected SENDME cell arrives, which might allow remote attackers to cause a denial… | |||
| CVE-2012-6314 | medium | — | 5.0 | 14y ago | Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, when making changes to the server-side policy that control USB redirection, does not propagate changes to the VDA, which allows aut… | |||
| CVE-2012-4616 | medium | — | 5.0 | 14y ago | Directory traversal vulnerability in the Web UI in EMC Data Protection Advisor (DPA) 5.6 through SP1, 5.7 through SP1, and 5.8 through SP4 allows remote attackers to read arbitrary files via unspecif… | |||
| CVE-2012-4444 | medium | — | 5.0 | 14y ago | The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux kernel before 2.6.36 allows remote attackers to bypass intended network restrictions via overlapping IPv6 fragments. | |||
| CVE-2012-0841 | medium | — | 5.0 | 14y ago | libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumptio… | |||
| CVE-2012-6497 | medium | — | 5.0 | 14y ago | The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe find_by_id method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL i… | |||
| CVE-2012-5765 | medium | — | 5.0 | 14y ago | The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a… | |||
| CVE-2012-5643 | medium | — | 5.0 | 14y ago | Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory… | |||
| CVE-2012-5978 | medium | — | 5.0 | 14y ago | Multiple directory traversal vulnerabilities in the (1) View Connection Server and (2) View Security Server in VMware View 4.x before 4.6.2 and 5.x before 5.1.2 allow remote attackers to read arbitra… | |||
| CVE-2012-5607 | medium | — | 5.0 | 14y ago | The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified vec… | |||
| CVE-2012-5574 | medium | — | 5.0 | 14y ago | lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote attackers to read arbitrary files via a crafted upload request. | |||
| CVE-2012-3277 | medium | — | 5.0 | 14y ago | HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha platform does not properly implement the LOGIN and ACME_SERVER ACMELOGIN programs, which allows remo… | |||
| CVE-2012-4977 | medium | — | 5.0 | 14y ago | Layton Helpbox 4.4.0 allows remote attackers to discover cleartext credentials for the login page by sniffing the network. | |||
| CVE-2012-4976 | medium | — | 5.0 | 14y ago | selectawasset.asp in Layton Helpbox 4.4.0 allows remote attackers to discover ODBC database credentials via an element=sys_asset_id request, which is not properly handled during construction of an er… | |||
| CVE-2012-3273 | medium | — | 5.0 | 14y ago | Multiple unspecified vulnerabilities on the HP LaserJet Pro 400 MFP M425 with firmware 20120625 and LaserJet 400 M401 with firmware 20120621 allow remote attackers to obtain sensitive information via… | |||
| CVE-2012-5055 | medium | — | 5.0 | 14y ago | Exposure of Sensitive Information to an Unauthorized Actor in Spring Security | |||
| CVE-2012-6062 | medium | — | 5.0 | 14y ago | The dissect_rtcp_app function in epan/dissectors/packet-rtcp.c in the RTCP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infi… | |||
| CVE-2012-6061 | medium | — | 5.0 | 14y ago | The dissect_wtp_common function in epan/dissectors/packet-wtp.c in the WTP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 uses an incorrect data type for a certain length field, wh… | |||
| CVE-2012-6060 | medium | — | 5.0 | 14y ago | Integer overflow in the dissect_iscsi_pdu function in epan/dissectors/packet-iscsi.c in the iSCSI dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a … | |||
| CVE-2012-6059 | medium | — | 5.0 | 14y ago | The dissect_isakmp function in epan/dissectors/packet-isakmp.c in the ISAKMP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 uses an incorrect data structure to determine IKEv2 decr… | |||
| CVE-2012-6058 | medium | — | 5.0 | 14y ago | Integer overflow in the dissect_icmpv6 function in epan/dissectors/packet-icmpv6.c in the ICMPv6 dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a d… | |||
| CVE-2012-6057 | medium | — | 5.0 | 14y ago | The dissect_eigrp_metric_comm function in epan/dissectors/packet-eigrp.c in the EIGRP dissector in Wireshark 1.8.x before 1.8.4 uses the wrong data type for a certain offset value, which allows remot… | |||
