CVEs from 2012
Total
5,199
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.7%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-2374 | medium | — | 5.0 | 14y ago | CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting… | |||
| CVE-2012-2922 | medium | — | 5.0 | 14y ago | The request_path function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q[] parameter to index.php, which reveals the installati… | |||
| CVE-2012-2921 | medium | — | 5.0 | 14y ago | Universal Feed Parser (aka feedparser or python-feedparser) before 5.1.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML ENTITY declaration in a non-ASCII … | |||
| CVE-2012-1249 | medium | — | 5.0 | 14y ago | The iLunascape application 1.0.4.0 and earlier for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive stored information via a crafted applicatio… | |||
| CVE-2012-2322 | medium | — | 5.0 | 14y ago | Integer overflow in the dhcpv6_get_option function in gdhcp/client.c in ConnMan before 0.85 allows remote attackers to cause a denial of service (infinite loop and crash) via an invalid length value … | |||
| CVE-2012-0676 | medium | — | 5.0 | 14y ago | WebKit in Apple Safari before 5.1.7 does not properly track state information during the processing of form input, which allows remote attackers to fill in form fields on the pages of arbitrary web s… | |||
| CVE-2012-0651 | medium | — | 5.0 | 14y ago | The directory server in Directory Service in Apple Mac OS X 10.6.8 allows remote attackers to obtain sensitive information from process memory via a crafted message. | |||
| CVE-2012-0164 | medium | — | 5.0 | 14y ago | Microsoft .NET Framework 4 does not properly compare index values, which allows remote attackers to cause a denial of service (application hang) via crafted requests to a Windows Presentation Foundat… | |||
| CVE-2012-0580 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 5.2.2, 6.0.0, and 6.1.1 allows remote attackers to affect integrity via unknown vectors r… | |||
| CVE-2012-0376 | medium | — | 5.0 | 14y ago | The voice-sipstack component in Cisco Unified Communications Manager (CUCM) 8.5 allows remote attackers to cause a denial of service (core dump) via vectors involving SIP messages that arrive after a… | |||
| CVE-2012-0535 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors related… | |||
| CVE-2012-0361 | medium | — | 5.0 | 14y ago | The sccp-protocol component in Cisco IP Communicator (CIPC) 7.0 through 8.6 does not limit the rate of SCCP messages to Cisco Unified Communications Manager (CUCM), which allows remote attackers to c… | |||
| CVE-2012-0339 | medium | — | 5.0 | 14y ago | Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish TELNET connections from arbitrary … | |||
| CVE-2012-0338 | medium | — | 5.0 | 14y ago | Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish SSH connections from arbitrary sou… | |||
| CVE-2012-0335 | medium | — | 5.0 | 14y ago | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 through 8.4 do not properly perform proxy authentication during attempts to cut through a firewall, which allows remote … | |||
| CVE-2012-0333 | medium | — | 5.0 | 14y ago | Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML doc… | |||
| CVE-2012-2213 | medium | — | 5.0 | 14y ago | Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reprod… | |||
| CVE-2012-2212 | medium | — | 5.0 | 14y ago | McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might no… | |||
| CVE-2012-0473 | medium | — | 5.0 | 14y ago | The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey bef… | |||
| CVE-2012-0743 | medium | — | 5.0 | 14y ago | IBM Tivoli Directory Server (TDS) 6.3 and earlier allows remote attackers to cause a denial of service (daemon crash) via a malformed LDAP paged search request. | |||
| CVE-2012-1243 | medium | — | 5.0 | 14y ago | The TwitRocker2 application before 1.0.23 for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. | |||
| CVE-2012-2401 | medium | — | 5.0 | 14y ago | Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows… | |||
| CVE-2012-1180 | medium | — | 5.0 | 14y ago | Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjuncti… | |||
| CVE-2012-2268 | medium | — | 5.0 | 14y ago | master.exe in the SNMP Master Agent in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to cause a denial of service (unhandled exception and daemon crash)… | |||
| CVE-2012-2267 | medium | — | 5.0 | 14y ago | master.exe in the SNMP Master Agent in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to cause a denial of service (daemon crash) by establishing and clo… | |||
