CVEs from 2012
Total
5,199
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.7%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-6460 | medium | — | 5.0 | 14y ago | Opera before 11.67 and 12.x before 12.02 allows remote attackers to cause truncation of a dialog, and possibly trigger downloading and execution of arbitrary programs, via a crafted web site. | |||
| CVE-2012-6084 | medium | — | 5.0 | 14y ago | modules/m_capab.c in (1) ircd-ratbox before 3.0.8 and (2) Charybdis before 3.4.2 does not properly support capability negotiation during server handshakes, which allows remote attackers to cause a de… | |||
| CVE-2012-5573 | medium | — | 5.0 | 14y ago | The connection_edge_process_relay_cell function in or/relay.c in Tor before 0.2.3.25 maintains circuits even if an unexpected SENDME cell arrives, which might allow remote attackers to cause a denial… | |||
| CVE-2012-6314 | medium | — | 5.0 | 14y ago | Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, when making changes to the server-side policy that control USB redirection, does not propagate changes to the VDA, which allows aut… | |||
| CVE-2012-4616 | medium | — | 5.0 | 14y ago | Directory traversal vulnerability in the Web UI in EMC Data Protection Advisor (DPA) 5.6 through SP1, 5.7 through SP1, and 5.8 through SP4 allows remote attackers to read arbitrary files via unspecif… | |||
| CVE-2012-4444 | medium | — | 5.0 | 14y ago | The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux kernel before 2.6.36 allows remote attackers to bypass intended network restrictions via overlapping IPv6 fragments. | |||
| CVE-2012-0841 | medium | — | 5.0 | 14y ago | libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumptio… | |||
| CVE-2012-6497 | medium | — | 5.0 | 14y ago | The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe find_by_id method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL i… | |||
| CVE-2012-5765 | medium | — | 5.0 | 14y ago | The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a… | |||
| CVE-2012-5643 | medium | — | 5.0 | 14y ago | Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory… | |||
| CVE-2012-5978 | medium | — | 5.0 | 14y ago | Multiple directory traversal vulnerabilities in the (1) View Connection Server and (2) View Security Server in VMware View 4.x before 4.6.2 and 5.x before 5.1.2 allow remote attackers to read arbitra… | |||
| CVE-2012-5607 | medium | — | 5.0 | 14y ago | The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified vec… | |||
| CVE-2012-5574 | medium | — | 5.0 | 14y ago | lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote attackers to read arbitrary files via a crafted upload request. | |||
| CVE-2012-3277 | medium | — | 5.0 | 14y ago | HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha platform does not properly implement the LOGIN and ACME_SERVER ACMELOGIN programs, which allows remo… | |||
| CVE-2012-4977 | medium | — | 5.0 | 14y ago | Layton Helpbox 4.4.0 allows remote attackers to discover cleartext credentials for the login page by sniffing the network. | |||
| CVE-2012-4976 | medium | — | 5.0 | 14y ago | selectawasset.asp in Layton Helpbox 4.4.0 allows remote attackers to discover ODBC database credentials via an element=sys_asset_id request, which is not properly handled during construction of an er… | |||
| CVE-2012-3273 | medium | — | 5.0 | 14y ago | Multiple unspecified vulnerabilities on the HP LaserJet Pro 400 MFP M425 with firmware 20120625 and LaserJet 400 M401 with firmware 20120621 allow remote attackers to obtain sensitive information via… | |||
| CVE-2012-5055 | medium | — | 5.0 | 14y ago | Exposure of Sensitive Information to an Unauthorized Actor in Spring Security | |||
| CVE-2012-6062 | medium | — | 5.0 | 14y ago | The dissect_rtcp_app function in epan/dissectors/packet-rtcp.c in the RTCP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infi… | |||
| CVE-2012-6061 | medium | — | 5.0 | 14y ago | The dissect_wtp_common function in epan/dissectors/packet-wtp.c in the WTP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 uses an incorrect data type for a certain length field, wh… | |||
| CVE-2012-6060 | medium | — | 5.0 | 14y ago | Integer overflow in the dissect_iscsi_pdu function in epan/dissectors/packet-iscsi.c in the iSCSI dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a … | |||
| CVE-2012-6059 | medium | — | 5.0 | 14y ago | The dissect_isakmp function in epan/dissectors/packet-isakmp.c in the ISAKMP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 uses an incorrect data structure to determine IKEv2 decr… | |||
| CVE-2012-6058 | medium | — | 5.0 | 14y ago | Integer overflow in the dissect_icmpv6 function in epan/dissectors/packet-icmpv6.c in the ICMPv6 dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a d… | |||
