CVEs from 2012
Total
5,199
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.7%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-5497 | medium | — | 5.0 | 4y ago | membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL. | |||
| CVE-2012-1176 | medium | — | 5.0 | 4y ago | Buffer overflow in the fribidi_utf8_to_unicode function in PyFriBidi before 0.11.0 allows remote attackers to cause a denial of service (application crash) via a 4-byte utf-8 sequence. | |||
| CVE-2012-6661 | medium | — | 5.0 | 8y ago | Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via … | |||
| CVE-2012-2150 | medium | — | 5.0 | 11y ago | xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image. | |||
| CVE-2012-2808 | medium | — | 5.0 | 11y ago | The PRNG implementation in the DNS resolver in Bionic in Android before 4.1.1 incorrectly uses time and PID information during the generation of random numbers for query ID values and UDP source port… | |||
| CVE-2012-6687 | medium | — | 5.0 | 11y ago | FastCGI (aka fcgi and libfcgi) 2.4.0 allows remote attackers to cause a denial of service (segmentation fault and crash) via a large number of connections. | |||
| CVE-2012-6656 | medium | — | 5.0 | 12y ago | iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the ico… | |||
| CVE-2012-5508 | medium | — | 5.0 | 12y ago | The error pages in Plone before 4.2.3 and 4.3 before beta 1 allow remote attackers to obtain random numbers and derive the PRNG state for password resets via unspecified vectors. NOTE: this identifi… | |||
| CVE-2012-5696 | medium | — | 5.0 | 12y ago | Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 does not properly restrict access to frameworkgui/config, which allows remote attackers to obtain the plaintext database password via a d… | |||
| CVE-2012-5505 | medium | — | 5.0 | 12y ago | atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name. | |||
| CVE-2012-5503 | medium | — | 5.0 | 12y ago | ftp.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read hidden folder contents via unspecified vectors. | |||
| CVE-2012-5501 | medium | — | 5.0 | 12y ago | at_download.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary BLOBs (Files and Images) stored on custom content types via a crafted URL. | |||
| CVE-2012-5499 | medium | — | 5.0 | 12y ago | python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (memory consumption) via a large value, related to formatColumns. | |||
| CVE-2012-5498 | medium | — | 5.0 | 12y ago | queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to bypass caching and cause a denial of service via a crafted request to a collection. | |||
| CVE-2012-5496 | medium | — | 5.0 | 12y ago | kupu_spellcheck.py in Kupu in Plone before 4.0 allows remote attackers to cause a denial of service (ZServer thread lock) via a crafted URL. | |||
| CVE-2012-5495 | medium | — | 5.0 | 12y ago | python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to "go_back." | |||
| CVE-2012-5488 | medium | — | 5.0 | 12y ago | python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject. | |||
| CVE-2012-5621 | medium | — | 5.0 | 12y ago | lib/engine/components/opal/opal-call.cpp in ekiga before 4.0.0 allows remote attackers to cause a denial of service (crash) via an OPAL connection with a party name that contains invalid UTF-8 string… | |||
| CVE-2012-6651 | medium | — | 5.0 | 12y ago | Multiple directory traversal vulnerabilities in the Vitamin plugin before 1.1.0 for WordPress allow remote attackers to access arbitrary files via a .. (dot dot) in the path parameter to (1) add_head… | |||
| CVE-2012-2682 | medium | — | 5.0 | 12y ago | Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, allows attackers with certain database privileges to cause a denial of service (inaccessible page) via a non-ASCII character… | |||
| CVE-2012-3521 | medium | — | 5.0 | 12y ago | GeSHi vulnerable to Directory Traversal | |||
| CVE-2012-5572 | medium | — | 5.0 | 12y ago | CRLF injection vulnerability in the cookie method (lib/Dancer/Cookie.pm) in Dancer before 1.3114 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks v… | |||
| CVE-2012-6452 | medium | — | 5.0 | 12y ago | Axway Secure Messenger before 6.5 Updated Release 7, as used in Axway Email Firewall, provides different responses to authentication requests depending on whether the user exists, which allows remote… | |||
| CVE-2012-3946 | medium | — | 5.0 | 12y ago | Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops… | |||
| CVE-2012-4658 | medium | — | 5.0 | 12y ago | The ios-authproxy implementation in Cisco IOS before 15.1(1)SY3 allows remote attackers to cause a denial of service (webauth and HTTP service outage) via vectors that trigger incorrectly terminated … | |||
