CVEs from 2012
Total
5,199
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.7%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-5805 | medium | — | 5.8 | 14y ago | The PayPal IPN functionality in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allow… | |||
| CVE-2012-5804 | medium | — | 5.8 | 14y ago | The CyberSource module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-… | |||
| CVE-2012-5803 | medium | — | 5.8 | 14y ago | The Authorize.Net module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows ma… | |||
| CVE-2012-5802 | medium | — | 5.8 | 14y ago | The PayPal module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-th… | |||
| CVE-2012-5801 | medium | — | 5.8 | 14y ago | The PayPal module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-… | |||
| CVE-2012-5800 | medium | — | 5.8 | 14y ago | The eBay module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-th… | |||
| CVE-2012-5799 | medium | — | 5.8 | 14y ago | The Canada Post (aka CanadaPost) module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate… | |||
| CVE-2012-5798 | medium | — | 5.8 | 14y ago | The PayPal Pro PayFlow EC module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which… | |||
| CVE-2012-5797 | medium | — | 5.8 | 14y ago | The PayPal Pro PayFlow module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which al… | |||
| CVE-2012-5796 | medium | — | 5.8 | 14y ago | The PayPal Pro module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man… | |||
| CVE-2012-5795 | medium | — | 5.8 | 14y ago | The PayPal Express module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows… | |||
| CVE-2012-5794 | medium | — | 5.8 | 14y ago | The MoneyBookers module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows m… | |||
| CVE-2012-5793 | medium | — | 5.8 | 14y ago | The Authorize.Net module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows … | |||
| CVE-2012-5792 | medium | — | 5.8 | 14y ago | The Sage Pay Direct module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allow… | |||
| CVE-2012-5791 | medium | — | 5.8 | 14y ago | PayPal Invoicing does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle atta… | |||
| CVE-2012-5790 | medium | — | 5.8 | 14y ago | PayPal Payments Standard PHP Library 20120427 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which … | |||
| CVE-2012-5789 | medium | — | 5.8 | 14y ago | PayPal Payments Standard PHP Library before 20120427 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate,… | |||
| CVE-2012-5788 | medium | — | 5.8 | 14y ago | The PayPal IPN utility does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middl… | |||
| CVE-2012-5787 | medium | — | 5.8 | 14y ago | The PayPal merchant SDK does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-midd… | |||
| CVE-2012-5786 | medium | — | 5.8 | 14y ago | The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF before 2.7.0 does not verify that the server hostname matches a domain name in the s… | |||
| CVE-2012-5785 | medium | — | 5.8 | 14y ago | Apache Axis2 has Improper Input Validation | |||
| CVE-2012-5784 | medium | — | 5.8 | 14y ago | Man-in-the-middle attack in Apache Axis | |||
| CVE-2012-5783 | medium | — | 5.8 | 14y ago | Improper Certificate Validation in Apache Commons HttpClient | |||
| CVE-2012-5782 | medium | — | 5.8 | 14y ago | Amazon Flexible Payments Service (FPS) PHP Library does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, w… | |||
| CVE-2012-5781 | medium | — | 5.8 | 14y ago | Amazon Elastic Load Balancing API Tools does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows… | |||
| CVE-2012-5780 | medium | — | 5.8 | 14y ago | The Amazon merchant SDK does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-midd… | |||
| CVE-2012-5170 | medium | — | 5.8 | 14y ago | Open redirect vulnerability in Pebble before 2.6.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||
| CVE-2012-4491 | medium | — | 5.8 | 14y ago | The Monthly Archive by Node Type module 6.x for Drupal does not properly check permissions defined by node_access modules, which allows remote attackers to access restricted nodes via unspecified vec… | |||
