CVEs from 2012
Total
5,198
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.7%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-2351 | medium | — | 5.0 | 14y ago | The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the "Match username attribute to Remote username" option to false, which allows remote SAML IdP servers to spoof users of… | |||
| CVE-2012-2640 | medium | — | 5.0 | 14y ago | The NEC BIGLOBE Yome Collection application 1.8.3 and earlier for Android allows remote attackers to read the IMEI value from an SD card via a crafted application that lacks the READ_PHONE_STATE perm… | |||
| CVE-2012-0410 | medium | — | 5.0 | 14y ago | Directory traversal vulnerability in WebAccess in Novell GroupWise before 8.03 allows remote attackers to read arbitrary files via the User.interface parameter. | |||
| CVE-2012-3847 | medium | — | 5.0 | 14y ago | slssvc.exe in Invensys Wonderware SuiteLink in Invensys InTouch 2012 and Wonderware Application Server 2012 allows remote attackers to cause a denial of service (resource consumption) via a long Unic… | |||
| CVE-2012-3007 | medium | — | 5.0 | 14y ago | Stack-based buffer overflow in slssvc.exe before 58.x in Invensys Wonderware SuiteLink in the Invensys System Platform software suite, as used in InTouch/Wonderware Application Server IT before 10.5 … | |||
| CVE-2012-2560 | medium | — | 5.0 | 14y ago | Directory traversal vulnerability in WellinTech KingView 6.53 allows remote attackers to read arbitrary files via a crafted HTTP request to port 8001. | |||
| CVE-2012-3829 | medium | — | 5.0 | 14y ago | Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header. | |||
| CVE-2012-2181 | medium | — | 5.0 | 14y ago | Directory traversal vulnerability in the Dojo module in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF14, and 8.0, allows remote attackers to read arbitrary files via a crafted URL. | |||
| CVE-2012-2748 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to obtain sensitive information via vectors related to "Inadequate filtering" and a "SQL error." | |||
| CVE-2012-2318 | medium | — | 5.0 | 14y ago | msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to cause a denial of service (application crash) by plac… | |||
| CVE-2012-1148 | medium | — | 5.0 | 14y ago | Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted X… | |||
| CVE-2012-2385 | medium | — | 5.0 | 14y ago | The terminal dispatcher in mosh before 1.2.1 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value. | |||
| CVE-2012-2098 | medium | — | 5.0 | 14y ago | Uncontrolled Resource Consumption in Apache Commons Compress | |||
| CVE-2012-2743 | medium | — | 5.0 | 14y ago | Revelation 0.4.13-2 and earlier does not iterate through SHA hashing algorithms for AES encryption, which makes it easier for context-dependent attackers to guess passwords via a brute force attack. | |||
| CVE-2012-2742 | medium | — | 5.0 | 14y ago | Revelation 0.4.13-2 and earlier uses only the first 32 characters of a password followed by a sequence of zeros, which reduces the entropy and makes it easier for context-dependent attackers to crack… | |||
| CVE-2012-2826 | medium | — | 5.0 | 14y ago | Google Chrome before 20.0.1132.43 does not properly implement texture conversion, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||
| CVE-2012-2825 | medium | — | 5.0 | 14y ago | The XSL implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors. | |||
| CVE-2012-2822 | medium | — | 5.0 | 14y ago | The PDF functionality in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||
| CVE-2012-2820 | medium | — | 5.0 | 14y ago | Google Chrome before 20.0.1132.43 does not properly implement SVG filters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||
| CVE-2012-2815 | medium | — | 5.0 | 14y ago | Google Chrome before 20.0.1132.43 allows remote attackers to obtain potentially sensitive information from a fragment identifier by leveraging access to an IFRAME element associated with a different … | |||
| CVE-2012-3798 | medium | — | 5.0 | 14y ago | The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when creating a local user account, allows attackers to obtain part of the initial input used to generate passwords, which makes it easier t… | |||
| CVE-2012-2720 | medium | — | 5.0 | 14y ago | The Token Authentication (tokenauth) module 6.x-1.x before 6.x-1.7 for Drupal does not properly revert user sessions, which might allow remote attackers to perform requests with extra privileges. | |||
| CVE-2012-2702 | medium | — | 5.0 | 14y ago | The Ubercart Product Keys module 6.x-1.x before 6.x-1.1 for Drupal does not properly check access for product keys, which allows remote attackers to read all unassigned product keys via certain condi… | |||
| CVE-2012-0191 | medium | — | 5.0 | 14y ago | The web container in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack does not properly perform access control for requests, which allows remote attackers to spoof a localhost request… | |||
| CVE-2012-2127 | medium | — | 5.0 | 14y ago | fs/proc/root.c in the procfs implementation in the Linux kernel before 3.2 does not properly interact with CLONE_NEWPID clone system calls, which allows remote attackers to cause a denial of service … | |||