| CVE-2012-6057 | medium | — | 5.0 | 14y ago | The dissect_eigrp_metric_comm function in epan/dissectors/packet-eigrp.c in the EIGRP dissector in Wireshark 1.8.x before 1.8.4 uses the wrong data type for a certain offset value, which allows remot… | |||
| CVE-2012-6056 | medium | — | 5.0 | 14y ago | Integer overflow in the dissect_sack_chunk function in epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infini… | |||
| CVE-2012-6055 | medium | — | 5.0 | 14y ago | epan/dissectors/packet-3g-a11.c in the 3GPP2 A11 dissector in Wireshark 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a zero value in a sub-type length f… | |||
| CVE-2012-6054 | medium | — | 5.0 | 14y ago | The dissect_sflow_245_address_type function in epan/dissectors/packet-sflow.c in the sFlow dissector in Wireshark 1.8.x before 1.8.4 does not properly handle length calculations for an invalid IP add… | |||
| CVE-2012-6053 | medium | — | 5.0 | 14y ago | epan/dissectors/packet-usb.c in the USB dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 relies on a length field to calculate an offset value, which allows remote attackers to cause… | |||
| CVE-2012-6052 | medium | — | 5.0 | 14y ago | Wireshark 1.8.x before 1.8.4 allows remote attackers to obtain sensitive hostname information by reading pcap-ng files. | |||
| CVE-2012-5859 | medium | — | 5.0 | 14y ago | Samsung Kies Air 2.1.207051 and 2.1.210161 allows remote attackers to cause a denial of service (crash) via a crafted request to www/apps/KiesAir/jws/ssd.php. | |||
| CVE-2012-5554 | medium | — | 5.0 | 14y ago | The default configuration for the Webform CiviCRM Integration module 7.x-3.x before 7.x-3.2 has "Enforce Permissions" disabled, which allows remote attackers to obtain contact information by reading … | |||
| CVE-2012-5552 | medium | — | 5.0 | 14y ago | The Password policy module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to obtain password hashes by sniffing the network, related to "client-side password his… | |||
| CVE-2012-1599 | medium | — | 5.0 | 14y ago | Joomla! 1.5.x before 1.5.26 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end information" via unknown vectors. NOTE: this might be a duplicate… | |||
| CVE-2012-5614 | medium | — | 5.0 | 14y ago | Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT com… | |||
| CVE-2012-4561 | medium | — | 5.0 | 14y ago | The (1) publickey_make_dss, (2) publickey_make_rsa, (3) signature_from_string, (4) ssh_do_sign, and (5) ssh_sign_session_id functions in keys.c in libssh before 0.5.3 free "an invalid pointer on an e… | |||
| CVE-2012-4477 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to bypass access restrictions via unknown attack vectors. | |||
| CVE-2012-4475 | medium | — | 5.0 | 14y ago | The Security Questions module for Drupal 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.1 does not properly restrict access, which allows remote attackers to edit an arbitrary user's questions and a… | |||
| CVE-2012-4471 | medium | — | 5.0 | 14y ago | The Search Autocomplete module 7.x-2.x before 7.x-2.4 for Drupal does not properly restrict access to the module admin page, which allows remote attackers to disable an autocompletion or change the p… | |||
| CVE-2012-5568 | medium | — | 5.0 | 14y ago | Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris. | |||
| CVE-2012-4834 | medium | — | 5.0 | 14y ago | Directory traversal vulnerability in LayerLoader.jsp in the theme component in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF19 and 8.0 before CF03 allows remote attackers to read arbitrary files… | |||
| CVE-2012-4557 | medium | — | 5.0 | 14y ago | The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to ca… | |||
| CVE-2012-4841 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in Tivoli Endpoint Manager for Remote Control Broker 8.2 before 8.2.1-TIV-TEMRC821-IF0002 allows remote attackers to cause a denial of service (resource consumption) via unk… | |||
| CVE-2012-6051 | medium | — | 5.0 | 14y ago | Google CityHash computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consum… | |||
| CVE-2012-5373 | medium | — | 5.0 | 14y ago | Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier, computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers… | |||
| CVE-2012-5372 | medium | — | 5.0 | 14y ago | Rubinius computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) … | |||
| CVE-2012-5371 | medium | — | 5.0 | 14y ago | Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attac… | |||
| CVE-2012-5370 | medium | — | 5.0 | 14y ago | JRuby denial of service via Hash Collision | |||
| CVE-2012-2739 | medium | — | 5.0 | 14y ago | Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8 before build 39, computes hash values without restricting the ability to trigger hash collisions predictably, which allows co… | |||
| CVE-2012-5132 | medium | — | 5.0 | 14y ago | Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial of service (application crash) via a response with chunked transfer coding. | |||
