CVEs from 2012
Total
5,199
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.7%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-1357 | medium | — | 5.0 | 14y ago | The igmp_snoop_orib_fill_source_update function in the IGMP process in NX-OS 5.0 and 5.1 on Cisco Nexus 5000 series switches allows remote attackers to cause a denial of service (device reload) via I… | |||
| CVE-2012-1348 | medium | — | 5.0 | 14y ago | Cisco Wide Area Application Services (WAAS) appliances with software 4.4, 5.0, and 5.1 include a one-way hash of a password within output text, which might allow remote attackers to obtain sensitive … | |||
| CVE-2012-1346 | medium | — | 5.0 | 14y ago | Cisco Emergency Responder 8.6 and 9.2 allows remote attackers to cause a denial of service (CPU consumption) by sending malformed UDP packets to the CERPT port, aka Bug ID CSCtx38369. | |||
| CVE-2012-2490 | medium | — | 5.0 | 14y ago | Cisco IP Communicator 8.6 allows man-in-the-middle attackers to modify the Certificate Trust List via unspecified vectors, aka Bug ID CSCtz01471. | |||
| CVE-2012-1340 | medium | — | 5.0 | 14y ago | The Fibre Channel over IP (FCIP) implementation in Cisco MDS NX-OS 4.2 and 5.2 on MDS 9000 series switches allows remote attackers to cause a denial of service (module reload) via a crafted FCIP head… | |||
| CVE-2012-1339 | medium | — | 5.0 | 14y ago | The Fabric Interconnect component in Cisco Unified Computing System (UCS) 2.0 allows remote attackers to cause a denial of service (process crash) via an attempted SSH session, aka Bug ID CSCtt94543. | |||
| CVE-2012-3789 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.7rc3, 0.5.x before 0.5.6rc3, 0.6.0.x before 0.6.0.9rc1, and 0.6.x before 0.6.3rc1 allows remote attackers to cause a denial of service … | |||
| CVE-2012-2459 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, 0.5.x before 0.5.5, 0.6.0.x before 0.6.0.7, and 0.6.x before 0.6.2 allows remote attackers to cause a denial of service (block-proce… | |||
| CVE-2012-1909 | medium | — | 5.0 | 14y ago | The Bitcoin protocol, as used in bitcoind before 0.4.4, wxBitcoin, Bitcoin-Qt, and other programs, does not properly handle multiple transactions with the same identifier, which allows remote attacke… | |||
| CVE-2012-2854 | medium | — | 5.0 | 14y ago | Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to obtain potentially sensitive information about pointer values … | |||
| CVE-2012-2846 | medium | — | 5.0 | 14y ago | Google Chrome before 21.0.1180.57 on Linux does not properly isolate renderer processes, which allows remote attackers to cause a denial of service (cross-process interference) via unspecified vector… | |||
| CVE-2012-1367 | medium | — | 5.0 | 14y ago | The MallocLite implementation in Cisco IOS 12.0, 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (Route Processor crash) via a BGP UPDATE message with a modified local… | |||
| CVE-2012-2978 | medium | — | 5.0 | 14y ago | query.c in NSD 3.0.x through 3.0.8, 3.1.x through 3.1.1, and 3.2.x before 3.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via a crafted … | |||
| CVE-2012-3888 | medium | — | 5.0 | 14y ago | The login implementation in AirDroid 1.0.4 beta allows remote attackers to bypass a multiple-login protection mechanism by modifying a pass value within JSON data. | |||
| CVE-2012-3887 | medium | — | 5.0 | 14y ago | AirDroid before 1.0.7 beta uses a cleartext base64 format for data transfer that is documented as an "Encrypted Transmission" feature, which allows remote attackers to obtain sensitive information by… | |||
| CVE-2012-3886 | medium | — | 5.0 | 14y ago | AirDroid 1.0.4 beta uses the MD5 algorithm for values in the checklogin key parameter and 7bb cookie, which makes it easier for remote attackers to obtain cleartext data by sniffing the local wireles… | |||
| CVE-2012-3884 | medium | — | 5.0 | 14y ago | AirDroid 1.0.4 beta implements authentication through direct transmission of a password hash over HTTP, which makes it easier for remote attackers to obtain access by sniffing the local wireless netw… | |||
| CVE-2012-3698 | medium | — | 5.0 | 14y ago | Apple Xcode before 4.4 does not properly compose a designated requirement (DR) during signing of programs that lack bundle identifiers, which allows remote attackers to read keychain entries via a cr… | |||
| CVE-2012-3424 | medium | — | 5.0 | 14y ago | The decode_credentials method in actionpack/lib/action_controller/metal/http_authentication.rb in Ruby on Rails 3.x before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentic… | |||
| CVE-2012-2302 | medium | — | 5.0 | 14y ago | Site Documentation (Sitedoc) module for Drupal 6.x-1.x before 6.x-1.4 does not properly check the save location when archiving, which allows remote attackers to obtain sensitive information via unspe… | |||
| CVE-2012-2296 | medium | — | 5.0 | 14y ago | The Janrain Engage (formerly RPX) module for Drupal 6.x-1.x. 6.x-2.x before 6.x-2.2, and 7.x-2.x before 7.x-2.2 stores user profile data from Engage in session tables, which might allow remote attack… | |||