| CVE-2012-6056 | medium | — | 5.0 | 14y ago | Integer overflow in the dissect_sack_chunk function in epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infini… | |||
| CVE-2012-6055 | medium | — | 5.0 | 14y ago | epan/dissectors/packet-3g-a11.c in the 3GPP2 A11 dissector in Wireshark 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a zero value in a sub-type length f… | |||
| CVE-2012-6054 | medium | — | 5.0 | 14y ago | The dissect_sflow_245_address_type function in epan/dissectors/packet-sflow.c in the sFlow dissector in Wireshark 1.8.x before 1.8.4 does not properly handle length calculations for an invalid IP add… | |||
| CVE-2012-6053 | medium | — | 5.0 | 14y ago | epan/dissectors/packet-usb.c in the USB dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 relies on a length field to calculate an offset value, which allows remote attackers to cause… | |||
| CVE-2012-6052 | medium | — | 5.0 | 14y ago | Wireshark 1.8.x before 1.8.4 allows remote attackers to obtain sensitive hostname information by reading pcap-ng files. | |||
| CVE-2012-5859 | medium | — | 5.0 | 14y ago | Samsung Kies Air 2.1.207051 and 2.1.210161 allows remote attackers to cause a denial of service (crash) via a crafted request to www/apps/KiesAir/jws/ssd.php. | |||
| CVE-2012-5554 | medium | — | 5.0 | 14y ago | The default configuration for the Webform CiviCRM Integration module 7.x-3.x before 7.x-3.2 has "Enforce Permissions" disabled, which allows remote attackers to obtain contact information by reading … | |||
| CVE-2012-5552 | medium | — | 5.0 | 14y ago | The Password policy module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to obtain password hashes by sniffing the network, related to "client-side password his… | |||
| CVE-2012-1599 | medium | — | 5.0 | 14y ago | Joomla! 1.5.x before 1.5.26 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end information" via unknown vectors. NOTE: this might be a duplicate… | |||
| CVE-2012-5614 | medium | — | 5.0 | 14y ago | Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT com… | |||
| CVE-2012-4561 | medium | — | 5.0 | 14y ago | The (1) publickey_make_dss, (2) publickey_make_rsa, (3) signature_from_string, (4) ssh_do_sign, and (5) ssh_sign_session_id functions in keys.c in libssh before 0.5.3 free "an invalid pointer on an e… | |||
| CVE-2012-4477 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to bypass access restrictions via unknown attack vectors. | |||
| CVE-2012-4475 | medium | — | 5.0 | 14y ago | The Security Questions module for Drupal 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.1 does not properly restrict access, which allows remote attackers to edit an arbitrary user's questions and a… | |||
| CVE-2012-4471 | medium | — | 5.0 | 14y ago | The Search Autocomplete module 7.x-2.x before 7.x-2.4 for Drupal does not properly restrict access to the module admin page, which allows remote attackers to disable an autocompletion or change the p… | |||
| CVE-2012-5568 | medium | — | 5.0 | 14y ago | Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris. | |||
| CVE-2012-4834 | medium | — | 5.0 | 14y ago | Directory traversal vulnerability in LayerLoader.jsp in the theme component in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF19 and 8.0 before CF03 allows remote attackers to read arbitrary files… | |||
| CVE-2012-4557 | medium | — | 5.0 | 14y ago | The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to ca… | |||
| CVE-2012-4841 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in Tivoli Endpoint Manager for Remote Control Broker 8.2 before 8.2.1-TIV-TEMRC821-IF0002 allows remote attackers to cause a denial of service (resource consumption) via unk… | |||
| CVE-2012-6051 | medium | — | 5.0 | 14y ago | Google CityHash computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consum… | |||
| CVE-2012-5373 | medium | — | 5.0 | 14y ago | Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier, computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers… | |||
| CVE-2012-5372 | medium | — | 5.0 | 14y ago | Rubinius computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) … | |||
| CVE-2012-5371 | medium | — | 5.0 | 14y ago | Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attac… | |||
| CVE-2012-5370 | medium | — | 5.0 | 14y ago | JRuby denial of service via Hash Collision |