| CVE-2012-4489 | medium | — | 5.8 | 14y ago | Open redirect vulnerability in the securelogin_secure_redirect function in the Secure Login module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to redirect users to arbitrary web sites a… | |||
| CVE-2012-4516 | medium | — | 5.8 | 14y ago | librdmacm 1.0.16, when ibacm.port is not specified, connects to port 6125, which allows remote attackers to specify the address resolution information for the application via a malicious ib_acm servi… | |||
| CVE-2012-4511 | medium | — | 5.8 | 14y ago | services/flickr/flickr.c in libsocialweb before 0.25.21 automatically connects to Flickr when no Flickr account is set, which might allow remote attackers to obtain sensitive information via a man-in… | |||
| CVE-2012-5069 | medium | — | 5.8 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to a… | |||
| CVE-2012-5356 | medium | — | 5.8 | 14y ago | The apt-add-repository tool in Ubuntu Software Properties 0.75.x before 0.75.10.3, 0.80.x before 0.80.9.2, 0.81.x before 0.81.13.5, 0.82.x before 0.82.7.3, and 0.92.x before 0.92.8 does not properly … | |||
| CVE-2012-5353 | medium | — | 5.8 | 14y ago | Eduserv OpenAthens SP 2.0 for Java allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack." | |||
| CVE-2012-5352 | medium | — | 5.8 | 14y ago | Java Open Single Sign-On Project Home (JOSSO) allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attac… | |||
| CVE-2012-4418 | medium | — | 5.8 | 14y ago | Apache Axis2 Vulnerable to XML Signature wrapping attack | |||
| CVE-2012-4824 | medium | — | 5.8 | 14y ago | Open redirect vulnerability in servlet/traveler in IBM Lotus Notes Traveler 8.5.3 before 8.5.3.3 Interim Fix 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing at… | |||
| CVE-2012-5240 | medium | — | 5.8 | 14y ago | Buffer overflow in the dissect_tlv function in epan/dissectors/packet-ldp.c in the LDP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (application cras… | |||
| CVE-2012-3314 | medium | — | 5.8 | 14y ago | IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, 6.2.1, and 6.2.2 allow remote attackers to establish sessions via a crafted … | |||
| CVE-2012-5234 | medium | — | 5.8 | 14y ago | Open redirect vulnerability in index.php in ocPortal before 7.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter. | |||
| CVE-2012-3493 | medium | — | 5.8 | 14y ago | The command_give_request_ad function in condor_startd.V6/command.cpp Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 allows remote attackers to obtain sensitive information, and possibly control or… | |||
| CVE-2012-2681 | medium | — | 5.8 | 14y ago | Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to g… | |||
| CVE-2012-2125 | medium | — | 5.8 | 14y ago | RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack. | |||
| CVE-2012-3540 | medium | — | 5.8 | 14y ago | Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a … | |||
| CVE-2012-4672 | medium | — | 5.8 | 14y ago | Apple iChat Server does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted. | |||
| CVE-2012-4671 | medium | — | 5.8 | 14y ago | psyced before 20120821 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted. | |||
| CVE-2012-4669 | medium | — | 5.8 | 14y ago | M-Link R14.6 before R14.6v14 and R15.1 before R15.1v10 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses fo… | |||
| CVE-2012-3525 | medium | — | 5.8 | 14y ago | s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (… | |||
| CVE-2012-4294 | medium | — | 5.8 | 14y ago | Buffer overflow in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code… | |||
| CVE-2012-2499 | medium | — | 5.8 | 14y ago | The IPsec implementation in Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate, which allows man-in-the-middle attackers to spoo… | |||
| CVE-2012-1342 | medium | 5.8 | 5.8 | 14y ago | Cisco Carrier Routing System (CRS) 3.9, 4.0, and 4.1 allows remote attackers to bypass ACL entries via fragmented packets, aka Bug ID CSCtj10975. | |||
| CVE-2012-2647 | medium | — | 5.8 | 14y ago | Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page. | |||
| CVE-2012-3691 | medium | — | 5.8 | 14y ago | WebKit in Apple Safari before 6.0 does not properly handle Cascading Style Sheets (CSS) property values, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | |||