| CVE-2012-1809 | medium | — | 5.0 | 14y ago | The web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 allows remote attackers to cause a denial of service (resour… | |||
| CVE-2012-1596 | medium | — | 5.0 | 14y ago | The mp2t_process_fragmented_payload function in epan/dissectors/packet-mp2t.c in the MP2T dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial o… | |||
| CVE-2012-0147 | medium | — | 5.0 | 14y ago | Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafte… | |||
| CVE-2012-2054 | medium | — | 5.0 | 14y ago | Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the (1) Comment, (2) Document, (3) Iss… | |||
| CVE-2012-0255 | medium | — | 5.0 | 14y ago | The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allows remote attackers to cause a denial of service (assertion failure and da… | |||
| CVE-2012-0130 | medium | — | 5.0 | 14y ago | HP Onboard Administrator (OA) before 3.50 allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2012-0222 | medium | — | 5.0 | 14y ago | The FactoryTalk (FT) RNADiagReceiver service in Rockwell Automation Allen-Bradley FactoryTalk CPR9 through SR5 and RSLogix 5000 17 through 20 allows remote attackers to cause a denial of service (out… | |||
| CVE-2012-1926 | medium | — | 5.0 | 14y ago | Opera before 11.62 allows remote attackers to bypass the Same Origin Policy via the (1) history.pushState and (2) history.replaceState functions in conjunction with cross-domain frames, leading to un… | |||
| CVE-2012-1920 | medium | — | 5.0 | 14y ago | @Mail WebMail Client in AtMail Open-Source 1.04 and earlier allows remote attackers to obtain configuration information via a direct request to install/info.php, which calls the phpinfo function. | |||
| CVE-2012-1918 | medium | — | 5.0 | 14y ago | Multiple directory traversal vulnerabilities in (1) compose.php and (2) libs/Atmail/SendMsg.php in @Mail WebMail Client in AtMail Open-Source before 1.05 allow remote attackers to read arbitrary file… | |||
| CVE-2012-1917 | medium | — | 5.0 | 14y ago | compose.php in @Mail WebMail Client in AtMail Open-Source before 1.05 does not properly handle ../ (dot dot slash) sequences in the unique parameter, which allows remote attackers to conduct director… | |||
| CVE-2012-1573 | medium | — | 5.0 | 14y ago | gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (he… | |||
| CVE-2012-1569 | medium | — | 5.0 | 14y ago | The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remo… | |||
| CVE-2012-0256 | medium | — | 5.0 | 14y ago | Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long … | |||
| CVE-2012-1089 | medium | — | 5.0 | 14y ago | Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wi… | |||
| CVE-2012-1841 | medium | — | 5.0 | 14y ago | Absolute path traversal vulnerability in logShow.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware… | |||
| CVE-2012-1838 | medium | — | 5.0 | 14y ago | The web management interface on the LG-Nortel ELO GS24M switch allows remote attackers to bypass authentication, and consequently obtain cleartext credential and configuration information, via a dire… | |||
| CVE-2012-1837 | medium | — | 5.0 | 14y ago | The (1) webreports, (2) post/create-role, and (3) post/update-role programs in IBM Tivoli Endpoint Manager (TEM) before 8.2 do not include the HTTPOnly flag in a Set-Cookie header for a cookie, which… | |||
| CVE-2012-1662 | medium | — | 5.0 | 14y ago | CA ARCserve Backup r12.0 through SP2, r12.5 before SP2, r15 through SP1, and r16 before SP1 on Windows allows remote attackers to cause a denial of service (service shutdown) via a crafted network re… | |||
| CVE-2012-0710 | medium | — | 5.0 | 14y ago | IBM DB2 9.1 before FP11, 9.5 before FP9, 9.7 before FP5, and 9.8 before FP4 allows remote attackers to cause a denial of service (daemon crash) via a crafted Distributed Relational Database Architect… | |||
| CVE-2012-1181 | medium | — | 5.0 | 14y ago | fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to… | |||
| CVE-2012-0328 | medium | — | 5.0 | 14y ago | Janetter before 3.3.0.0 (aka 3.3.0) allows remote attackers to obtain session information for twitter.com web sites via unspecified vectors. | |||
| CVE-2012-1786 | medium | — | 5.0 | 14y ago | The Media Upload form in the Video Embed & Thumbnail Generator plugin before 2.0 for WordPress allows remote attackers to obtain the installation path via unknown vectors. | |||
| CVE-2012-0326 | medium | — | 5.0 | 14y ago | The twicca application 0.7.0 through 0.9.30 for Android does not properly restrict the use of network privileges, which allows remote attackers to read media files on an SD card via a crafted applica… | |||
