CVEs from 2012
Total
5,199
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.7%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-5744 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in the guest portal in Cisco Identity Services Engine (ISE) Software allow remote attackers to inject arbitrary web script or HTML via unspecified … | |||
| CVE-2012-6458 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in the SilverStripe e-commerce module 3.0 for SilverStripe CMS allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName,… | |||
| CVE-2012-5460 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitra… | |||
| CVE-2012-6581 | medium | — | 4.3 | 13y ago | Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass intended restrictions on reading keys in the product's keyring, and tr… | |||
| CVE-2012-6580 | medium | — | 4.3 | 13y ago | Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, does not ensure that the UI labels unencrypted messages as unencrypted, which might make it easier for r… | |||
| CVE-2012-6578 | medium | — | 4.3 | 13y ago | Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a "Sign by default" queue configuration, uses a queue's key for signing, which might allow remote at… | |||
| CVE-2012-5855 | medium | — | 4.3 | 13y ago | The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorre… | |||
| CVE-2012-6576 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the PRH Search module 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers from certain sources to inject arbitrary web script or HTML via unspecified… | |||
| CVE-2012-6575 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Exposed Filter Data module 6.x-1.x before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-6574 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Fonecta verify module 7.x-1.x before 7.x-1.6 for Drupal allows remote attackers from certain sources to inject arbitrary web script or HTML via unspeci… | |||
| CVE-2012-6573 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or … | |||
| CVE-2012-6572 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the phptemplate_preprocess_node function in template.php in the Inf08 theme 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with the "… | |||
| CVE-2012-6566 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in REDCap before 4.14.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-6564 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in REDCap before 4.14.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-6563 | medium | — | 4.3 | 13y ago | engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors. | |||
| CVE-2012-6561 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in engine/lib/views.php in Elgg before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the view parameter to index.php. NOTE: some o… | |||
| CVE-2012-6137 | medium | — | 4.3 | 13y ago | rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does not verify the Red Hat Network Classic server's X.509 certificate when migrating to a Certificate-based Red Hat Network, which al… | |||
| CVE-2012-4481 | medium | — | 4.3 | 13y ago | The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameError#to_s method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix f… | |||
| CVE-2012-5219 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in HP Managed Printing Administration (MPA) before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-5949 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to inject content, and conduct phishing attacks, via vect… | |||
| CVE-2012-5948 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to inject arbitrary web script or HTML via vectors involv… | |||
| CVE-2012-6092 | medium | — | 4.3 | 13y ago | Cross-site Scripting in Apache ActiveMQ | |||
| CVE-2012-4829 | medium | — | 4.3 | 13y ago | IBM XIV Storage System Gen3 before 11.2 relies on a default X.509 v3 certificate for authentication, which allows man-in-the-middle attackers to spoof servers by leveraging an inappropriate certifica… | |||
| CVE-2012-6097 | medium | — | 4.3 | 13y ago | File descriptor leak in cronie 1.4.8, when running in certain environments, might allow local users to read restricted files, as demonstrated by reading /etc/crontab. | |||
| CVE-2012-4546 | medium | — | 4.3 | 13y ago | The default configuration for IPA servers in Red Hat Enterprise Linux 6, when revoking a certificate from an Identity Management replica, does not properly update another Identity Management replica,… | |||
| CVE-2012-5943 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in IBM iNotes 8.5.x before 8.5.3 FP4 allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving mail, aka SPR JDOE8ZZS… | |||
| CVE-2012-5757 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Web Client in IBM Rational ClearQuest 7.1.x before 7.1.2.10 and 8.x before 8.0.0.6 allows remote attackers to inject arbitrary web script or HTML via a… | |||
| CVE-2012-4462 | medium | — | 4.3 | 13y ago | aviary/jobcontrol.py in Condor, as used in Red Hat Enterprise MRG 2.3, when removing a job, allows remote attackers to cause a denial of service (condor_schedd restart) via square brackets in the cpr… | |||
| CVE-2012-1996 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7.0 allows remote attackers to modify data via unknown vectors. | |||
| CVE-2012-5053 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Receiver Web User Interface on Trimble Infrastructure GNSS Series Receivers NetR3, NetR5, NetR8, and NetR9 before 4.70, and NetRS before 1.3-2, allows … | |||
| CVE-2012-4855 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the web services framework in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 through 7.0.0.6 allows remote attackers to cause a denial of service (login outage) via … | |||
| CVE-2012-4835 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote attackers to inject arbitrary… | |||