| CVE-2012-3693 | medium | — | 5.0 | 14y ago | Incomplete blacklist vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, by leveraging the availability of… | |||
| CVE-2012-2677 | medium | — | 5.0 | 14y ago | Integer overflow in the ordered_malloc function in boost/pool/pool.hpp in Boost Pool before 3.9 makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overfl… | |||
| CVE-2012-2673 | medium | — | 5.0 | 14y ago | Multiple integer overflows in the (1) GC_generic_malloc and (2) calloc functions in malloc.c, and the (3) GC_generic_malloc_ignore_off_page function in mallocx.c in Boehm-Demers-Weiser GC (libgc) bef… | |||
| CVE-2012-0680 | medium | — | 5.0 | 14y ago | Apple Safari before 6.0 does not properly handle the autocomplete attribute of a password input element, which allows remote attackers to bypass authentication by leveraging an unattended workstation. | |||
| CVE-2012-2646 | medium | — | 5.0 | 14y ago | The Sleipnir Mobile application before 2.1.0 and Sleipnir Mobile Black Edition application before 2.1.0 for Android do not properly implement the WebView class, which allows remote attackers to obtai… | |||
| CVE-2012-2196 | medium | — | 5.0 | 14y ago | IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to read arbitrary XML files via the (1) GET_WRAP_CFG_C or (2) GET_WRAP_CFG_C2 stored proce… | |||
| CVE-2012-2194 | medium | — | 5.0 | 14y ago | Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR stored procedure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to repla… | |||
| CVE-2012-3394 | medium | — | 5.0 | 14y ago | auth/ldap/ntlmsso_attempt.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 redirects users from an https LDAP login URL to an http URL, which allows r… | |||
| CVE-2012-3385 | medium | — | 5.0 | 14y ago | WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vecto… | |||
| CVE-2012-3357 | medium | — | 5.0 | 14y ago | The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers … | |||
| CVE-2012-3356 | medium | — | 5.0 | 14y ago | The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions via … | |||
| CVE-2012-2738 | medium | — | 5.0 | 14y ago | The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count v… | |||
| CVE-2012-2357 | medium | — | 5.0 | 14y ago | The Multi-Authentication feature in the Central Authentication Service (CAS) functionality in auth/cas/cas_form.html in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not use HTTPS, which allo… | |||
| CVE-2012-3365 | medium | — | 5.0 | 14y ago | The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors. | |||
| CVE-2012-1960 | medium | — | 5.0 | 14y ago | The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 might allow remote attackers … | |||
| CVE-2012-1959 | medium | — | 5.0 | 14y ago | Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not consider the presence of same-comp… | |||
| CVE-2012-3124 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect availability, related to Kernel/KSSL. | |||
| CVE-2012-3123 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server. | |||
| CVE-2012-3121 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows remote attackers to affect availability via unknown vectors related to in.tnamed and NameServer. | |||
| CVE-2012-1749 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Oracle MapViewer component in Oracle Fusion Middleware 10.1.3.1 and 11.1.1.5 allows remote attackers to affect confidentiality via unknown vectors related to Oracle M… | |||
| CVE-2012-1747 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, when running on Windows, allows remote attackers to … | |||
| CVE-2012-1746 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, when running on Windows, allows remote attackers to … | |||
| CVE-2012-1745 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to affect availability via un… | |||
| CVE-2012-1742 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to UI Framework, a different vulnerability than CVE-2012-1760. | |||
| CVE-2012-1738 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Oracle iPlanet Web Server component in Oracle Sun Products Suite Java System Web Server 6.1 and Oracle iPlanet Web Server 7.0 allows remote attackers to affect availa… | |||
| CVE-2012-1736 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Oracle MapViewer component in Oracle Fusion Middleware 10.1.3.1 allows remote attackers to affect confidentiality via unknown vectors related to Oracle Maps. | |||
| CVE-2012-0794 | medium | — | 5.0 | 14y ago | The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 uses a hardcoded password of nfgjeingjk, which makes it easi… | |||
| CVE-2012-0793 | medium | — | 5.0 | 14y ago | Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote attackers to view the profile images of arbitrary user accounts via unspecified vectors. | |||
| CVE-2012-4027 | medium | — | 5.0 | 14y ago | Directory traversal vulnerability in Tridium Niagara AX Framework allows remote attackers to read files outside of the intended images, nav, and px folders by leveraging incorrect permissions, as dem… | |||
