CVEs from 2012
Total
5,199
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.7%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-2058 | medium | — | 5.0 | 14y ago | The Ubercart Payflow module for Drupal does not use a secure token, which allows remote attackers to forge payments via unspecified vectors. | |||
| CVE-2012-3919 | medium | — | 5.0 | 14y ago | The Cisco Application Control Engine (ACE) module 3.0 for Cisco Catalyst switches and Cisco routers does not properly monitor Load Balancer (LB) queues, which allows remote attackers to cause a denia… | |||
| CVE-2012-3915 | medium | — | 5.0 | 14y ago | The DMVPN tunnel implementation in Cisco IOS 15.2 allows remote attackers to cause a denial of service (persistent IKE state) via a large volume of hub-to-spoke traffic, aka Bug ID CSCtq39602. | |||
| CVE-2012-3901 | medium | — | 5.0 | 14y ago | The updateTime function in sensorApp on Cisco IPS 4200 series sensors 7.0 and 7.1 allows remote attackers to cause a denial of service (process crash and traffic-inspection outage) via network traffi… | |||
| CVE-2012-3899 | medium | — | 5.0 | 14y ago | sensorApp on Cisco IPS 4200 series sensors 6.0, 6.2, and 7.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and process crash, and tr… | |||
| CVE-2012-3094 | medium | — | 5.0 | 14y ago | The VPN downloader in the download_install component in Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495 on Linux accepts arbitrary X.509 server certificates without user interaction, w… | |||
| CVE-2012-4001 | medium | — | 5.0 | 14y ago | The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified … | |||
| CVE-2012-4817 | medium | — | 5.0 | 14y ago | The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS before 2.2.1.4-FP-25 SP-02, does not properly handle GID values, which allows remote attackers to cause a denial of service via … | |||
| CVE-2012-4683 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-4682. | |||
| CVE-2012-4682 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-4683. | |||
| CVE-2012-4922 | medium | — | 5.0 | 14y ago | The tor_timegm function in common/util.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.22-rc, does not properly validate time values, which allows remote attackers to cause a denial of service (as… | |||
| CVE-2012-4419 | medium | — | 5.0 | 14y ago | The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a denial of service (assertion failure and daemo… | |||
| CVE-2012-4903 | medium | — | 5.0 | 14y ago | Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by… | |||
| CVE-2012-2048 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in Adobe ColdFusion 10 and earlier allows attackers to cause a denial of service via unknown vectors. | |||
| CVE-2012-2774 | medium | — | 5.0 | 14y ago | The ff_MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors, related to starting "… | |||
| CVE-2012-4885 | medium | — | 5.0 | 14y ago | The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to cause a denial of service (infinite loop) via certain input, as demonstrated by the padleft f… | |||
| CVE-2012-2315 | medium | — | 5.0 | 14y ago | admin/Auth in OpenKM 5.1.7 and other versions before 5.1.8-2 does not properly enforce privileges for changing user roles, which allows remote authenticated users to assign administrator privileges t… | |||
| CVE-2012-1581 | medium | — | 5.0 | 14y ago | MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 uses weak random numbers for password reset tokens, which makes it easier for remote attackers to change the passwords of arbitrary users. | |||
| CVE-2012-1579 | medium | — | 5.0 | 14y ago | The resource loader in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive inform… | |||
| CVE-2012-1152 | medium | — | 5.0 | 14y ago | Multiple format string vulnerabilities in the error reporting functionality in the YAML::LibYAML (aka YAML-LibYAML and perl-YAML-LibYAML) module 0.38 for Perl allow remote attackers to cause a denial… | |||
| CVE-2012-1151 | medium | — | 5.0 | 14y ago | Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (proce… | |||
| CVE-2012-1611 | medium | — | 5.0 | 14y ago | Joomla! 2.5.x before 2.5.4 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end" information via unknown attack vectors. NOTE: this might be a dup… | |||
| CVE-2012-0837 | medium | — | 5.0 | 14y ago | Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain the installation path via unspecified vectors related to "administrator." | |||
| CVE-2012-0836 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 allows attackers to read the error log via unknown vectors. | |||
| CVE-2012-0835 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain sensitive information via unknown vectors related to "administrator." | |||
| CVE-2012-0821 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0819. | |||
