CVEs from 2012
Total
5,198
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.7%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-1647 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the "stand alone PHP application for the OSM Player," as used in the MediaFront module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.5 for Dru… | |||
| CVE-2012-0849 | medium | — | 4.3 | 14y ago | Integer overflow in the ff_j2k_dwt_init function in libavcodec/j2k_dwt.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a c… | |||
| CVE-2012-2129 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to inject arbitrary web script or HTML via the target parameter in an edit action. | |||
| CVE-2012-2112 | medium | — | 4.3 | 14y ago | Typo3 Exception Handler XSS | |||
| CVE-2012-2146 | medium | — | 4.3 | 14y ago | Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector (IV), which makes it easier for context-dependent users to obtain sensitive information and decrypt the data… | |||
| CVE-2012-1296 | medium | — | 4.3 | 14y ago | Elefant CMS Multiple XSS Vulnerabilities | |||
| CVE-2012-4675 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to file update. | |||
| CVE-2012-4667 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in SquidClamav 5.x before 5.8 allow remote attackers to inject arbitrary web script or HTML via the (1) url, (2) virus, (3) source, or (4) user par… | |||
| CVE-2012-0048 | medium | — | 4.3 | 14y ago | OpenTTD 0.3.5 through 1.1.4 allows remote attackers to cause a denial of service (game pause) by connecting to the server and not finishing the (1) authorization phase or (2) map download, aka a "slo… | |||
| CVE-2012-4604 | medium | — | 4.3 | 14y ago | The TRITON management console in Websense Web Security before 7.6 Hotfix 24 allows remote attackers to bypass authentication and read arbitrary reports via a crafted uid field, in conjunction with a … | |||
| CVE-2012-3502 | medium | — | 4.3 | 14y ago | The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determi… | |||
| CVE-2012-4597 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to… | |||
| CVE-2012-4596 | medium | — | 4.3 | 14y ago | Directory traversal vulnerability in McAfee Email Gateway (MEG) 7.0.0 and 7.0.1 allows remote authenticated users to bypass intended access restrictions and download arbitrary files via a crafted URL. | |||
| CVE-2012-4590 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in About.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 might allow remote attackers to inject arbitrary web script or … | |||
| CVE-2012-4588 | medium | — | 4.3 | 14y ago | McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1 record all invalid usernames presented in failed login attempts, and place them on a list of accounts that an administ… | |||
| CVE-2012-4580 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote attacke… | |||
| CVE-2012-0681 | medium | — | 4.3 | 14y ago | Apple Remote Desktop before 3.6.1 does not recognize the "Encrypt all network data" setting during connections to third-party VNC servers, which allows remote attackers to obtain cleartext VNC sessio… | |||
| CVE-2012-4168 | medium | — | 4.3 | 14y ago | Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and be… | |||
| CVE-2012-3302 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Domino 7.x and 8.x before 8.5.4 allow remote attackers to inject arbitrary web script or HTML via (1) a URL accessed during use of the… | |||
| CVE-2012-3301 | medium | — | 4.3 | 14y ago | Multiple CRLF injection vulnerabilities in the HTTP server in IBM Lotus Domino 8.5.x before 8.5.4 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks v… | |||
| CVE-2012-3293 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8… | |||
| CVE-2012-4052 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Jease before 2.9, when creating a comment, allow remote attackers to inject arbitrary web script or HTML via the (1) author, (2) subject, or (3)… | |||
| CVE-2012-3461 | medium | — | 4.3 | 14y ago | The (1) otrl_base64_otr_decode function in src/b64.c; (2) otrl_proto_data_read_flags and (3) otrl_proto_accept_data functions in src/proto.c; and (4) decode function in toolkit/parse.c in libotr befo… | |||
| CVE-2012-0850 | medium | — | 4.3 | 14y ago | The sbr_qmf_synthesis function in libavcodec/aacsbr.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted mpg file that triggers memory corru… | |||
| CVE-2012-0848 | medium | — | 4.3 | 14y ago | Heap-based buffer overflow in the ws_snd_decode_frame function in libavcodec/ws-snd1.c in FFmpeg 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted media fil… | |||