| CVE-2012-4026 | medium | — | 5.0 | 14y ago | The Johnson Controls Pegasys P2000 server with software before 3.11 allows remote attackers to trigger false alerts via crafted packets to TCP port 41013 (aka the upload port), a different vulnerabil… | |||
| CVE-2012-2280 | medium | — | 5.0 | 14y ago | EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do not properly use frames, which allows remote attackers to inject arbitrary web script or HTML via uns… | |||
| CVE-2012-2837 | medium | — | 5.0 | 14y ago | The mnote_olympus_entry_get_value function in olympus/mnote-olympus-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (divide-by… | |||
| CVE-2012-2351 | medium | — | 5.0 | 14y ago | The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the "Match username attribute to Remote username" option to false, which allows remote SAML IdP servers to spoof users of… | |||
| CVE-2012-2640 | medium | — | 5.0 | 14y ago | The NEC BIGLOBE Yome Collection application 1.8.3 and earlier for Android allows remote attackers to read the IMEI value from an SD card via a crafted application that lacks the READ_PHONE_STATE perm… | |||
| CVE-2012-0410 | medium | — | 5.0 | 14y ago | Directory traversal vulnerability in WebAccess in Novell GroupWise before 8.03 allows remote attackers to read arbitrary files via the User.interface parameter. | |||
| CVE-2012-3847 | medium | — | 5.0 | 14y ago | slssvc.exe in Invensys Wonderware SuiteLink in Invensys InTouch 2012 and Wonderware Application Server 2012 allows remote attackers to cause a denial of service (resource consumption) via a long Unic… | |||
| CVE-2012-3007 | medium | — | 5.0 | 14y ago | Stack-based buffer overflow in slssvc.exe before 58.x in Invensys Wonderware SuiteLink in the Invensys System Platform software suite, as used in InTouch/Wonderware Application Server IT before 10.5 … | |||
| CVE-2012-2560 | medium | — | 5.0 | 14y ago | Directory traversal vulnerability in WellinTech KingView 6.53 allows remote attackers to read arbitrary files via a crafted HTTP request to port 8001. | |||
| CVE-2012-3829 | medium | — | 5.0 | 14y ago | Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header. | |||
| CVE-2012-2181 | medium | — | 5.0 | 14y ago | Directory traversal vulnerability in the Dojo module in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF14, and 8.0, allows remote attackers to read arbitrary files via a crafted URL. | |||
| CVE-2012-2748 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to obtain sensitive information via vectors related to "Inadequate filtering" and a "SQL error." | |||
| CVE-2012-2318 | medium | — | 5.0 | 14y ago | msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to cause a denial of service (application crash) by plac… | |||
| CVE-2012-1148 | medium | — | 5.0 | 14y ago | Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted X… | |||
| CVE-2012-2385 | medium | — | 5.0 | 14y ago | The terminal dispatcher in mosh before 1.2.1 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value. | |||
| CVE-2012-2098 | medium | — | 5.0 | 14y ago | Uncontrolled Resource Consumption in Apache Commons Compress | |||
| CVE-2012-2743 | medium | — | 5.0 | 14y ago | Revelation 0.4.13-2 and earlier does not iterate through SHA hashing algorithms for AES encryption, which makes it easier for context-dependent attackers to guess passwords via a brute force attack. | |||
| CVE-2012-2742 | medium | — | 5.0 | 14y ago | Revelation 0.4.13-2 and earlier uses only the first 32 characters of a password followed by a sequence of zeros, which reduces the entropy and makes it easier for context-dependent attackers to crack… | |||
| CVE-2012-2826 | medium | — | 5.0 | 14y ago | Google Chrome before 20.0.1132.43 does not properly implement texture conversion, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||
| CVE-2012-2825 | medium | — | 5.0 | 14y ago | The XSL implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors. | |||
| CVE-2012-2822 | medium | — | 5.0 | 14y ago | The PDF functionality in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||
| CVE-2012-2820 | medium | — | 5.0 | 14y ago | Google Chrome before 20.0.1132.43 does not properly implement SVG filters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||
| CVE-2012-2815 | medium | — | 5.0 | 14y ago | Google Chrome before 20.0.1132.43 allows remote attackers to obtain potentially sensitive information from a fragment identifier by leveraging access to an IFRAME element associated with a different … | |||
| CVE-2012-3798 | medium | — | 5.0 | 14y ago | The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when creating a local user account, allows attackers to obtain part of the initial input used to generate passwords, which makes it easier t… | |||
| CVE-2012-2720 | medium | — | 5.0 | 14y ago | The Token Authentication (tokenauth) module 6.x-1.x before 6.x-1.7 for Drupal does not properly revert user sessions, which might allow remote attackers to perform requests with extra privileges. | |||
