CVEs from 2012
Total
5,199
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.7%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-4839 | medium | — | 4.3 | 14y ago | The OSLC interface in the Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to conduct phishing attacks via a FRAME element. | |||
| CVE-2012-3428 | medium | — | 4.3 | 14y ago | User confusion in IronJacamar | |||
| CVE-2012-5177 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Welcart plugin before 1.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-4846 | medium | — | 4.3 | 14y ago | IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly flag in a Set-Cookie header for a web-application cookie, which makes it easier for remote attackers to obtain potentially sensiti… | |||
| CVE-2012-4431 | medium | — | 4.3 | 14y ago | Cross-Site Request Forgery in Apache Tomcat | |||
| CVE-2012-3546 | medium | — | 4.3 | 14y ago | Authentication Bypass in Apache Tomcat | |||
| CVE-2012-5608 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in apps/user_webdavauth/settings.php in ownCloud 4.5.x before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via arbitrary POST paramete… | |||
| CVE-2012-5606 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.9 and 4.5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) file name to apps/files_versions/js/ve… | |||
| CVE-2012-4972 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) sys_solution_id, (2) sys_requesttype_id, (3) sys_… | |||
| CVE-2012-5956 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine AssetExplorer 5.6 before service pack 5614 allow remote attackers to inject arbitrary web script or HTML via fields in XML asset da… | |||
| CVE-2012-3297 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the embedded HTTP server in the Service Console in IBM Tivoli Monitoring 6.2.2 before 6.2.2-TIV-ITM-FP0009 and 6.3.2 before 6.2.3-TIV-ITM-FP0001 allows rem… | |||
| CVE-2012-5176 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in KENT-WEB ACCESS REPORT 5.02 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to tag embedding. | |||
| CVE-2012-5175 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in KENT-WEB ACCESS REPORT 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to access-log data. | |||
| CVE-2012-3272 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability on the HP Color LaserJet CM3530 with firmware before 53.190.9, Color LaserJet CM60xx with firmware before 52.210.9, Color LaserJet CP3525 with firmware before… | |||
| CVE-2012-4985 | medium | — | 4.3 | 14y ago | The Forescout CounterACT NAC device 6.3.4.1 does not block ARP and ICMP traffic from unrecognized clients, which allows remote attackers to conduct ARP poisoning attacks via crafted packets. | |||
| CVE-2012-4983 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities on the Forescout CounterACT NAC device before 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the a parameter to assets/l… | |||
| CVE-2012-4609 | medium | — | 4.3 | 14y ago | The web interface in EMC RSA NetWitness Informer before 2.0.5.6 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||
| CVE-2012-5604 | medium | — | 4.3 | 14y ago | ldap_fluff authentication bypass | |||
| CVE-2012-5569 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via a (1) page title or… | |||
| CVE-2012-5551 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the MailChimp module 7.x-2.x before 7.x-2.7 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) … | |||
| CVE-2012-5548 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-5543 | medium | — | 4.3 | 14y ago | The Feeds module 7.x-2.x before 7.x-2.0-alpha6 for Drupal, when a field is mapped to the node's author, does not properly check permissions, which allows remote attackers to create arbitrary nodes vi… | |||
| CVE-2012-5541 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Twitter Pull module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.0-rc3 for Drupal allows remote attackers to inject arbitrary web script or HTML via… | |||
| CVE-2012-5540 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Hostip module 6.x-2.x before 6.x-2.2 and 7.x-2.x before 7.x-2.2 for Drupal allow remote attackers with control of hostip.info to inject arbi… | |||
| CVE-2012-4476 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-4474 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Colorbox Node module 7.x-2.x before 7.x-2.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified paramet… | |||
| CVE-2012-4468 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Privatemsg module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a user name in a private message. | |||
| CVE-2012-4222 | medium | — | 4.3 | 14y ago | drivers/gpu/msm/kgsl.c in the Qualcomm Innovation Center (QuIC) Graphics KGSL kernel-mode driver for Android 2.3 through 4.2 allows attackers to cause a denial of service (NULL pointer dereference) v… | |||
| CVE-2012-4611 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Adaptive Authentication On-Premise (AAOP) before 7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vecto… | |||
| CVE-2012-6037 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4, and other versions including 1.2, allow remote attackers to inject arbitrary web script or HTM… | |||
| CVE-2012-2253 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in group/members.php in Mahara 1.5.x before 1.5.7 and 1.6.x before 1.6.2 allows remote attackers to inject arbitrary web script or HTML via the query paramete… | |||
| CVE-2012-2247 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to artefact/file/ and a… | |||
