CVEs from 2012
Total
5,199
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.7%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-0855 | medium | — | 5.0 | 14y ago | Heap-based buffer overflow in the get_sot function in the J2K decoder (j2k.c) in libavcodec in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via unspeci… | |||
| CVE-2012-4678 | medium | — | 5.0 | 14y ago | munin-cgi-graph for Munin 2.0 rc4 does not delete temporary files, which allows remote attackers to cause a denial of service (disk consumption) via many requests to an image with unique parameters. | |||
| CVE-2012-2147 | medium | — | 5.0 | 14y ago | munin-cgi-graph in Munin 2.0 rc4 allows remote attackers to cause a denial of service (disk or memory consumption) via many image requests with large values in the (1) size_x or (2) size_y parameters. | |||
| CVE-2012-4674 | medium | — | 5.0 | 14y ago | PluXml before 5.1.6 allows remote attackers to obtain the installation path via the PHPSESSID. | |||
| CVE-2012-3519 | medium | — | 5.0 | 14y ago | routerlist.c in Tor before 0.2.2.38 uses a different amount of time for relay-list iteration depending on which relay is chosen, which might allow remote attackers to obtain sensitive information abo… | |||
| CVE-2012-3518 | medium | — | 5.0 | 14y ago | The networkstatus_parse_vote_from_string function in routerparse.c in Tor before 0.2.2.38 does not properly handle an invalid flavor name, which allows remote attackers to cause a denial of service (… | |||
| CVE-2012-3517 | medium | — | 5.0 | 14y ago | Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might allow remote attackers to cause a denial of service (daemon crash) via vectors related to failed DNS requests. | |||
| CVE-2012-3514 | medium | — | 5.0 | 14y ago | OCaml Xml-Light Library before r234 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service … | |||
| CVE-2012-3501 | medium | — | 5.0 | 14y ago | The squidclamav_check_preview_handler function in squidclamav.c in SquidClamav 5.x before 5.8 and 6.x before 6.7 passes an unescaped URL to a system command call, which allows remote attackers to cau… | |||
| CVE-2012-4605 | medium | — | 5.0 | 14y ago | The default configuration of the SMTP component in Websense Email Security 6.1 through 7.3 enables weak SSL ciphers in the "SurfControl plc\SuperScout Email Filter\SMTP" registry key, which makes it … | |||
| CVE-2012-4593 | medium | — | 5.0 | 14y ago | McAfee Application Control and Change Control 5.1.x and 6.0.0 do not enforce an intended password requirement in certain situations involving attributes of the password file, which allows local users… | |||
| CVE-2012-4592 | medium | — | 5.0 | 14y ago | The Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 does not set the secure flag for the ASP.NET session cookie in an https session, which makes it easier for remote attackers to captu… | |||
| CVE-2012-4591 | medium | — | 5.0 | 14y ago | About.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 discloses the name of the user account for an IIS worker process, which allows remote attackers to obtain potentially … | |||
| CVE-2012-4219 | medium | — | 5.0 | 14y ago | show_config_errors.php in phpMyAdmin 3.5.x before 3.5.2.1 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message, relate… | |||
| CVE-2012-2190 | medium | — | 5.0 | 14y ago | IBM Global Security Kit (aka GSKit), as used in IBM HTTP Server in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1,… | |||
| CVE-2012-4362 | medium | — | 5.0 | 14y ago | hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management se… | |||
| CVE-2012-0857 | medium | — | 5.0 | 14y ago | Multiple buffer overflows in the get_qcx function in the J2K decoder (j2kdec.c) in libavcode in FFmpeg before 0.9.1 allow remote attackers to cause a denial of service (application crash) via unspeci… | |||
| CVE-2012-0854 | medium | — | 5.0 | 14y ago | The dpcm_decode_frame function in libavcodec/dpcm.c in FFmpeg before 0.9.1 does not use the proper pointer after an audio API change, which allows remote attackers to cause a denial of service (appli… | |||