| CVE-2012-0819 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0821. | |||
| CVE-2012-4752 | medium | — | 5.0 | 14y ago | appconfig.php in ownCloud before 4.0.6 does not properly restrict access, which allows remote authenticated users to edit app configurations via unspecified vectors. NOTE: this can be leveraged by u… | |||
| CVE-2012-4387 | medium | — | 5.0 | 14y ago | Denial of service in Apache Struts | |||
| CVE-2012-3526 | medium | — | 5.0 | 14y ago | The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For … | |||
| CVE-2012-3509 | medium | — | 5.0 | 14y ago | Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to c… | |||
| CVE-2012-2063 | medium | — | 5.0 | 14y ago | The Slidebox module before 7.x-1.4 for Drupal does not properly check permissions, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2012-1608 | medium | — | 5.0 | 14y ago | Typo3 API XSS Vulnerabilities | |||
| CVE-2012-1607 | medium | — | 5.0 | 14y ago | TYPO3 allows remote attackers to obtain the database name via a direct request | |||
| CVE-2012-1605 | medium | — | 5.0 | 14y ago | Typo3 Extbase Framework Unsafe Deserialization | |||
| CVE-2012-4747 | medium | — | 5.0 | 14y ago | Bugzilla 2.x and 3.x through 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 stores potentially sensitive information under the web root with insufficient a… | |||
| CVE-2012-3981 | medium | — | 5.0 | 14y ago | Auth/Verify/LDAP.pm in Bugzilla 2.x and 3.x before 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 does not restrict the characters in a username, which mig… | |||
| CVE-2012-4741 | medium | — | 5.0 | 14y ago | The RADIUS extension in PacketFence before 3.3.0 uses a different user name than is used for authentication for users with custom VLAN assignment extensions, which allows remote attackers to spoof us… | |||
| CVE-2012-3534 | medium | — | 5.0 | 14y ago | GNU Gatekeeper before 3.1 does not limit the number of connections to the status port, which allows remote attackers to cause a denial of service (connection and thread consumption) via a large numbe… | |||
| CVE-2012-3533 | medium | — | 5.0 | 14y ago | The python SDK before 3.1.0.6 and CLI before 3.1.0.8 for oVirt 3.1 does not check the server SSL certificate against the client keys, which allows remote attackers to spoof a server via a man-in-the-… | |||
| CVE-2012-2704 | medium | — | 5.0 | 14y ago | The Advertisement module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access to debug information, which allows remote attackers to obtain sensitive site configuration information tha… | |||
| CVE-2012-4171 | medium | — | 5.0 | 14y ago | Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and be… | |||
| CVE-2012-2867 | medium | — | 5.0 | 14y ago | The SPDY implementation in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service (application crash) via unspecified vectors. | |||
| CVE-2012-4010 | medium | — | 5.0 | 14y ago | Opera before 11.60 allows remote attackers to spoof the address bar via unspecified homograph characters, a different vulnerability than CVE-2010-2660. | |||
| CVE-2012-3312 | medium | — | 5.0 | 14y ago | The datasource definition editor in IBM InfoSphere Guardium 8.2 and earlier, when the save-password setting is enabled, transmits cleartext database credentials, which allows remote attackers to obta… | |||
| CVE-2012-3972 | medium | — | 5.0 | 14y ago | The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey b… | |||
| CVE-2012-1643 | medium | — | 5.0 | 14y ago | The Faster Permissions module 7.x-2.x before 7.x-1.2 for Drupal does not check the "administer permissions" permission, which allows remote attackers to modify access permissions via unspecified vect… | |||
| CVE-2012-1642 | medium | — | 5.0 | 14y ago | includes/linkchecker.pages.inc in the Link checker module 6.x-2.x before 6.x-2.5 for Drupal does not properly enforce access permissions on broken links, which allows remote attackers to obtain sensi… | |||
| CVE-2012-3467 | medium | — | 5.0 | 14y ago | Apache QPID Allows Remote Authentication Bypass | |||
| CVE-2012-3421 | medium | — | 5.0 | 14y ago | The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by se… | |||
| CVE-2012-3420 | medium | — | 5.0 | 14y ago | Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted… | |||
| CVE-2012-3419 | medium | — | 5.0 | 14y ago | Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments. | |||
| CVE-2012-3418 | medium | — | 5.0 | 14y ago | libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a PDU with the numcreds field value greater than the… | |||
| CVE-2012-0855 | medium | — | 5.0 | 14y ago | Heap-based buffer overflow in the get_sot function in the J2K decoder (j2k.c) in libavcodec in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via unspeci… | |||
| CVE-2012-4678 | medium | — | 5.0 | 14y ago | munin-cgi-graph for Munin 2.0 rc4 does not delete temporary files, which allows remote attackers to cause a denial of service (disk consumption) via many requests to an image with unique parameters. | |||