| CVE-2012-0847 | medium | — | 4.3 | 14y ago | Heap-based buffer overflow in the avfilter_filter_samples function in libavfilter/avfilter.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via a craf… | |||
| CVE-2012-4007 | medium | — | 4.3 | 14y ago | The mixi application before 4.3.0 for Android allows remote attackers to read potentially sensitive information in friends' comments via a crafted application that leverages the storage of these comm… | |||
| CVE-2012-4006 | medium | — | 4.3 | 14y ago | The GREE application before 1.4.0, GREE Tanken Dorirando application before 1.0.7, GREE Tsurisuta application before 1.5.0, GREE Monpura application before 1.1.1, GREE Kaizokuoukoku Columbus applicat… | |||
| CVE-2012-3296 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Help link in the login panel in IBM Power Hardware Management Console (HMC) 7R7.1.0 before SP4, 7R7.2.0 before SP2, and 7R7.3.0 allows remote attackers… | |||
| CVE-2012-3308 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in IBM Sametime 8.0.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via an IM chat. | |||
| CVE-2012-1908 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||
| CVE-2012-4286 | medium | — | 4.3 | 14y ago | The pcapng_read_packet_block function in wiretap/pcapng.c in the pcap-ng file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote attackers to cause a denial of service (divide-by-zero… | |||
| CVE-2012-3251 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in HP Service Manager Web Tier 7.11, 9.21, and 9.30, and HP Service Center Web Tier 6.28, allows remote attackers to inject arbitrary web script or HTML via u… | |||
| CVE-2012-4342 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 before 3.0.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-4340 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Sybase EAServer before 6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-3434 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in userperspan.php in the Count Per Day module before 3.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) p… | |||
| CVE-2012-2769 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the topic administration page in the Extension::MobileUI extension before 1.02 for Best Practical Solutions RT 3.8.x and in Best Practical Solut… | |||
| CVE-2012-2768 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the topic administration page in the RTFM extension 2.0.4 through 2.4.3 for Best Practical Solutions RT allow remote attackers to inject arbitra… | |||
| CVE-2012-2154 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the CDN2 Video module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-2304 | medium | — | 4.3 | 14y ago | The Linkit module 7.x-2.x before 7.x-2.3 for Drupal, when using an entity access module, does not check permissions when searching for entities, which allows remote attackers to obtain sensitive info… | |||
| CVE-2012-2298 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) "… | |||
| CVE-2012-2151 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 allow remote attackers to inject arbitrary web script or HTML via unspec… | |||
| CVE-2012-4283 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Login With Ajax plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the callback parameter. | |||
| CVE-2012-4277 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the smarty_function_html_options_optoutput function in distribution/libs/plugins/function.html_options.php in Smarty before 3.1.8 allows remote attackers t… | |||
| CVE-2012-4275 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Director 02-50-01 through 02-50-07, 03-00 before 03-00-08 allows remote attackers to inject arbitrary web script or HTML via unspecif… | |||
| CVE-2012-4273 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the x… | |||
| CVE-2012-4272 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified … | |||
| CVE-2012-4271 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in bad-behavior-wordpress-admin.php in the Bad Behavior plugin before 2.0.47 and 2.2.x before 2.2.5 for WordPress allow remote attackers to inject … | |||
| CVE-2012-4268 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in bulletproof-security/admin/options.php in the BulletProof Security plugin before .47.1 for WordPress allows remote attackers to inject arbitrary web script… | |||