| CVE-2012-2387 | medium | — | 5.0 | 14y ago | devotee 0.1 patch 2 uses a 32-bit seed for generating 48-bit random numbers, which makes it easier for remote attackers to obtain the secret monikers via a brute force attack. | |||
| CVE-2012-2132 | medium | — | 5.0 | 14y ago | libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allows remote attackers to bypass authentication by connecting with a SSL … | |||
| CVE-2012-4287 | medium | — | 5.0 | 14y ago | epan/dissectors/packet-mongo.c in the MongoDB dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a small value for a BSON do… | |||
| CVE-2012-3250 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in HP Service Manager Server 7.11, 9.21, and 9.30, and HP Service Center Server 6.28, allows remote attackers to cause a denial of service via unknown vectors. | |||
| CVE-2012-3248 | medium | — | 5.0 | 14y ago | HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2012-3025 | medium | — | 5.0 | 14y ago | The default configuration of Tridium Niagara AX Framework through 3.6 uses a cleartext base64 format for transmission of credentials in cookies, which allows remote attackers to obtain sensitive info… | |||
| CVE-2012-3024 | medium | — | 5.0 | 14y ago | Tridium Niagara AX Framework through 3.6 uses predictable values for (1) session IDs and (2) keys, which might allow remote attackers to bypass authentication via a brute-force attack. | |||
| CVE-2012-2770 | medium | — | 5.0 | 14y ago | The Authen::ExternalAuth extension before 0.11 for Best Practical Solutions RT allows remote attackers to obtain a logged-in session via unspecified vectors related to the "URL of a RSS feed of the u… | |||
| CVE-2012-1850 | medium | — | 5.0 | 14y ago | The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, … | |||
| CVE-2012-2081 | medium | — | 5.0 | 14y ago | The Organic Groups (OG) module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access, which allows remote attackers to obtain sensitive information such as private group titles via a re… | |||
| CVE-2012-2074 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in certain default views in the Ubercart Views module 6.x before 6.x-3.2 for Drupal allows remote attackers to obtain sensitive information via unknown attack vectors. | |||
| CVE-2012-4332 | medium | — | 5.0 | 14y ago | The ShareYourCart plugin 1.7.1 for WordPress allows remote attackers to obtain the installation path via unspecified vectors related to the SDK. | |||
| CVE-2012-2096 | medium | — | 5.0 | 14y ago | The Fivestar module 6.x-1.x before 6.x-1.20 for Drupal does not properly validate voting data, which allows remote attackers to manipulate voting averages via a negative value in the vote parameter. | |||
| CVE-2012-4276 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in Hitachi IT Operations Director 02-50-01 through 02-50-07, 03-00 before 03-00-08 allows attackers to cause a denial of service via unknown attack vectors. | |||
| CVE-2012-2370 | medium | — | 5.0 | 14y ago | Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) hei… | |||
| CVE-2012-2368 | medium | — | 5.0 | 14y ago | Bytemark Symbiosis before Revision 1322 does not properly validate passwords, which allows remote attackers to gain access to email accounts via an arbitrary password. | |||
| CVE-2012-4257 | medium | — | 5.0 | 14y ago | Yaqas (Yet Another Question & Answer System) 1.0 Alpha 1 allows remote attackers to obtain sensitive information via an invalid character in the PHPSESSID, which reveals the installation path in an e… | |||
| CVE-2012-4256 | medium | — | 5.0 | 14y ago | The jNews (com_jnews) component 7.5.1 for Joomla! allows remote attackers to obtain sensitive information via the emailsearch parameter, which reveals the installation path in an error message. | |||
| CVE-2012-2327 | medium | — | 5.0 | 14y ago | MyBB (aka MyBulletinBoard) before 1.6.7 allows remote attackers to obtain sensitive information via a malformed forumread cookie, which reveals the installation path in an error message. | |||
| CVE-2012-3474 | medium | — | 5.0 | 14y ago | The comments API in application/libraries/api/MY_Comments_Api_Object.php in the Ushahidi Platform before 2.5 allows remote attackers to obtain sensitive information about the e-mail address, IP addre… | |||