| CVE-2012-5130 | medium | — | 5.0 | 14y ago | Skia, as used in Google Chrome before 23.0.1271.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||
| CVE-2012-6049 | medium | — | 5.0 | 14y ago | Open Solution Quick.Cart 5.0 allows remote attackers to obtain sensitive information via (1) a long string or (2) invalid characters in a cookie, which reveals the installation path in an error messa… | |||
| CVE-2012-2438 | medium | — | 5.0 | 14y ago | ar web content manager (AWCM) 2.2 does not restrict the number of comment records that can be submitted through HTTP requests, which allows remote attackers to cause a denial of service (disk consump… | |||
| CVE-2012-4522 | medium | — | 5.0 | 14y ago | The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected… | |||
| CVE-2012-0818 | medium | — | 5.0 | 14y ago | Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy | |||
| CVE-2012-5526 | medium | — | 5.0 | 14y ago | CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applicati… | |||
| CVE-2012-5703 | medium | — | 5.0 | 14y ago | The vSphere API in VMware ESXi 4.1 and ESX 4.1 allows remote attackers to cause a denial of service (host daemon crash) via an invalid value in a (1) RetrieveProp or (2) RetrievePropEx SOAP request. | |||
| CVE-2012-5918 | medium | — | 5.0 | 14y ago | razorCMS 1.2 allows remote authenticated users to access administrator directories and files by creating and deleting a directory. | |||
| CVE-2012-4423 | medium | — | 5.0 | 14y ago | The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and segmentation fault) via an RPC call with (1) a… | |||
| CVE-2012-4947 | medium | — | 5.0 | 14y ago | Agile FleetCommander and FleetCommander Kiosk before 4.08 store database credentials in cleartext, which allows remote attackers to obtain sensitive information via requests to unspecified pages. | |||
| CVE-2012-4946 | medium | — | 5.0 | 14y ago | Agile FleetCommander and FleetCommander Kiosk before 4.08 use an XOR format for password encryption, which makes it easier for context-dependent attackers to obtain sensitive information by reading a… | |||
| CVE-2012-4575 | medium | — | 5.0 | 14y ago | The add_database function in objects.c in the pgbouncer pooler 1.5.2 for PostgreSQL allows remote attackers to cause a denial of service (daemon outage) via a long database name in a request. | |||
| CVE-2012-5916 | medium | — | 5.0 | 14y ago | Neocrome Seditio build 161 allows remote attackers to obtain sensitive information via a direct request to (1) docs/new/seditio-createnew-160.sql, (2) docs/upgrade/sedito_convert_to_utf8.optional.sql… | |||
| CVE-2012-5915 | medium | — | 5.0 | 14y ago | Neocrome Seditio build 161 and earlier allows remote attackers to obtain sensitive information via direct request to (1) view.php, (2) plugins/contact/lang/contact.en.lang.php, (3) system/lang/en/mai… | |||
| CVE-2012-5905 | medium | — | 5.0 | 14y ago | Buffer overflow in KnFTPd 1.0.0 allows remote authenticated users to cause a denial of service (crash) via a long string in a FEAT command. | |||
| CVE-2012-5901 | medium | — | 5.0 | 14y ago | DFLabs PTK 1.0.5 stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read logs, images, or reports via a direct req… | |||
| CVE-2012-5892 | medium | — | 5.0 | 14y ago | Havalite CMS 1.1.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the configuration database via a direct requ… | |||
| CVE-2012-5890 | medium | — | 5.0 | 14y ago | Front End User Registration (sr_feuser_register) extension for TYPO3 allows remote attackers to obtain user names, passwords | |||
| CVE-2012-5886 | medium | — | 5.0 | 14y ago | Improper Authentication in Apache Tomcat | |||
| CVE-2012-5885 | medium | — | 5.0 | 14y ago | Improper Access Control in Apache Tomcat | |||
| CVE-2012-5172 | medium | — | 5.0 | 14y ago | The Asial Monaca Debugger application before 1.4.2 for Android allows remote attackers to obtain sensitive (1) account or (2) session ID information in a system log file via a crafted application. | |||
| CVE-2012-2733 | medium | — | 5.0 | 14y ago | java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which … | |||
| CVE-2012-5884 | medium | — | 5.0 | 14y ago | The User.get method in Bugzilla/WebService/User.pm in Bugzilla 4.3.2 allows remote attackers to obtain sensitive information about the saved searches of arbitrary users via an XMLRPC request or a JSO… | |||
| CVE-2012-4197 | medium | — | 5.0 | 14y ago | Bugzilla/Attachment.pm in attachment.cgi in Bugzilla 2.x and 3.x before 3.6.12, 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 allows remote attackers t… | |||
| CVE-2012-3330 | medium | — | 5.0 | 14y ago | The proxy server in IBM WebSphere Application Server 7.0 before 7.0.0.27, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1, and WebSphere Virtual Enterprise, allows remote attackers to cause a denial of se… | |||