| CVE-2012-2702 | medium | — | 5.0 | 14y ago | The Ubercart Product Keys module 6.x-1.x before 6.x-1.1 for Drupal does not properly check access for product keys, which allows remote attackers to read all unassigned product keys via certain condi… | |||
| CVE-2012-0191 | medium | — | 5.0 | 14y ago | The web container in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack does not properly perform access control for requests, which allows remote attackers to spoof a localhost request… | |||
| CVE-2012-2127 | medium | — | 5.0 | 14y ago | fs/proc/root.c in the procfs implementation in the Linux kernel before 3.2 does not properly interact with CLONE_NEWPID clone system calls, which allows remote attackers to cause a denial of service … | |||
| CVE-2012-2173 | medium | — | 5.0 | 14y ago | The ODBC driver in IBM Security AppScan Source 7.x and 8.x before 8.6 sends an SHA-1 hash of the connection password during connections to a solidDB database, which allows remote attackers to obtain … | |||
| CVE-2012-0950 | medium | — | 5.0 | 14y ago | The Apport hook (DistUpgradeApport.py) in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uploads the /var/log/dist-upgrade directory when reporting bugs to Launchpad, which allows rem… | |||
| CVE-2012-1724 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect availability, relate… | |||
| CVE-2012-1719 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows r… | |||
| CVE-2012-1718 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows r… | |||
| CVE-2012-1583 | medium | — | 5.0 | 14y ago | Double free vulnerability in the xfrm6_tunnel_rcv function in net/ipv6/xfrm6_tunnel.c in the Linux kernel before 2.6.22, when the xfrm6_tunnel module is enabled, allows remote attackers to cause a de… | |||
| CVE-2012-1145 | medium | — | 5.0 | 14y ago | spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploads to the NULL organization when mod_wsgi is used, which allows remot… | |||
| CVE-2012-3568 | medium | — | 5.0 | 14y ago | Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via crafted WebGL content, as demonstrated by a codeflow.org WebGL demo. | |||
| CVE-2012-3567 | medium | — | 5.0 | 14y ago | Opera before 12.00 Beta allows remote attackers to cause a denial of service (memory consumption or application hang) via an IFRAME element that uses the src="#" syntax to embed a parent document. | |||
| CVE-2012-3565 | medium | — | 5.0 | 14y ago | Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via crafted characters in domain names, as demonstrated by "IDNA2008 tests." | |||
| CVE-2012-3564 | medium | — | 5.0 | 14y ago | Opera before 12.00 Beta allows remote attackers to cause a denial of service (application hang) via an absolutely positioned wrap=off TEXTAREA element located next to an "overflow: auto" block elemen… | |||
| CVE-2012-3563 | medium | — | 5.0 | 14y ago | Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via a web page that contains invalid character encodings. | |||
| CVE-2012-3557 | medium | — | 5.0 | 14y ago | Opera before 11.65 does not properly restrict the reading of JSON strings, which allows remote attackers to perform cross-domain loading of JSON resources and consequently obtain sensitive informatio… | |||
| CVE-2012-3287 | medium | — | 5.0 | 14y ago | Poul-Henning Kamp md5crypt has insufficient algorithmic complexity and a consequently short runtime, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-… | |||
| CVE-2012-2606 | medium | — | 5.0 | 14y ago | The agent in Bradford Network Sentry before 5.3.3 does not require authentication for messages, which allows remote attackers to trigger the display of arbitrary text on a workstation via a crafted p… | |||
| CVE-2012-2566 | medium | — | 5.0 | 14y ago | Bloxx Web Filtering before 5.0.14 does not properly interpret X-Forwarded-For headers during access-control and logging operations for HTTPS connection attempts, which allows remote attackers to bypa… | |||
| CVE-2012-1816 | medium | — | 5.0 | 14y ago | PORTSERV.exe in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to cause a denial of service (daemon c… | |||
| CVE-2012-0441 | medium | — | 5.0 | 14y ago | The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, … | |||
| CVE-2012-0949 | medium | — | 5.0 | 14y ago | The Apport hook in Update Manager as used by Ubuntu 12.04 LTS, 11.10, and 11.04 uploads certain system state archive files when reporting bugs to Launchpad, which allows remote attackers to read repo… | |||
| CVE-2012-2661 | medium | — | 5.0 | 14y ago | The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveReco… | |||
| CVE-2012-2943 | medium | — | 5.0 | 14y ago | CRLF injection vulnerability in cryptographp.inc.php in Cryptographp allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the cfg parameter. | |||
| CVE-2012-1821 | medium | — | 5.0 | 14y ago | The Network Threat Protection module in the Manager component in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.700x on Windows Server 2003 allows remote attackers to cause a denial of ser… |