| CVE-2012-2147 | medium | — | 5.0 | 14y ago | munin-cgi-graph in Munin 2.0 rc4 allows remote attackers to cause a denial of service (disk or memory consumption) via many image requests with large values in the (1) size_x or (2) size_y parameters. | |||
| CVE-2012-4674 | medium | — | 5.0 | 14y ago | PluXml before 5.1.6 allows remote attackers to obtain the installation path via the PHPSESSID. | |||
| CVE-2012-3519 | medium | — | 5.0 | 14y ago | routerlist.c in Tor before 0.2.2.38 uses a different amount of time for relay-list iteration depending on which relay is chosen, which might allow remote attackers to obtain sensitive information abo… | |||
| CVE-2012-3518 | medium | — | 5.0 | 14y ago | The networkstatus_parse_vote_from_string function in routerparse.c in Tor before 0.2.2.38 does not properly handle an invalid flavor name, which allows remote attackers to cause a denial of service (… | |||
| CVE-2012-3517 | medium | — | 5.0 | 14y ago | Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might allow remote attackers to cause a denial of service (daemon crash) via vectors related to failed DNS requests. | |||
| CVE-2012-3514 | medium | — | 5.0 | 14y ago | OCaml Xml-Light Library before r234 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service … | |||
| CVE-2012-3501 | medium | — | 5.0 | 14y ago | The squidclamav_check_preview_handler function in squidclamav.c in SquidClamav 5.x before 5.8 and 6.x before 6.7 passes an unescaped URL to a system command call, which allows remote attackers to cau… | |||
| CVE-2012-4605 | medium | — | 5.0 | 14y ago | The default configuration of the SMTP component in Websense Email Security 6.1 through 7.3 enables weak SSL ciphers in the "SurfControl plc\SuperScout Email Filter\SMTP" registry key, which makes it … | |||
| CVE-2012-4593 | medium | — | 5.0 | 14y ago | McAfee Application Control and Change Control 5.1.x and 6.0.0 do not enforce an intended password requirement in certain situations involving attributes of the password file, which allows local users… | |||
| CVE-2012-4592 | medium | — | 5.0 | 14y ago | The Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 does not set the secure flag for the ASP.NET session cookie in an https session, which makes it easier for remote attackers to captu… | |||
| CVE-2012-4591 | medium | — | 5.0 | 14y ago | About.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 discloses the name of the user account for an IIS worker process, which allows remote attackers to obtain potentially … | |||
| CVE-2012-4219 | medium | — | 5.0 | 14y ago | show_config_errors.php in phpMyAdmin 3.5.x before 3.5.2.1 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message, relate… | |||
| CVE-2012-2190 | medium | — | 5.0 | 14y ago | IBM Global Security Kit (aka GSKit), as used in IBM HTTP Server in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1,… | |||
| CVE-2012-4362 | medium | — | 5.0 | 14y ago | hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management se… | |||
| CVE-2012-0857 | medium | — | 5.0 | 14y ago | Multiple buffer overflows in the get_qcx function in the J2K decoder (j2kdec.c) in libavcode in FFmpeg before 0.9.1 allow remote attackers to cause a denial of service (application crash) via unspeci… | |||
| CVE-2012-0854 | medium | — | 5.0 | 14y ago | The dpcm_decode_frame function in libavcodec/dpcm.c in FFmpeg before 0.9.1 does not use the proper pointer after an audio API change, which allows remote attackers to cause a denial of service (appli… | |||
| CVE-2012-2387 | medium | — | 5.0 | 14y ago | devotee 0.1 patch 2 uses a 32-bit seed for generating 48-bit random numbers, which makes it easier for remote attackers to obtain the secret monikers via a brute force attack. | |||
| CVE-2012-2132 | medium | — | 5.0 | 14y ago | libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allows remote attackers to bypass authentication by connecting with a SSL … | |||
| CVE-2012-4287 | medium | — | 5.0 | 14y ago | epan/dissectors/packet-mongo.c in the MongoDB dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a small value for a BSON do… | |||
| CVE-2012-3250 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in HP Service Manager Server 7.11, 9.21, and 9.30, and HP Service Center Server 6.28, allows remote attackers to cause a denial of service via unknown vectors. | |||
| CVE-2012-3248 | medium | — | 5.0 | 14y ago | HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2012-3025 | medium | — | 5.0 | 14y ago | The default configuration of Tridium Niagara AX Framework through 3.6 uses a cleartext base64 format for transmission of credentials in cookies, which allows remote attackers to obtain sensitive info… | |||