| CVE-2012-1165 | medium | — | 5.0 | 14y ago | The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application cra… | |||
| CVE-2012-1178 | medium | — | 5.0 | 14y ago | The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service (application crash) via an OIM message … | |||
| CVE-2012-0456 | medium | — | 5.0 | 14y ago | The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.… | |||
| CVE-2012-2139 | medium | — | 5.0 | 14y ago | Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the… | |||
| CVE-2012-0770 | medium | — | 5.0 | 14y ago | Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a d… | |||
| CVE-2012-0006 | medium | — | 5.0 | 14y ago | The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denia… | |||
| CVE-2012-0690 | medium | — | 5.0 | 14y ago | TIBCO Spotfire Web Application, Web Player Application, Automation Services Application, and Analytics Client Application in Spotfire Analytics Server before 10.1.2; Server before 3.3.3; and Web Play… | |||
| CVE-2012-0689 | medium | — | 5.0 | 14y ago | The server in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before… | |||
| CVE-2012-0687 | medium | — | 5.0 | 14y ago | TIBCO ActiveMatrix Runtime Platform in Service Grid and Service Bus 2.x before 2.3.2 and BusinessWorks Service Engine before 5.8.2; TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Ser… | |||
| CVE-2012-0884 | medium | — | 5.0 | 14y ago | The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for conte… | |||
| CVE-2012-0647 | medium | — | 5.0 | 14y ago | WebKit in Apple Safari before 5.1.4 does not properly handle redirects in conjunction with HTTP authentication, which might allow remote web servers to capture credentials by logging the Authorizatio… | |||
| CVE-2012-0640 | medium | — | 5.0 | 14y ago | WebKit in Apple Safari before 5.1.4 does not properly implement "From third parties and advertisers" cookie blocking, which makes it easier for remote web servers to track users via a cookie. | |||
| CVE-2012-1558 | medium | — | 5.0 | 14y ago | yaSSL CyaSSL before 2.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted X.509 certificate. | |||
| CVE-2012-0641 | medium | — | 5.0 | 14y ago | CFNetwork in Apple iOS before 5.1 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL, a different vu… | |||
| CVE-2012-0585 | medium | — | 5.0 | 14y ago | The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the (1) pushState … | |||
| CVE-2012-0769 | medium | — | 5.0 | 14y ago | Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x does not pro… | |||
| CVE-2012-0316 | medium | — | 5.0 | 14y ago | The Cookpad 1.5.16 and earlier and Cookpad Noseru 1.1.1 and earlier applications for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information… | |||
| CVE-2012-1207 | medium | — | 5.0 | 15y ago | ForkCMS Directory Traversal vulnerability | |||
| CVE-2012-0823 | medium | — | 5.0 | 15y ago | VP8 Codec SDK (libvpx) before 1.0.0 "Duclair" allows remote attackers to cause a denial of service (application crash) via (1) unspecified "corrupt input" or (2) by "starting decoding from a P-frame,… | |||
| CVE-2012-1292 | medium | — | 5.0 | 15y ago | Unspecified vulnerability in the MessagingSystem servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the MessagingSystem Performance Data via unspecified vector… | |||
| CVE-2012-1291 | medium | — | 5.0 | 15y ago | Unspecified vulnerability in the com.sap.aii.mdt.amt.web.AMTPageProcessor servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the Adapter Monitor via unspecifie… | |||
| CVE-2012-1256 | medium | — | 5.0 | 15y ago | The single sign-on (SSO) implementation in EasyVista before 2010.1.1.89 allows remote attackers to bypass authentication via a modified url_account parameter, in conjunction with a valid login name i… | |||
| CVE-2012-0291 | medium | — | 5.0 | 15y ago | Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1… | |||
| CVE-2012-0239 | medium | — | 5.0 | 15y ago | uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to modify an administrative password via a password-change request. | |||
| CVE-2012-0236 | medium | — | 5.0 | 15y ago | Advantech/BroadWin WebAccess 7.0 and earlier allows remote attackers to obtain sensitive information via a direct request to a URL. NOTE: the vendor reportedly "does not consider it to be a security… | |||
| CVE-2012-0200 | medium | — | 5.0 | 15y ago | The server in IBM solidDB 6.5 before Interim Fix 6 does not properly initialize data structures, which allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT state… | |||