| CVE-2012-0360 | medium | — | 5.0 | 12y ago | Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376. | |||
| CVE-2012-0033 | medium | — | 5.0 | 12y ago | The CBounceDCCMod::OnPrivCTCP function in bouncedcc.cpp in the bouncedcc module in ZNC 0.200 and 0.202 allows remote attackers to cause a denial of service (crash) via a crafted DCC RESUME request. | |||
| CVE-2012-4920 | medium | — | 5.0 | 12y ago | Directory traversal vulnerability in the zing_forum_output function in forum.php in the Zingiri Forum (aka Forums) plugin before 1.4.4 for WordPress allows remote attackers to read arbitrary files vi… | |||
| CVE-2012-5641 | medium | — | 5.0 | 12y ago | Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0, as used in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1, allows … | |||
| CVE-2012-1171 | medium | — | 5.0 | 13y ago | The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use o… | |||
| CVE-2012-3405 | medium | — | 5.0 | 13y ago | The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to … | |||
| CVE-2012-3404 | medium | — | 5.0 | 13y ago | The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to … | |||
| CVE-2012-2328 | medium | — | 5.0 | 13y ago | internal/cimxml/sax/NodeFactory.java in Standards-Based Linux Instrumentation for Manageability (SBLIM) Common Information Model (CIM) Client (aka sblim-cim-client2) before 2.1.12 computes hash value… | |||
| CVE-2012-6152 | medium | — | 5.0 | 13y ago | The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service (application crash) via crafted byte … | |||
| CVE-2012-2250 | medium | — | 5.0 | 13y ago | Tor before 0.2.3.24-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) by performing link protocol negotiation incorrectly. | |||
| CVE-2012-2249 | medium | — | 5.0 | 13y ago | Tor before 0.2.3.23-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a renegotiation attempt that occurs after the initiation of the V3 link protocol. | |||
| CVE-2012-2997 | medium | — | 5.0 | 13y ago | XML External Entity (XXE) vulnerability in sam/admin/vpe2/public/php/server.php in F5 BIG-IP 10.0.0 through 10.2.4 and 11.0.0 through 11.2.1 allows remote authenticated users to read arbitrary files … | |||
| CVE-2012-2898 | medium | — | 5.0 | 13y ago | Google Chrome before 21.0.1180.82 on iOS on iPad devices allows remote attackers to spoof the Omnibox URL via vectors involving SSL error messages, a related issue to CVE-2012-0674. | |||
| CVE-2012-6616 | medium | — | 5.0 | 13y ago | The mov_text_decode_frame function in libavcodec/movtextdec.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via crafted 3GPP TS 26.245 dat… | |||
| CVE-2012-4503 | medium | — | 5.0 | 13y ago | cmdmon.c in Chrony before 1.29 allows remote attackers to obtain potentially sensitive information from stack memory via vectors related to (1) an invalid subnet in a RPY_SUBNETS_ACCESSED command to … | |||
| CVE-2012-4502 | medium | — | 5.0 | 13y ago | Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote attackers to cause a denial of service (crash) via a crafted (1) REQ_SUBNETS_ACCESSED or (2) REQ_CLIENT_ACCESSES command r… | |||
| CVE-2012-4098 | medium | — | 5.0 | 13y ago | The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka … | |||
| CVE-2012-4091 | medium | — | 5.0 | 13y ago | The RIP service engine in Cisco NX-OS allows remote attackers to cause a denial of service (engine restart) via a malformed (1) RIPv4 or (2) RIPv6 message, aka Bug ID CSCtj73415. | |||
| CVE-2012-5627 | medium | — | 5.0 | 13y ago | Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection wh… | |||
| CVE-2012-4079 | medium | — | 5.0 | 13y ago | The XML API service in the Fabric Interconnect component in Cisco Unified Computing System (UCS) allows remote attackers to cause a denial of service (API service outage) via a malformed XML document… | |||
| CVE-2012-4085 | medium | — | 5.0 | 13y ago | The Intelligent Platform Management Interface (IPMI) implementation in the Blade Management Controller in Cisco Unified Computing System (UCS) allows remote attackers to enumerate valid usernames by … | |||
| CVE-2012-6596 | medium | — | 5.0 | 13y ago | Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.3 stores cleartext LDAP bind passwords in authd.log, which allows context-dependent attackers to obtain sensitive information by read… | |||
| CVE-2012-3913 | medium | — | 5.0 | 13y ago | The Cisco VC220 and VC240 cameras allow remote attackers to cause a denial of service (WebUI outage) via crafted packets, aka Bug IDs CSCtf73188, CSCtf88059, CSCtf87951, CSCtf87908, and CSCtf88019. | |||