| CVE-2012-2243 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to inject arbitrary web script or HTML by uploading an XML file with the xhtml ext… | |||
| CVE-2012-4602 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in admin/code/tce_select_users_popup.php in Nicola Asuni TCExam before 11.3.009 allow remote attackers to inject arbitrary web script or HTML via t… | |||
| CVE-2012-3431 | medium | — | 4.3 | 14y ago | The Teiid Java Database Connectivity (JDBC) socket, as used in JBoss Enterprise Data Services Platform before 5.3.0, does not encrypt login messages by default contrary to documentation and specifica… | |||
| CVE-2012-5756 | medium | — | 4.3 | 14y ago | The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2, when a collective configuration is enabled, has a single secret key that is shared across different cus… | |||
| CVE-2012-2211 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in phpgwapi/inc/common_functions_inc.php in eGroupware before 1.8.004.20120405 allows remote attackers to inject arbitrary web script or HTML via the menuacti… | |||
| CVE-2012-2084 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Printer, email and PDF versions module 6.x-1.x before 6.x-1.15 and 7.x-1.x before 7.x-1.0 for Drupal allows remote attackers to inject arbitrary web sc… | |||
| CVE-2012-5841 | medium | — | 4.3 | 14y ago | Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 implement cross-origin wrappers with a filtering … | |||
| CVE-2012-4209 | medium | — | 4.3 | 14y ago | Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a "top" frame name-attribut… | |||
| CVE-2012-4208 | medium | — | 4.3 | 14y ago | The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote atta… | |||
| CVE-2012-4207 | medium | — | 4.3 | 14y ago | The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do… | |||
| CVE-2012-4201 | medium | — | 4.3 | 14y ago | The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incor… | |||
| CVE-2012-5920 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Google Web Toolkit (GWT) 2.4 through 2.5 Final, as used in JBoss Operations Network (ON) 3.1.1 and possibly other products, allows remote attackers to inje… | |||
| CVE-2012-4563 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Google Web Toolkit (GWT) 2.4 Beta and release candidates before 2.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vector… | |||
| CVE-2012-4366 | low | — | 4.3 | 14y ago | Belkin wireless routers Surf N150 Model F7D1301v1, N900 Model F9K1104v1, N450 Model F9K1105V2, and N300 Model F7D2301v1 generate a predictable default WPA2-PSK passphrase based on eight digits of the… | |||
| CVE-2012-3354 | medium | — | 4.3 | 14y ago | doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote attackers to obtain sensitive information via the prefix parameter, which reveals the inst… | |||
| CVE-2012-4541 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Piwik before 1.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-4233 | medium | — | 4.3 | 14y ago | LibreOffice 3.5.x before 3.5.7.2 and 3.6.x before 3.6.1, and OpenOffice.org (OOo), allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted (1) odt file to vcllo.… | |||
| CVE-2012-4533 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated … | |||
| CVE-2012-4950 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Keyword Search page in the web interface in Pattern Insight 2.3 allows remote attackers to inject arbitrary web script or HTML via crafted characters t… | |||
| CVE-2012-4942 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to inject arbitrary web script or HTML via an arbitrary text fi… | |||
| CVE-2012-5911 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in blogs/blog1.php in b2evolution 4.1.3 allows remote attackers to inject arbitrary web script or HTML via the message body. | |||
| CVE-2012-5906 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in GreenBrowser 6.1.0117 and 6.1.0216 allow remote attackers to inject arbitrary web script or HTML via (1) the URI in an about: page or (2) the la… | |||
| CVE-2012-5902 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in ptk/lib/modal_bookmark.php in DFLabs PTK 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the arg4 parameter. | |||
| CVE-2012-5889 | medium | — | 4.3 | 14y ago | powermail extension for TYPO3 has Cross-site Scripting vulnerability | |||
| CVE-2012-5888 | medium | — | 4.3 | 14y ago | Basic SEO Features (seo_basics) extension TYPO3 vulnerable to Cross-site Scripting | |||
| CVE-2012-5856 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Uk Cookie (aka uk-cookie) plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-5883 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x an… | |||
| CVE-2012-5882 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploade… | |||
| CVE-2012-5881 | medium | — | 4.3 | 14y ago | Cross-site scripting in yui 2.4.0 | |||
| CVE-2012-4199 | medium | — | 4.3 | 14y ago | template/en/default/bug/field-events.js.tmpl in Bugzilla 3.x before 3.6.12, 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 generates JavaScript function… | |||
| CVE-2012-4189 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Bugzilla 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via a field value … | |||
| CVE-2012-4612 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in EMC RSA Data Protection Manager Appliance and Software Server 2.7.x and 3.x before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via… | |||