| CVE-2012-4069 | medium | — | 5.0 | 14y ago | Dir2web 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request for system/db/website.db. | |||
| CVE-2012-2968 | medium | — | 5.0 | 14y ago | Directory traversal vulnerability in Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to create files in arbitrary directories via a .. (dot dot) in a pathname within an… | |||
| CVE-2012-2964 | medium | — | 5.0 | 14y ago | The BreakingPoint Storm appliance before 3.0 requires cleartext credentials for establishing a session from a GUI administrative client, which allows remote attackers to obtain sensitive information … | |||
| CVE-2012-2963 | medium | — | 5.0 | 14y ago | The administrative interface in the embedded web server on the BreakingPoint Storm appliance before 3.0 does not require authentication for the gwt/BugReport script, which allows remote attackers to … | |||
| CVE-2012-4235 | medium | — | 5.0 | 14y ago | The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! 2.5.x does not place index.html files in image directories, which allows remote attackers to list image filenames via a request for … | |||
| CVE-2012-2191 | medium | — | 5.0 | 14y ago | IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, does not properly validate data during execution of a … | |||
| CVE-2012-3429 | medium | — | 5.0 | 14y ago | The dns_to_ldap_dn_escape function in src/ldap_convert.c in bind-dyndb-ldap 1.1.0rc1 and earlier does not properly escape distinguished names (DN) for LDAP queries, which allows remote DNS servers to… | |||
| CVE-2012-0213 | medium | — | 5.0 | 14y ago | Denial of Service in Apache POI | |||
| CVE-2012-4005 | medium | — | 5.0 | 14y ago | The NHN Japan NAVER LINE application before 2.5.5 for Android does not properly handle implicit intents, which allows remote attackers to obtain sensitive message information via a crafted applicatio… | |||
| CVE-2012-1357 | medium | — | 5.0 | 14y ago | The igmp_snoop_orib_fill_source_update function in the IGMP process in NX-OS 5.0 and 5.1 on Cisco Nexus 5000 series switches allows remote attackers to cause a denial of service (device reload) via I… | |||
| CVE-2012-1348 | medium | — | 5.0 | 14y ago | Cisco Wide Area Application Services (WAAS) appliances with software 4.4, 5.0, and 5.1 include a one-way hash of a password within output text, which might allow remote attackers to obtain sensitive … | |||
| CVE-2012-1346 | medium | — | 5.0 | 14y ago | Cisco Emergency Responder 8.6 and 9.2 allows remote attackers to cause a denial of service (CPU consumption) by sending malformed UDP packets to the CERPT port, aka Bug ID CSCtx38369. | |||
| CVE-2012-2490 | medium | — | 5.0 | 14y ago | Cisco IP Communicator 8.6 allows man-in-the-middle attackers to modify the Certificate Trust List via unspecified vectors, aka Bug ID CSCtz01471. | |||
| CVE-2012-1340 | medium | — | 5.0 | 14y ago | The Fibre Channel over IP (FCIP) implementation in Cisco MDS NX-OS 4.2 and 5.2 on MDS 9000 series switches allows remote attackers to cause a denial of service (module reload) via a crafted FCIP head… | |||
| CVE-2012-1339 | medium | — | 5.0 | 14y ago | The Fabric Interconnect component in Cisco Unified Computing System (UCS) 2.0 allows remote attackers to cause a denial of service (process crash) via an attempted SSH session, aka Bug ID CSCtt94543. | |||
| CVE-2012-3789 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.7rc3, 0.5.x before 0.5.6rc3, 0.6.0.x before 0.6.0.9rc1, and 0.6.x before 0.6.3rc1 allows remote attackers to cause a denial of service … | |||
| CVE-2012-2459 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, 0.5.x before 0.5.5, 0.6.0.x before 0.6.0.7, and 0.6.x before 0.6.2 allows remote attackers to cause a denial of service (block-proce… | |||
| CVE-2012-1909 | medium | — | 5.0 | 14y ago | The Bitcoin protocol, as used in bitcoind before 0.4.4, wxBitcoin, Bitcoin-Qt, and other programs, does not properly handle multiple transactions with the same identifier, which allows remote attacke… | |||
| CVE-2012-2854 | medium | — | 5.0 | 14y ago | Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to obtain potentially sensitive information about pointer values … | |||