| CVE-2012-2532 | medium | — | 5.0 | 14y ago | Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive informa… | |||
| CVE-2012-1896 | medium | — | 5.0 | 14y ago | Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted … | |||
| CVE-2012-1812 | medium | — | 5.0 | 14y ago | eosfailoverservice.exe in C3-ilex EOScada before 11.0.19.2 allows remote attackers to obtain sensitive cleartext information via a session on TCP port 12000. | |||
| CVE-2012-1810 | medium | — | 5.0 | 14y ago | EOSCoreScada.exe in C3-ilex EOScada before 11.0.19.2 allows remote attackers to cause a denial of service (daemon restart) by sending data to TCP port (1) 5050 or (2) 24004. | |||
| CVE-2012-4884 | medium | — | 5.0 | 14y ago | Argument injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to create arbitrary files via unspecified vectors related to the GnuPG clie… | |||
| CVE-2012-4734 | medium | — | 5.0 | 14y ago | Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to conduct a "confused deputy" attack to bypass the CSRF warning protection mechanism and cause victims to "mod… | |||
| CVE-2012-5171 | medium | — | 5.0 | 14y ago | Directory traversal vulnerability in Be Graph BeZIP before 3.10 allows remote attackers to create or overwrite arbitrary files via a crafted archive file. | |||
| CVE-2012-3315 | medium | — | 5.0 | 14y ago | The Java servlets in the management console in IBM Tivoli Federated Identity Manager (TFIM) through 6.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) before 6.2.2 do not require a… | |||
| CVE-2012-5424 | medium | — | 5.0 | 14y ago | Cisco Secure Access Control System (ACS) 5.x before 5.2 Patch 11 and 5.3 before 5.3 Patch 7, when a certain configuration involving TACACS+ and LDAP is used, does not properly validate passwords, whi… | |||
| CVE-2012-5123 | medium | — | 5.0 | 14y ago | Skia, as used in Google Chrome before 23.0.1271.64, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||
| CVE-2012-3749 | medium | — | 5.0 | 14y ago | The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key, which makes it easier for remote attackers to bypass the AS… | |||
| CVE-2012-4499 | medium | — | 5.0 | 14y ago | The contact formatter page in the Email Field module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to email the stored address in the entity via unspecified vec… | |||
| CVE-2012-4488 | medium | — | 5.0 | 14y ago | The Location module 6.x before 6.x-3.2 and 7.x before 7.x-3.0-alpha1 for Drupal does not properly check user or node access permissions, which allows remote attackers to read node or user results via… | |||
| CVE-2012-4483 | medium | — | 5.0 | 14y ago | The commons_discussion_views_default_views function in modules/features/commons_discussion/commons_discussion.views_default.inc in the Drupal Commons module 6.x-2.x before 6.x-2.8 for Drupal does not… | |||
| CVE-2012-4482 | medium | — | 5.0 | 14y ago | The Ubercart SecureTrading Payment Method module 6.x for Drupal does not properly verify payment notification information, which allows remote attackers to purchase an item without paying via unspeci… | |||
| CVE-2012-4517 | medium | — | 5.0 | 14y ago | ibacm before 1.0.6 does not properly manage reference counts for multicast connections, which allows remote attackers to cause a denial of service (ibacm service crash) via a crafted join response. | |||
| CVE-2012-4507 | medium | — | 5.0 | 14y ago | The strchr function in procmime.c in Claws Mail (aka claws-mail) 3.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted email. | |||
| CVE-2012-2972 | medium | — | 5.0 | 14y ago | The (1) server and (2) agent components in CA ARCserve Backup r12.5, r15, and r16 on Windows do not properly validate RPC requests, which allows remote attackers to cause a denial of service (service… | |||
| CVE-2012-5094 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 5.2.2 and 6.1.0.0 allows remote attackers to affect confidentiality via unknown vectors r… | |||
| CVE-2012-5063 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0, 11.0.0 through 11.4.0, and 1… | |||
| CVE-2012-3222 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Oracle iRecruitment component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect availability via unknown vect… | |||
| CVE-2012-3171 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality via unknown … | |||
| CVE-2012-3155 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the CORBA ORB component in Sun GlassFish Enterprise Server 2.1.1, Oracle GlassFish Server 3.0.1 and 3.1.2, and Sun Java System Application Server 8.1 and 8.2 allows remot… | |||
| CVE-2012-5082 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect availability via unknown vectors. | |||
| CVE-2012-5079 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows… | |||
| CVE-2012-5075 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to a… |