| CVE-2012-4955 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Dell OpenManage Server Administrator (OMSA) before 6.5.0.1, 7.0 before 7.0.0.1, and 7.1 before 7.1.0.1 allows remote attackers to inject arbitrary web scri… | |||
| CVE-2012-4851 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. | |||
| CVE-2012-5827 | medium | — | 4.3 | 14y ago | Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors involving "Inadequate protection." | |||
| CVE-2012-4023 | medium | — | 4.3 | 14y ago | CRLF injection vulnerability in Pebble before 2.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||
| CVE-2012-4532 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in modules/mod_languages/tmpl/default.php in the Language Switcher module for Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web scrip… | |||
| CVE-2012-4531 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-4494 | medium | — | 4.3 | 14y ago | The Shibboleth authentication module 7.x-4.0 for Drupal does not properly check the active status of users, which allows remote blocked users to access bypass intended access restrictions and possibl… | |||
| CVE-2012-4490 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Excluded Users module 6.x-1.x before 6.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via a (1) user name or… | |||
| CVE-2012-4485 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the galleryformatter_field_formatter_view functiuon in galleryformatter.tpl.php the Gallery formatter module before 7.x-1.2 for Drupal allow rem… | |||
| CVE-2012-4484 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the administrative interface in the Campaign Monitor module before 6.x-2.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via un… | |||
| CVE-2012-4547 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in awredir.pl in AWStats before 7.1 has unknown impact and attack vectors. | |||
| CVE-2012-4195 | medium | — | 4.3 | 14y ago | The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does n… | |||
| CVE-2012-4194 | medium | — | 4.3 | 14y ago | Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 do not prevent use of the valueOf method to… | |||
| CVE-2012-4019 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in tokyo_bbs.cgi in Come on Girls Interface (CGI) Tokyo BBS allows remote attackers to inject arbitrary web script or HTML via vectors related to the error pa… | |||
| CVE-2012-5368 | medium | — | 4.3 | 14y ago | phpMyAdmin Unsafe Fetching of Javascript Code | |||
| CVE-2012-5456 | medium | — | 4.3 | 14y ago | The Zoner AntiVirus Free application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-t… | |||
| CVE-2012-5455 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a … | |||
| CVE-2012-5169 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in file_manager/preview_top.php in ATutor AContent before 1.2-2 allow remote attackers to inject arbitrary web script or HTML via the (1) pathext, … | |||
| CVE-2012-1154 | medium | — | 4.3 | 14y ago | Improper Access Control in JBoss mod_cluster | |||
| CVE-2012-5093 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 5.2.2 and 6.1.0.0 allows remote attackers to affect integrity via unknown vectors related… | |||
| CVE-2012-5091 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Oracle Agile Product Supplier Collaboration for Process component in Oracle Supply Chain Products Suite 5.2.2 and 6.1.0.0 allows remote attackers to affect confidenti… | |||
| CVE-2012-5058 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors relat… | |||
| CVE-2012-3230 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Portal Framework. | |||
| CVE-2012-3194 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 10.1.3.4.2, 11.1.1.5.0, 11.1.1.6.0, and 11.1.1.6.2 allows remote attackers to affect integrity via unknown v… | |||
| CVE-2012-3182 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote attackers to affect integrity, related to PIA Core Technology. | |||
| CVE-2012-3175 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to R… | |||
| CVE-2012-3161 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.1 allows remote attackers to affect integrity via unknown vectors related to Web Clie… | |||
| CVE-2012-3139 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity, related to Signon (local and SSO). | |||
| CVE-2012-3138 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors relat… | |||
| CVE-2012-1686 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.6 and other versions allows remote attackers to affect integrity via unkn… | |||
| CVE-2012-1685 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.6 allows remote attackers to affect integrity via unknown vectors related to Core. | |||
| CVE-2012-0107 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote attackers to affect availability via unknown vectors related to W… | |||
| CVE-2012-0093 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote attackers to affect integrity via unknown vectors related to Web,… | |||
| CVE-2012-0071 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote attackers to affect integrity via unknown vectors related to Web,… | |||
| CVE-2012-4192 | medium | — | 4.3 | 14y ago | Mozilla Firefox 16.0, Thunderbird 16.0, and SeaMonkey 2.13 allow remote attackers to bypass the Same Origin Policy and read the properties of a Location object via a crafted web site, a related issue… | |||
| CVE-2012-5384 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Craig Knudsen WebCalendar allow remote attackers to inject arbitrary web script or HTML via the (1) $name or (2) $description variables in edit_… |