| CVE-2012-3689 | medium | — | 5.8 | 14y ago | WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site. | |||
| CVE-2012-1741 | medium | — | 5.8 | 14y ago | Unspecified vulnerability in the Enterprise Manager for Fusion Middleware component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality and integrity via unknown ve… | |||
| CVE-2012-1728 | medium | — | 5.8 | 14y ago | Unspecified vulnerability in the Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Portal Framework. | |||
| CVE-2012-2727 | medium | — | 5.8 | 14y ago | Open redirect vulnerability in the Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when synchronizing user data, allows remote attackers to redirect users to arbitrary web sites and conduct ph… | |||
| CVE-2012-2707 | medium | — | 5.8 | 14y ago | The Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal does not properly exit when users do not have access to package/task nodes, which allows remote attackers to bypass intended access res… | |||
| CVE-2012-2159 | medium | — | 5.8 | 14y ago | Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remot… | |||
| CVE-2012-2565 | medium | — | 5.8 | 14y ago | Bloxx Web Filtering before 5.0.14 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table… | |||
| CVE-2012-3003 | medium | — | 5.8 | 14y ago | Open redirect vulnerability in an unspecified web application in Siemens WinCC 7.0 SP3 before Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks vi… | |||
| CVE-2012-1251 | medium | — | 5.8 | 14y ago | Opera before 9.63 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||
| CVE-2012-1172 | medium | — | 5.8 | 14y ago | The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause… | |||
| CVE-2012-0294 | medium | — | 5.8 | 14y ago | Directory traversal vulnerability in the Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to delete files via unspecifi… | |||
| CVE-2012-1589 | medium | — | 5.8 | 14y ago | Drupal Open Redirect | |||
| CVE-2012-0528 | medium | — | 5.8 | 14y ago | Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, and 11.1.0.7, and Oracle Enterprise Manager Grid Control, allows re… | |||
| CVE-2012-0732 | medium | — | 5.8 | 14y ago | The Enterprise Console client in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof serv… | |||
| CVE-2012-1244 | medium | — | 5.8 | 14y ago | The NTT DOCOMO sp mode mail application 5400 and earlier for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain… | |||
| CVE-2012-0043 | medium | — | 5.8 | 14y ago | Buffer overflow in the reassemble_message function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a deni… | |||
| CVE-2012-0146 | medium | — | 5.8 | 14y ago | Open redirect vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks… | |||
| CVE-2012-0128 | medium | — | 5.8 | 14y ago | HP Onboard Administrator (OA) before 3.50 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||
| CVE-2012-0126 | medium | — | 5.8 | 14y ago | Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.11 and 11.23 allows remote attackers to obtain access to diagnostic information via unknown vectors, a related issue to CVE-2012-01… | |||
| CVE-2012-1545 | medium | — | 5.8 | 14y ago | Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integ… | |||
| CVE-2012-0907 | medium | — | 5.8 | 15y ago | Directory traversal vulnerability in the web player in NeoAxis NeoAxis web player 1.4 and earlier allows user-assisted remote attackers to write arbitrary files via a .. (dot dot) in a filename in th… | |||
| CVE-2012-0310 | medium | — | 5.8 | 15y ago | CRLF injection vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows remote attackers to inject arbitrary HTTP headers and c… | |||
| CVE-2012-3062 | medium | — | 5.7 | 12y ago | Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a ne… | |||
| CVE-2012-5525 | medium | — | 5.7 | 14y ago | The get_page_from_gfn hypercall function in Xen 4.2 allows local PV guest OS administrators to cause a denial of service (crash) via a crafted GFN that triggers a buffer over-read. | |||
| CVE-2012-3570 | medium | — | 5.7 | 14y ago | Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6 mode is enabled, allows remote attackers to cause a denial of service (segmentation fault and daemon exit) via a crafted client identifi… | |||