| CVE-2012-1223 | medium | — | 5.0 | 15y ago | RabidHamster R2/Extreme 1.65 and earlier uses a small search space of values for the PIN number, which allows remote attackers to obtain the PIN number via a brute force attack. | |||
| CVE-2012-0206 | medium | — | 5.0 | 15y ago | common_startup.cc in PowerDNS (aka pdns) Authoritative Server before 2.9.22.5 and 3.x before 3.0.1 allows remote attackers to cause a denial of service (packet loop) via a crafted UDP DNS response. | |||
| CVE-2012-0501 | medium | — | 5.0 | 15y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to a… | |||
| CVE-2012-1085 | medium | — | 5.0 | 15y ago | Unspecified vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. | |||
| CVE-2012-1078 | medium | — | 5.0 | 15y ago | The System Utilities (sysutils) extension 1.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unspecified vectors related to improper "protection" of the "backup o… | |||
| CVE-2012-1056 | medium | — | 5.0 | 15y ago | The Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal does not properly enforce permissions for (1) Recent forwards, (2) Most forwarded, or (3) Dynamic blocks, which allows… | |||
| CVE-2012-1035 | medium | — | 5.0 | 15y ago | AdaCore Ada Web Services (AWS) before 2.10.2 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a … | |||
| CVE-2012-1033 | medium | — | 5.0 | 15y ago | The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trig… | |||
| CVE-2012-0839 | medium | — | 5.0 | 15y ago | OCaml 3.12.1 and earlier computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consum… | |||
| CVE-2012-1003 | medium | — | 5.0 | 15y ago | Multiple integer overflows in Opera 11.60 and earlier allow remote attackers to cause a denial of service (application crash) via a large integer argument to the (1) Int32Array, (2) Float32Array, (3)… | |||
| CVE-2012-0447 | medium | — | 5.0 | 15y ago | Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain pot… | |||
| CVE-2012-0445 | medium | — | 5.0 | 15y ago | Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to bypass the HTML5 frame-navigation policy and replace arbitrary sub-frames by creating … | |||
| CVE-2012-0817 | medium | — | 5.0 | 15y ago | Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote attackers to cause a denial of service (memory and CPU consumption) by making many connection requests. | |||
| CVE-2012-0898 | medium | — | 5.0 | 15y ago | Directory traversal vulnerability in meb_download.php in the myEASYbackup plugin 1.0.8.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dwn_file parameter. | |||
| CVE-2012-0193 | medium | — | 5.0 | 15y ago | IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.43, 6.1 before 6.1.0.43, 7.0 before 7.0.0.23, and 8.0 before 8.0.0.3 computes hash values for form parameters without restricting the ability … | |||
| CVE-2012-0050 | medium | — | 5.0 | 15y ago | OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NO… | |||
| CVE-2012-0022 | medium | — | 5.0 | 15y ago | Denial of Service in Apache Tomcat | |||
| CVE-2012-0486 | medium | — | 5.0 | 15y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-011… | |||
| CVE-2012-0104 | medium | — | 5.0 | 15y ago | Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1 and 3.1.1 allows remote attackers to affect availability via unknown vectors related to Web Container. | |||
| CVE-2012-0096 | medium | — | 5.0 | 15y ago | Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Network. | |||
| CVE-2012-0072 | medium | — | 5.0 | 15y ago | Unspecified vulnerability in the Listener component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.2 allows remote attackers to affect availability via unknown… | |||
| CVE-2012-0693 | medium | — | 5.0 | 15y ago | submitticket.php in WHMCompleteSolution (WHMCS) 5.03 allows remote attackers to inject arbitrary code into a subject field via crafted ticket data, a different vulnerability than CVE-2011-5061. NOTE:… | |||
| CVE-2012-0027 | medium | — | 5.0 | 15y ago | The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted d… | |||
| CVE-2012-4382 | medium | 4.9 | 4.9 | 9y ago | MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly protect user block metadata, which allows remote administrators to read a user block reason via a reblock attempt. | |||
| CVE-2012-6657 | medium | — | 4.9 | 12y ago | The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5.7 does not ensure that a keepalive action is associated with a stream socket, which allows local users to cause a denial… |