| CVE-2012-4264 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Better WP Security (better_wp_security) plugin before 3.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via … | |||
| CVE-2012-4263 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in inc/admin/content.php in the Better WP Security (better_wp_security) plugin before 3.2.5 for WordPress allows remote attackers to inject arbitrary web scri… | |||
| CVE-2012-3869 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in include/classes/class.rex_list.inc.php in REDAXO 4.3.x and 4.4 allows remote attackers to inject arbitrary web script or HTML via the subpage parameter to … | |||
| CVE-2012-3425 | medium | — | 4.3 | 14y ago | The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (ou… | |||
| CVE-2012-2662 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System allow remote attackers to inject arbitrary web script or HTML via u… | |||
| CVE-2012-4255 | medium | — | 4.3 | 14y ago | MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information via a direct request to learn/cubemail/refresh_dblist.php, which reveals the installation path in an error message. | |||
| CVE-2012-2326 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to inject arbitrary web script or HTML via a malforme… | |||
| CVE-2012-4071 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the comments module in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attacker… | |||
| CVE-2012-3463 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_tag_helper.rb in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attacker… | |||
| CVE-2012-3464 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow re… | |||
| CVE-2012-3465 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 a… | |||
| CVE-2012-4004 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Sleipnir Mobile application 2.2.0 and earlier and Sleipnir Mobile Black Edition application 2.2.0 and earlier for Android allows remote attackers to in… | |||
| CVE-2012-2960 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the import functionality in HP ArcSight Connector appliance 6.2.0.6244.0 and ArcSight Logger appliance 5.2.0.6288.0 allows remote attackers to inject arbit… | |||
| CVE-2012-3438 | medium | — | 4.3 | 14y ago | The Magick_png_malloc function in coders/png.c in GraphicsMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service… | |||
| CVE-2012-3437 | medium | — | 4.3 | 14y ago | The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of … | |||
| CVE-2012-3413 | medium | — | 4.3 | 14y ago | The HTMLQuoteColorer::process function in messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 through 4.8 does not disable JavaScript, Java, and Plugins, which allows remote attackers to inject arbitra… | |||
| CVE-2012-2648 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the GoodReader app 3.16 and earlier for iOS on the iPad, and 3.15.1 and earlier for iOS on the iPhone and iPod touch, allows remote attackers to inject arb… | |||
| CVE-2012-2317 | medium | — | 4.3 | 14y ago | The Debian php_crypt_revamped.patch patch for PHP 5.3.x, as used in the php5 package before 5.3.3-7+squeeze4 in Debian GNU/Linux squeeze, the php5 package before 5.3.2-1ubuntu4.17 in Ubuntu 10.04 LTS… | |||
| CVE-2012-2022 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i (NNMi) 8.x, 9.0x, 9.1x, and 9.20 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-1361 | medium | — | 4.3 | 14y ago | Cisco IOS 15.1 and 15.2, when the Multicast Music-on-Hold (MMoH) feature of Cisco Unified Communications Manager (CUCM) is enabled, allows remote attackers to obtain sensitive crosstalk information b… | |||
| CVE-2012-4146 | medium | — | 4.3 | 14y ago | Opera before 12.01 allows remote attackers to cause a denial of service (application crash) via a crafted web site, as demonstrated by the Lenovo "Shop now" page. | |||
| CVE-2012-4144 | medium | — | 4.3 | 14y ago | Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, does not properly escape characters in DOM elements, which makes it easier for remote attackers to bypass c… | |||
| CVE-2012-4142 | medium | — | 4.3 | 14y ago | Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, ignores some characters in HTML documents in unspecified circumstances, which makes it easier for remote at… | |||
| CVE-2012-2849 | medium | — | 4.3 | 14y ago | Off-by-one error in the GIF decoder in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of servi… | |||
| CVE-2012-2848 | medium | — | 4.3 | 14y ago | The drag-and-drop implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to bypass inten… | |||