| CVE-2012-0045 | medium | — | 5.7 | 14y ago | The em_syscall function in arch/x86/kvm/emulate.c in the KVM implementation in the Linux kernel before 3.2.14 does not properly handle the 0f05 (aka syscall) opcode, which allows guest OS users to ca… | |||
| CVE-2012-3498 | medium | — | 5.6 | 14y ago | PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and earlier allows local HVM guest OS kernels to cause a denial of service (host crash) and possibly read hypervisor or guest memory v… | |||
| CVE-2012-3209 | medium | — | 5.6 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC, allows local users to affect integrity and availability via unknown vectors related to Logical Domain (LDOM). | |||
| CVE-2012-3510 | medium | — | 5.6 | 14y ago | Use-after-free vulnerability in the xacct_add_tsk function in kernel/tsacct.c in the Linux kernel before 2.6.19 allows local users to obtain potentially sensitive information from kernel memory or ca… | |||
| CVE-2012-3480 | medium | — | 5.6 | 14y ago | Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users t… | |||
| CVE-2012-3440 | medium | — | 5.6 | 14y ago | A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file. | |||
| CVE-2012-1687 | medium | — | 5.6 | 14y ago | Unspecified vulnerability in Oracle Solaris 10 and 11 allows local users to affect integrity and availability, related to Logical Domains (LDOM). | |||
| CVE-2012-3345 | medium | — | 5.6 | 14y ago | ioquake3 before r2253 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/ioq3.pid temporary file. | |||
| CVE-2012-0946 | medium | — | 5.6 | 14y ago | The NVIDIA UNIX driver before 295.40 allows local users to access arbitrary memory locations by leveraging GPU device-node read/write privileges. | |||
| CVE-2012-0031 | medium | — | 5.6 | 15y ago | scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a … | |||
| CVE-2012-4573 | medium | — | 5.5 | 4y ago | The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulne… | |||
| CVE-2012-4095 | medium | — | 5.5 | 13y ago | The local file editor in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges, and read or modify arbitrary files, via unspecified key bindi… | |||
| CVE-2012-6118 | medium | — | 5.5 | 13y ago | The Administer tab in Aeolus Conductor allows remote authenticated users to bypass intended quota restrictions by updating the Maximum Running Instances quota user setting. | |||
| CVE-2012-6106 | medium | — | 5.5 | 14y ago | calendar/managesubscriptions.php in the Manage Subscriptions implementation in Moodle 2.4.x before 2.4.1 omits a capability check, which allows remote authenticated users to remove course-level calen… | |||
| CVE-2012-5656 | medium | 5.5 | 5.5 | 14y ago | The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack. | |||
| CVE-2012-3218 | medium | — | 5.5 | 14y ago | Unspecified vulnerability in the Human Resources component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect confidentiality and integrity via unkno… | |||
| CVE-2012-5603 | medium | — | 5.5 | 14y ago | proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users'… | |||
| CVE-2012-5523 | medium | — | 5.5 | 14y ago | core/email_api.php in MantisBT before 1.2.12 does not properly manage the sending of e-mail notifications about restricted bugs, which might allow remote authenticated users to obtain sensitive infor… | |||
| CVE-2012-5522 | medium | — | 5.5 | 14y ago | MantisBT before 1.2.12 does not use an expected default value during decisions about whether a user may modify the status of a bug, which allows remote authenticated users to bypass intended access r… | |||
| CVE-2012-5482 | medium | — | 5.5 | 14y ago | OpenStack Glance arbitrary deletion of non-protected images | |||
| CVE-2012-4021 | medium | — | 5.5 | 14y ago | MosP kintai kanri before 4.1.0 does not properly perform authentication, which allows remote authenticated users to impersonate arbitrary user accounts, and consequently obtain sensitive information … | |||
| CVE-2012-5092 | medium | — | 5.5 | 14y ago | Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 5.2.2 and 6.1.0.0 allows remote authenticated users to affect confidentiality and integri… |