| CVE-2012-5217 | medium | — | 5.0 | 13y ago | HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability tha… | |||
| CVE-2012-5936 | medium | — | 5.0 | 13y ago | IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 do not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capt… | |||
| CVE-2012-3544 | medium | — | 5.0 | 13y ago | Apache Tomcat Vulnerable to Denial of Service (DoS) via Improper Handling of chunk extensions | |||
| CVE-2012-5657 | medium | — | 5.0 | 13y ago | Zend Framework XXE Vulnerability | |||
| CVE-2012-5222 | medium | — | 5.0 | 13y ago | HP Service Manager Web Tier 9.31 before 9.31.2004 p2 allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2012-4952 | medium | — | 5.0 | 13y ago | Henry Schein Dentrix G5 before 15.1.294 has a single internal-database password that is shared across different customers' installations, which allows remote attackers to obtain sensitive information… | |||
| CVE-2012-5221 | medium | — | 5.0 | 13y ago | Directory traversal vulnerability in the PostScript Interpreter, as used on the HP LaserJet 4xxx, 5200, 90xx, M30xx, M4345, M50xx, M90xx, P3005, and P4xxx; LaserJet Enterprise P3015; Color LaserJet 3… | |||
| CVE-2012-4466 | medium | — | 5.0 | 13y ago | Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the… | |||
| CVE-2012-4464 | medium | — | 5.0 | 13y ago | Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the (1) exc_to_s or (2) name_err_… | |||
| CVE-2012-6551 | medium | — | 5.0 | 13y ago | Apache ActiveMQ default configuration subject to denial of service | |||
| CVE-2012-6139 | medium | — | 5.0 | 13y ago | libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (… | |||
| CVE-2012-4460 | medium | — | 5.0 | 13y ago | The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via … | |||
| CVE-2012-4459 | medium | — | 5.0 | 13y ago | Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which trigge… | |||
| CVE-2012-4458 | medium | — | 5.0 | 13y ago | The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the clien… | |||
| CVE-2012-4066 | medium | — | 5.0 | 13y ago | The internal message protocol for Walrus in Eucalyptus 3.2.0 and earlier does not require signatures for unspecified request headers, which allows attackers to (1) delete or (2) upload snapshots. | |||
| CVE-2012-3411 | medium | — | 5.0 | 13y ago | Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplificat… | |||
| CVE-2012-4840 | medium | — | 5.0 | 13y ago | IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote attackers to conduct XPath injection attacks, and call XPath extension fu… | |||
| CVE-2012-1016 | medium | — | 5.0 | 13y ago | The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 attempts t… | |||
| CVE-2012-6128 | medium | — | 5.0 | 13y ago | Multiple stack-based buffer overflows in http.c in OpenConnect before 4.08 allow remote VPN gateways to cause a denial of service (application crash) via a long (1) hostname, (2) path, or (3) cookie … | |||
| CVE-2012-5952 | medium | — | 5.0 | 14y ago | IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, and 8.0 before 8.0.0.2 does not validate Basic Authentication credentials before proceeding to WS-Addressing and WS-Security oper… | |||
| CVE-2012-5375 | medium | — | 5.0 | 14y ago | The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (prevention of file creation) by leveraging the ability to write to a… | |||
| CVE-2012-5198 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in HP ArcSight Connector Appliance before 6.3 and ArcSight Logger 5.2 and earlier allows remote attackers to obtain sensitive information via unknown vectors. | |||
| CVE-2012-4712 | medium | — | 5.0 | 14y ago | Moxa EDR-G903 series routers with firmware before 2.11 have a hardcoded account, which allows remote attackers to obtain unspecified device access via unknown vectors. | |||
| CVE-2012-6532 | medium | — | 5.0 | 14y ago | Zend Framework XEE Vulnerability | |||
| CVE-2012-6352 | medium | — | 5.0 | 14y ago | The Session Manager in IBM Sterling Connect:Direct through 4.1.0.3 on UNIX allows remote attackers to cause a denial of service (daemon crash and disk consumption) via crafted data. | |||
| CVE-2012-6112 | medium | — | 5.0 | 14y ago | classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x be… | |||
| CVE-2012-6105 | medium | — | 5.0 | 14y ago | blog/rsslib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 continues to provide a blog RSS feed after blogging is disabled, which allows remote atta… | |||
| CVE-2012-6104 | medium | — | 5.0 | 14y ago | blog/rsslib.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allows remote attackers to obtain sensitive information from site-level blogs by leveraging the guest role and… | |||