| CVE-2012-2847 | medium | — | 4.3 | 14y ago | Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not request user confirmation before continuing a large series of downloads, which a… | |||
| CVE-2012-1969 | medium | — | 4.3 | 14y ago | The get_attachment_link function in Template.pm in Bugzilla 2.x and 3.x before 3.6.10, 3.7.x and 4.0.x before 4.0.7, 4.1.x and 4.2.x before 4.2.2, and 4.3.x before 4.3.2 does not check whether an att… | |||
| CVE-2012-1968 | medium | — | 4.3 | 14y ago | Bugzilla 4.1.x and 4.2.x before 4.2.2 and 4.3.x before 4.3.2 uses bug-editor privileges instead of bugmail-recipient privileges during construction of HTML bugmail documents, which allows remote atta… | |||
| CVE-2012-4043 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in global-protect/login.esp in Palo Alto Networks Global Protect Portal, Global Protect Gateway, and SSL VPN portals 3.1.x through 3.1.11 and 4.0.x through 4.… | |||
| CVE-2012-4058 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in SocketMail Pro 2.2.9 allows remote attackers to inject arbitrary web script or HTML via the subject of an email. | |||
| CVE-2012-3696 | medium | — | 4.3 | 14y ago | CRLF injection vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP request splitting attacks via a crafted web site that lever… | |||
| CVE-2012-3695 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML by leveraging improper URL canonicalization during the han… | |||
| CVE-2012-3694 | medium | — | 4.3 | 14y ago | WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to obtain sensitive information about full pathnames via a crafted web sit… | |||
| CVE-2012-3690 | medium | — | 4.3 | 14y ago | WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to read arbitrary files via a crafted web site. | |||
| CVE-2012-3650 | medium | — | 4.3 | 14y ago | WebKit in Apple Safari before 6.0 accesses uninitialized memory locations during the rendering of SVG images, which allows remote attackers to obtain sensitive information from process memory via a c… | |||
| CVE-2012-2676 | medium | — | 4.3 | 14y ago | Multiple integer overflows in the (1) malloc and (2) calloc functions in Hoard before 3.9 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows on … | |||
| CVE-2012-2675 | medium | — | 4.3 | 14y ago | Multiple integer overflows in the (1) CallMalloc (malloc) and (2) nedpcalloc (calloc) functions in nedmalloc (nedmalloc.c) before 1.10 beta2 make it easier for context-dependent attackers to perform … | |||
| CVE-2012-2674 | medium | — | 4.3 | 14y ago | Multiple integer overflows in the (1) chk_malloc, (2) leak_malloc, and (3) leak_memalign functions in libc/bionic/malloc_debug_leak.c in Bionic (libc) for Android, when libc.debug.malloc is set, make… | |||
| CVE-2012-0679 | medium | — | 4.3 | 14y ago | Apple Safari before 6.0 allows remote attackers to read arbitrary files via a feed:// URL. | |||
| CVE-2012-0678 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML via a feed:// URL. | |||
| CVE-2012-3868 | medium | — | 4.3 | 14y ago | Race condition in the ns_client structure management in ISC BIND 9.9.x before 9.9.1-P2 allows remote attackers to cause a denial of service (memory consumption or process exit) via a large volume of … | |||
| CVE-2012-3389 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in mod/lti/typessettings.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via … | |||
| CVE-2012-2751 | medium | — | 4.3 | 14y ago | ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/f… | |||
| CVE-2012-0867 | medium | — | 4.3 | 14y ago | PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof conn… | |||
| CVE-2012-1966 | medium | — | 4.3 | 14y ago | Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cro… | |||
| CVE-2012-1965 | medium | — | 4.3 | 14y ago | Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feed: URL, which allows remote attackers to bypass unspecified cross-site scrip… | |||
| CVE-2012-1963 | medium | — | 4.3 | 14y ago | The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey be… | |||
| CVE-2012-1961 | medium | — | 4.3 | 14y ago | Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values i… | |||
| CVE-2012-1957 | medium | — | 4.3 | 14y ago | An unspecified parser-utility class in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do… | |||
| CVE-2012-3131 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 9, 10, and 11 allows remote attackers to affect confidentiality, related to Network/NFS. | |||
| CVE-2012-3130 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect integrity via unknown vectors related to pkg.depotd. |