| CVE-2012-2193 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Query Studio in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows user-assisted remote… | |||
| CVE-2012-2177 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows user-assisted remote attackers to in… | |||
| CVE-2012-4844 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the web server in IBM Lotus Domino 8.5.x through 8.5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-4558 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x … | |||
| CVE-2012-3499 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors … | |||
| CVE-2012-6072 | medium | — | 4.3 | 13y ago | Jenkins allows HTTP Injection and Response Splitting | |||
| CVE-2012-6121 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.8.5 allows remote attackers to inject arbitrary web script or HTML via a (1) data:text or (2) vbscript link. | |||
| CVE-2012-6093 | medium | — | 4.3 | 13y ago | The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory fro… | |||
| CVE-2012-5624 | medium | — | 4.3 | 13y ago | The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensi… | |||
| CVE-2012-5953 | medium | — | 4.3 | 14y ago | IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, and 8.0 before 8.0.0.2, when the Parse Query Strings option is enabled on an HTTPInput node, allows remote attackers to cause a d… | |||
| CVE-2012-5940 | medium | — | 4.3 | 14y ago | The WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza, when SSL is not enabled, allows remote attackers to discover credentials by sniffing the network during the authentication pro… | |||
| CVE-2012-3328 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1, Maximo Asset Management Essentials 7.1, Tivoli Asset Management for IT 7.1 and 7.2, Tivoli Service Request Manager 7.1 and… | |||
| CVE-2012-3327 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Ser… | |||
| CVE-2012-4352 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Stoneware webNetwork 6.1 before SP1 allow remote attackers to inject arbitrary web script or HTML via the blogName parameter to (1) community/bl… | |||
| CVE-2012-5187 | medium | — | 4.3 | 14y ago | The Weathernews Touch application 2.3.2 and earlier for Android allows attackers to obtain sensitive information about logged locations via a crafted application that leverages read permission for sy… | |||
| CVE-2012-5186 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in FLUGELz netmania myu-s and PHP WeblogSystem allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-3279 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i (NNMi) 8.x, 9.0x, 9.1x, and 9.20 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-1064 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to inject arbitrary web script or HTML via u… | |||
| CVE-2012-6350 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Web component in IBM Cognos TM1 before 9.5.2 FP3 and 10.1 before 10.1 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecifie… | |||
| CVE-2012-6029 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the web-authentication function on the Cisco NAC Appliance 4.9.2 and earlier allow remote attackers to inject arbitrary web script or HTML via t… | |||
| CVE-2012-4819 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in InfoSphere Business Glossary 8.1.1 and 8.1.2, InfoSphere DataStage Operation Console, InfoSphere Administration, and Reporting and Repository Management We… | |||
| CVE-2012-0203 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to inject arb… | |||
| CVE-2012-5670 | medium | — | 4.3 | 14y ago | The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) via vectors related to BDF fonts and an ENCODI… | |||
| CVE-2012-5669 | medium | — | 4.3 | 14y ago | The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to BDF fonts a… | |||
| CVE-2012-5668 | medium | — | 4.3 | 14y ago | FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to BDF fonts and the improper handling of an "allocatio… | |||
| CVE-2012-6521 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in apps/admin/handlers/versions.php in Elefant CMS 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter to admin/versions. | |||
| CVE-2012-6514 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the nBill (com_nbill) component 2.3.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the message parameter in an income act… | |||
| CVE-2012-6511 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in organizer/page/users.php in the Organizer plugin 1.2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) d… | |||
| CVE-2012-5184 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Olive Toast Documents Pro File Viewer (formerly Files HD) app before 1.11.1 for iOS allows remote attackers to inject arbitrary web script or HTML via … | |||
| CVE-2012-6360 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in IBM Intelligent Operations Center 1.5.0 allows remote attackers to inject arbitrary web script or HTML via event data fields. | |||
| CVE-2012-6359 | medium | — | 4.3 | 14y ago | IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.1… | |||
| CVE-2012-6088 | medium | — | 4.3 | 14y ago | The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations involving an "unparseable signature," which allows remote attackers to bypass … | |||
| CVE-2012-5531 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal in JBoss Enterprise Portal Platform 5.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vector… | |||
| CVE-2012-4689 | medium | — | 4.3 | 14y ago | Integer overflow in CimWebServer.exe in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to cause a denia… | |||
| CVE-2012-6397 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Cisco WebEx Social (formerly Cisco Quad) allows remote attackers to inject arbitrary web script or HTML via a crafted RSS service link, aka Bug ID CSCub619… | |||