| CVE-2012-4917 | medium | — | 5.0 | 14y ago | The TripAdvisor app 6.6 for iOS sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. | |||
| CVE-2012-6441 | medium | — | 5.0 | 14y ago | An information exposure of confidential information results when the device receives a specially crafted CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP. Successful expl… | |||
| CVE-2012-6515 | medium | — | 5.0 | 14y ago | eFront 3.6.10, 3.6.11 build 15059, and earlier allows remote attackers to obtain sensitive information via invalid courses_ID parameter in the lesson_info module to index.php, which reveals the insta… | |||
| CVE-2012-6512 | medium | — | 5.0 | 14y ago | The Organizer plugin 1.2.1 for WordPress allows remote attackers to obtain the installation path via unspecified vectors to (1) plugin_hook.php, (2) page/index.php, (3) page/dir.php (4) page/options.… | |||
| CVE-2012-3364 | medium | — | 5.0 | 14y ago | Multiple stack-based buffer overflows in the Near Field Communication Controller Interface (NCI) in the Linux kernel before 3.4.5 allow remote attackers to cause a denial of service (crash) and possi… | |||
| CVE-2012-6113 | medium | — | 5.0 | 14y ago | The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 through 5.3.13 does not initialize a certain variable, which allows remote attackers to obtain sensitive information from process me… | |||
| CVE-2012-2124 | medium | — | 5.0 | 14y ago | functions/imap_general.php in SquirrelMail, as used in Red Hat Enterprise Linux (RHEL) 4 and 5, does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial… | |||
| CVE-2012-5444 | medium | — | 5.0 | 14y ago | Cisco TelePresence Video Communication Server (VCS) X7.0.3 does not properly process certain search rules, which allows remote attackers to create conferences via an unspecified Conductor request, ak… | |||
| CVE-2012-3170 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to Siebel Core - Server Infrastru… | |||
| CVE-2012-3169 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to Siebel Core - Server Infrastru… | |||
| CVE-2012-1702 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors. | |||
| CVE-2012-1701 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Highly Interactive Web UI. | |||
| CVE-2012-5155 | medium | — | 5.0 | 14y ago | Google Chrome before 24.0.1312.52 on Mac OS X does not use an appropriate sandboxing approach for worker processes, which makes it easier for remote attackers to bypass intended access restrictions v… | |||
| CVE-2012-5152 | medium | — | 5.0 | 14y ago | Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving seek operations on video data. | |||
| CVE-2012-5146 | medium | — | 5.0 | 14y ago | Google Chrome before 24.0.1312.52 allows remote attackers to bypass the Same Origin Policy via a malformed URL. | |||
| CVE-2012-5976 | medium | — | 5.0 | 14y ago | Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Dig… | |||
| CVE-2012-5655 | medium | — | 5.0 | 14y ago | The Context module 6.x-3.x before 6.x-3.1 and 7.x-3.x before 7.x-3.0-beta6 for Drupal does not properly restrict access to block content, which allows remote attackers to obtain sensitive information… | |||
| CVE-2012-5652 | medium | — | 5.0 | 14y ago | Drupal 6.x before 6.27 allows remote attackers to obtain sensitive information about uploaded files via a (1) RSS feed or (2) search result. | |||
| CVE-2012-5651 | medium | — | 5.0 | 14y ago | Drupal 6.x before 6.27 and 7.x before 7.18 displays information for blocked users, which might allow remote attackers to obtain sensitive information by reading the search results. | |||
| CVE-2012-6471 | medium | — | 5.0 | 14y ago | Opera before 12.12 allows remote attackers to spoof the address field via a high rate of HTTP requests. | |||
| CVE-2012-6469 | medium | — | 5.0 | 14y ago | Opera before 12.11 allows remote attackers to determine the existence of arbitrary local files via vectors involving web script in an error page. | |||
| CVE-2012-6466 | medium | — | 5.0 | 14y ago | Opera before 12.10 does not properly handle incorrect size data in a WebP image, which allows remote attackers to obtain potentially sensitive information from process memory by using a crafted image… | |||
| CVE-2012-6462 | medium | — | 5.0 | 14y ago | Opera before 12.10 does not properly implement the Cross-Origin Resource Sharing (CORS) specification, which allows remote attackers to bypass intended page-content restrictions via a crafted request. | |||
| CVE-2012-6461 | medium | — | 5.0 | 14y ago | The X.509 certificate-validation functionality in the https implementation in Opera before 12.10 allows remote attackers to trigger a false indication of successful revocation-status checking by caus… |