| CVE-2012-2846 | medium | — | 5.0 | 14y ago | Google Chrome before 21.0.1180.57 on Linux does not properly isolate renderer processes, which allows remote attackers to cause a denial of service (cross-process interference) via unspecified vector… | |||
| CVE-2012-1367 | medium | — | 5.0 | 14y ago | The MallocLite implementation in Cisco IOS 12.0, 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (Route Processor crash) via a BGP UPDATE message with a modified local… | |||
| CVE-2012-2978 | medium | — | 5.0 | 14y ago | query.c in NSD 3.0.x through 3.0.8, 3.1.x through 3.1.1, and 3.2.x before 3.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via a crafted … | |||
| CVE-2012-3888 | medium | — | 5.0 | 14y ago | The login implementation in AirDroid 1.0.4 beta allows remote attackers to bypass a multiple-login protection mechanism by modifying a pass value within JSON data. | |||
| CVE-2012-3887 | medium | — | 5.0 | 14y ago | AirDroid before 1.0.7 beta uses a cleartext base64 format for data transfer that is documented as an "Encrypted Transmission" feature, which allows remote attackers to obtain sensitive information by… | |||
| CVE-2012-3886 | medium | — | 5.0 | 14y ago | AirDroid 1.0.4 beta uses the MD5 algorithm for values in the checklogin key parameter and 7bb cookie, which makes it easier for remote attackers to obtain cleartext data by sniffing the local wireles… | |||
| CVE-2012-3884 | medium | — | 5.0 | 14y ago | AirDroid 1.0.4 beta implements authentication through direct transmission of a password hash over HTTP, which makes it easier for remote attackers to obtain access by sniffing the local wireless netw… | |||
| CVE-2012-3698 | medium | — | 5.0 | 14y ago | Apple Xcode before 4.4 does not properly compose a designated requirement (DR) during signing of programs that lack bundle identifiers, which allows remote attackers to read keychain entries via a cr… | |||
| CVE-2012-3424 | medium | — | 5.0 | 14y ago | The decode_credentials method in actionpack/lib/action_controller/metal/http_authentication.rb in Ruby on Rails 3.x before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentic… | |||
| CVE-2012-2302 | medium | — | 5.0 | 14y ago | Site Documentation (Sitedoc) module for Drupal 6.x-1.x before 6.x-1.4 does not properly check the save location when archiving, which allows remote attackers to obtain sensitive information via unspe… | |||
| CVE-2012-2296 | medium | — | 5.0 | 14y ago | The Janrain Engage (formerly RPX) module for Drupal 6.x-1.x. 6.x-2.x before 6.x-2.2, and 7.x-2.x before 7.x-2.2 stores user profile data from Engage in session tables, which might allow remote attack… | |||
| CVE-2012-3693 | medium | — | 5.0 | 14y ago | Incomplete blacklist vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, by leveraging the availability of… | |||
| CVE-2012-2677 | medium | — | 5.0 | 14y ago | Integer overflow in the ordered_malloc function in boost/pool/pool.hpp in Boost Pool before 3.9 makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overfl… | |||
| CVE-2012-2673 | medium | — | 5.0 | 14y ago | Multiple integer overflows in the (1) GC_generic_malloc and (2) calloc functions in malloc.c, and the (3) GC_generic_malloc_ignore_off_page function in mallocx.c in Boehm-Demers-Weiser GC (libgc) bef… | |||
| CVE-2012-0680 | medium | — | 5.0 | 14y ago | Apple Safari before 6.0 does not properly handle the autocomplete attribute of a password input element, which allows remote attackers to bypass authentication by leveraging an unattended workstation. | |||
| CVE-2012-2646 | medium | — | 5.0 | 14y ago | The Sleipnir Mobile application before 2.1.0 and Sleipnir Mobile Black Edition application before 2.1.0 for Android do not properly implement the WebView class, which allows remote attackers to obtai… | |||
| CVE-2012-2196 | medium | — | 5.0 | 14y ago | IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to read arbitrary XML files via the (1) GET_WRAP_CFG_C or (2) GET_WRAP_CFG_C2 stored proce… | |||
| CVE-2012-2194 | medium | — | 5.0 | 14y ago | Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR stored procedure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to repla… | |||