| CVE-2012-5097 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 10.1.4.3.0, 11.1.1.5.0, and 11.1.2.0.0 allows remote attackers to affect integrity, related to OAM Webgate. | |||
| CVE-2012-5062 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.… | |||
| CVE-2012-5059 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote attackers to affect integrity via unknown vectors related to Portal, a diff… | |||
| CVE-2012-3219 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.… | |||
| CVE-2012-1755 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 allows remote attackers to affect integrity via vectors related to PeopleBooks - PSOL. | |||
| CVE-2012-1677 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware allows remote attackers to affect integrity via unknown vectors. | |||
| CVE-2012-5157 | medium | — | 4.3 | 14y ago | Google Chrome before 24.0.1312.52 does not properly handle image data in PDF documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document. | |||
| CVE-2012-6501 | medium | — | 4.3 | 14y ago | The KillProcess method in the HP PKI ActiveX control (HPPKI.ocx) before 1.2.0.1 allows remote attackers to cause a denial of service (kill process) via the partial or full name of a process. | |||
| CVE-2012-2378 | medium | — | 4.3 | 14y ago | Improper Authentication in Apache CXF | |||
| CVE-2012-4543 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) pageStart or (2) pageSi… | |||
| CVE-2012-5977 | medium | — | 4.3 | 14y ago | Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-dig… | |||
| CVE-2012-5666 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in bookmarks/js/bookmarks.js in ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 allows remote attackers to inject arbitrary web script or HTML via the PAT… | |||
| CVE-2012-5665 | medium | — | 4.3 | 14y ago | ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of user_webdavauth and user_ldap by edi… | |||
| CVE-2012-5654 | medium | — | 4.3 | 14y ago | The Nodewords: D6 Meta Tags module before 6.x-1.14 for Drupal, when configured to automatically generate description meta tags from node text, does not properly filter node content when creating tags… | |||
| CVE-2012-6467 | medium | — | 4.3 | 14y ago | Opera before 12.10 follows Internet shortcuts that are referenced by a (1) IMG element or (2) other inline element, which makes it easier for remote attackers to conduct phishing attacks via a crafte… | |||
| CVE-2012-6464 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript code that overrides methods of unspecified native … | |||
| CVE-2012-6463 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an unspecified sequence of loading of documents and… | |||
| CVE-2012-6459 | medium | — | 4.3 | 14y ago | ConnMan 1.3 on Tizen continues to list the bluetooth service after offline mode has been enabled, which might allow remote attackers to obtain sensitive information via Bluetooth packets. | |||
| CVE-2012-4970 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the web management interface on Polycom HDX Video End Points with UC APL software before 2.7.1.1_J, and commercial software before 3.0.5, allows remote att… | |||
| CVE-2012-6453 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the RSS Reader extension before 0.2.6 for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a crafted feed. | |||
| CVE-2012-6339 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cerberus FTP Server before 5.0.6.0 allow (1) remote attackers to inject arbitrary web script or HTML via a l… | |||
| CVE-2012-6369 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Troubleshooting Reporting System feature in AgileBits 1Password 3.9.9 might allow remote attackers to inject arbitrary web script or HTML via a crafted… | |||
| CVE-2012-5625 | medium | — | 4.3 | 14y ago | OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which a… | |||
| CVE-2012-0962 | medium | — | 4.3 | 14y ago | Aptdaemon 0.43 in Ubuntu 11.10 and 12.04 LTS uses short IDs when importing PPA GPG keys from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-t… | |||
| CVE-2012-0958 | medium | — | 4.3 | 14y ago | content/unity-api.js in the unity-firefox-extension extension 2.4.1 for Firefox exposes the toDataURL function in an API call, which allows remote attackers to bypass the Same Origin Policy and obtai… | |||
| CVE-2012-5591 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Zero Point module 6.x-1.x before 6.x-1.18 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the … | |||
| CVE-2012-5587 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Email Field module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the mailto link. | |||
| CVE-2012-5584 | medium | — | 4.3 | 14y ago | The Table of Contents module 6.x-3.x before 6.x-3.8 for Drupal does not properly check node permissions, which allows remote attackers to read a node's headers by accessing a table of contents block. | |||
| CVE-2012-5182 | medium | — | 4.3 | 14y ago | The Loctouch application 3.4.6 and earlier for Android does not properly handle implicit intents, which allows attackers to obtain sensitive information about logged locations via a crafted applicati… | |||
| CVE-2012-5180 | medium | — | 4.3 | 14y ago | The Opera Mobile application before 12.1 and Opera Mini application before 7.5 for Android do not properly implement the WebView class, which allows attackers to obtain sensitive information via a cr… | |||
| CVE-2012-0428 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-4698 | medium | — | 4.3 | 14y ago | Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS through 1.14.5, ROX II OS through 2.3.0, and RuggedMax OS through 4.2.1.4621.22 use hardcoded private keys for SSL and SSH commun… | |||
| CVE-2012-5181 | medium | — | 4.3 | 14y ago | Concrete5 Vulnerable to Cross-Site Scripting (XSS) |