| CVE-2012-3024 | medium | — | 5.0 | 14y ago | Tridium Niagara AX Framework through 3.6 uses predictable values for (1) session IDs and (2) keys, which might allow remote attackers to bypass authentication via a brute-force attack. | |||
| CVE-2012-2770 | medium | — | 5.0 | 14y ago | The Authen::ExternalAuth extension before 0.11 for Best Practical Solutions RT allows remote attackers to obtain a logged-in session via unspecified vectors related to the "URL of a RSS feed of the u… | |||
| CVE-2012-1850 | medium | — | 5.0 | 14y ago | The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, … | |||
| CVE-2012-2081 | medium | — | 5.0 | 14y ago | The Organic Groups (OG) module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access, which allows remote attackers to obtain sensitive information such as private group titles via a re… | |||
| CVE-2012-2074 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in certain default views in the Ubercart Views module 6.x before 6.x-3.2 for Drupal allows remote attackers to obtain sensitive information via unknown attack vectors. | |||
| CVE-2012-4332 | medium | — | 5.0 | 14y ago | The ShareYourCart plugin 1.7.1 for WordPress allows remote attackers to obtain the installation path via unspecified vectors related to the SDK. | |||
| CVE-2012-2096 | medium | — | 5.0 | 14y ago | The Fivestar module 6.x-1.x before 6.x-1.20 for Drupal does not properly validate voting data, which allows remote attackers to manipulate voting averages via a negative value in the vote parameter. | |||
| CVE-2012-4276 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in Hitachi IT Operations Director 02-50-01 through 02-50-07, 03-00 before 03-00-08 allows attackers to cause a denial of service via unknown attack vectors. | |||
| CVE-2012-2370 | medium | — | 5.0 | 14y ago | Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) hei… | |||
| CVE-2012-2368 | medium | — | 5.0 | 14y ago | Bytemark Symbiosis before Revision 1322 does not properly validate passwords, which allows remote attackers to gain access to email accounts via an arbitrary password. | |||
| CVE-2012-4257 | medium | — | 5.0 | 14y ago | Yaqas (Yet Another Question & Answer System) 1.0 Alpha 1 allows remote attackers to obtain sensitive information via an invalid character in the PHPSESSID, which reveals the installation path in an e… | |||
| CVE-2012-4256 | medium | — | 5.0 | 14y ago | The jNews (com_jnews) component 7.5.1 for Joomla! allows remote attackers to obtain sensitive information via the emailsearch parameter, which reveals the installation path in an error message. | |||
| CVE-2012-2327 | medium | — | 5.0 | 14y ago | MyBB (aka MyBulletinBoard) before 1.6.7 allows remote attackers to obtain sensitive information via a malformed forumread cookie, which reveals the installation path in an error message. | |||
| CVE-2012-3474 | medium | — | 5.0 | 14y ago | The comments API in application/libraries/api/MY_Comments_Api_Object.php in the Ushahidi Platform before 2.5 allows remote attackers to obtain sensitive information about the e-mail address, IP addre… | |||
| CVE-2012-4069 | medium | — | 5.0 | 14y ago | Dir2web 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request for system/db/website.db. | |||
| CVE-2012-2968 | medium | — | 5.0 | 14y ago | Directory traversal vulnerability in Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to create files in arbitrary directories via a .. (dot dot) in a pathname within an… | |||
| CVE-2012-2964 | medium | — | 5.0 | 14y ago | The BreakingPoint Storm appliance before 3.0 requires cleartext credentials for establishing a session from a GUI administrative client, which allows remote attackers to obtain sensitive information … | |||
| CVE-2012-2963 | medium | — | 5.0 | 14y ago | The administrative interface in the embedded web server on the BreakingPoint Storm appliance before 3.0 does not require authentication for the gwt/BugReport script, which allows remote attackers to … | |||
| CVE-2012-4235 | medium | — | 5.0 | 14y ago | The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! 2.5.x does not place index.html files in image directories, which allows remote attackers to list image filenames via a request for … | |||
| CVE-2012-2191 | medium | — | 5.0 | 14y ago | IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, does not properly validate data during execution of a … | |||
| CVE-2012-3429 | medium | — | 5.0 | 14y ago | The dns_to_ldap_dn_escape function in src/ldap_convert.c in bind-dyndb-ldap 1.1.0rc1 and earlier does not properly escape distinguished names (DN) for LDAP queries, which allows remote DNS servers to… | |||
| CVE-2012-0213 | medium | — | 5.0 | 14y ago | Denial of Service in Apache POI | |||
| CVE-2012-4005 | medium | — | 5.0 | 14y ago | The NHN Japan NAVER LINE application before 2.5.5 for Android does not properly handle implicit intents, which allows remote attackers to obtain sensitive message information via a crafted applicatio… |