| CVE-2012-3394 | medium | — | 5.0 | 14y ago | auth/ldap/ntlmsso_attempt.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 redirects users from an https LDAP login URL to an http URL, which allows r… | |||
| CVE-2012-3385 | medium | — | 5.0 | 14y ago | WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vecto… | |||
| CVE-2012-3357 | medium | — | 5.0 | 14y ago | The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers … | |||
| CVE-2012-3356 | medium | — | 5.0 | 14y ago | The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions via … | |||
| CVE-2012-2738 | medium | — | 5.0 | 14y ago | The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count v… | |||
| CVE-2012-2357 | medium | — | 5.0 | 14y ago | The Multi-Authentication feature in the Central Authentication Service (CAS) functionality in auth/cas/cas_form.html in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not use HTTPS, which allo… | |||
| CVE-2012-3365 | medium | — | 5.0 | 14y ago | The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors. | |||
| CVE-2012-1960 | medium | — | 5.0 | 14y ago | The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 might allow remote attackers … | |||
| CVE-2012-1959 | medium | — | 5.0 | 14y ago | Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not consider the presence of same-comp… | |||
| CVE-2012-3124 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect availability, related to Kernel/KSSL. | |||
| CVE-2012-3123 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server. | |||
| CVE-2012-3121 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows remote attackers to affect availability via unknown vectors related to in.tnamed and NameServer. | |||
| CVE-2012-1749 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Oracle MapViewer component in Oracle Fusion Middleware 10.1.3.1 and 11.1.1.5 allows remote attackers to affect confidentiality via unknown vectors related to Oracle M… | |||
| CVE-2012-1747 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, when running on Windows, allows remote attackers to … | |||
| CVE-2012-1746 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, when running on Windows, allows remote attackers to … | |||
| CVE-2012-1745 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to affect availability via un… | |||
| CVE-2012-1742 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to UI Framework, a different vulnerability than CVE-2012-1760. | |||
| CVE-2012-1738 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Oracle iPlanet Web Server component in Oracle Sun Products Suite Java System Web Server 6.1 and Oracle iPlanet Web Server 7.0 allows remote attackers to affect availa… | |||
| CVE-2012-1736 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Oracle MapViewer component in Oracle Fusion Middleware 10.1.3.1 allows remote attackers to affect confidentiality via unknown vectors related to Oracle Maps. | |||
| CVE-2012-0794 | medium | — | 5.0 | 14y ago | The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 uses a hardcoded password of nfgjeingjk, which makes it easi… | |||
| CVE-2012-0793 | medium | — | 5.0 | 14y ago | Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote attackers to view the profile images of arbitrary user accounts via unspecified vectors. | |||
| CVE-2012-4027 | medium | — | 5.0 | 14y ago | Directory traversal vulnerability in Tridium Niagara AX Framework allows remote attackers to read files outside of the intended images, nav, and px folders by leveraging incorrect permissions, as dem… | |||
| CVE-2012-4026 | medium | — | 5.0 | 14y ago | The Johnson Controls Pegasys P2000 server with software before 3.11 allows remote attackers to trigger false alerts via crafted packets to TCP port 41013 (aka the upload port), a different vulnerabil… | |||
| CVE-2012-2280 | medium | — | 5.0 | 14y ago | EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do not properly use frames, which allows remote attackers to inject arbitrary web script or HTML via uns… | |||
| CVE-2012-2837 | medium | — | 5.0 | 14y ago | The mnote_olympus_entry_get_value function in olympus/mnote-olympus-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (divide-by… |