| CVE-2012-2173 | medium | — | 5.0 | 14y ago | The ODBC driver in IBM Security AppScan Source 7.x and 8.x before 8.6 sends an SHA-1 hash of the connection password during connections to a solidDB database, which allows remote attackers to obtain … | |||
| CVE-2012-0950 | medium | — | 5.0 | 14y ago | The Apport hook (DistUpgradeApport.py) in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uploads the /var/log/dist-upgrade directory when reporting bugs to Launchpad, which allows rem… | |||
| CVE-2012-1724 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect availability, relate… | |||
| CVE-2012-1719 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows r… | |||
| CVE-2012-1718 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows r… | |||
| CVE-2012-1583 | medium | — | 5.0 | 14y ago | Double free vulnerability in the xfrm6_tunnel_rcv function in net/ipv6/xfrm6_tunnel.c in the Linux kernel before 2.6.22, when the xfrm6_tunnel module is enabled, allows remote attackers to cause a de… | |||
| CVE-2012-1145 | medium | — | 5.0 | 14y ago | spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploads to the NULL organization when mod_wsgi is used, which allows remot… | |||
| CVE-2012-3568 | medium | — | 5.0 | 14y ago | Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via crafted WebGL content, as demonstrated by a codeflow.org WebGL demo. | |||
| CVE-2012-3567 | medium | — | 5.0 | 14y ago | Opera before 12.00 Beta allows remote attackers to cause a denial of service (memory consumption or application hang) via an IFRAME element that uses the src="#" syntax to embed a parent document. | |||
| CVE-2012-3565 | medium | — | 5.0 | 14y ago | Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via crafted characters in domain names, as demonstrated by "IDNA2008 tests." | |||
| CVE-2012-3564 | medium | — | 5.0 | 14y ago | Opera before 12.00 Beta allows remote attackers to cause a denial of service (application hang) via an absolutely positioned wrap=off TEXTAREA element located next to an "overflow: auto" block elemen… | |||
| CVE-2012-3563 | medium | — | 5.0 | 14y ago | Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via a web page that contains invalid character encodings. | |||
| CVE-2012-3557 | medium | — | 5.0 | 14y ago | Opera before 11.65 does not properly restrict the reading of JSON strings, which allows remote attackers to perform cross-domain loading of JSON resources and consequently obtain sensitive informatio… | |||
| CVE-2012-3287 | medium | — | 5.0 | 14y ago | Poul-Henning Kamp md5crypt has insufficient algorithmic complexity and a consequently short runtime, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-… | |||
| CVE-2012-2606 | medium | — | 5.0 | 14y ago | The agent in Bradford Network Sentry before 5.3.3 does not require authentication for messages, which allows remote attackers to trigger the display of arbitrary text on a workstation via a crafted p… | |||
| CVE-2012-2566 | medium | — | 5.0 | 14y ago | Bloxx Web Filtering before 5.0.14 does not properly interpret X-Forwarded-For headers during access-control and logging operations for HTTPS connection attempts, which allows remote attackers to bypa… | |||
| CVE-2012-1816 | medium | — | 5.0 | 14y ago | PORTSERV.exe in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to cause a denial of service (daemon c… | |||
| CVE-2012-0441 | medium | — | 5.0 | 14y ago | The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, … | |||
| CVE-2012-0949 | medium | — | 5.0 | 14y ago | The Apport hook in Update Manager as used by Ubuntu 12.04 LTS, 11.10, and 11.04 uploads certain system state archive files when reporting bugs to Launchpad, which allows remote attackers to read repo… | |||
| CVE-2012-2661 | medium | — | 5.0 | 14y ago | The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveReco… | |||
| CVE-2012-2943 | medium | — | 5.0 | 14y ago | CRLF injection vulnerability in cryptographp.inc.php in Cryptographp allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the cfg parameter. | |||
| CVE-2012-1821 | medium | — | 5.0 | 14y ago | The Network Threat Protection module in the Manager component in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.700x on Windows Server 2003 allows remote attackers to cause a denial of ser… | |||
| CVE-2012-2374 | medium | — | 5.0 | 14y ago | CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting… | |||
| CVE-2012-2922 | medium | — | 5.0 | 14y ago | The request_path function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q[] parameter to index.php, which reveals the installati… | |||
| CVE-2012-2921 | medium | — | 5.0 | 14y ago | Universal Feed Parser (aka feedparser or python-feedparser) before 5.1.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML ENTITY declaration in a non-ASCII … | |||
| CVE-2012-1249 | medium | — | 5.0 | 14y ago | The iLunascape application 1.0.4.0 and earlier for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive stored information via a crafted applicatio… | |||
| CVE-2012-2322 | medium | — | 5.0 | 14y ago | Integer overflow in the dhcpv6_get_option function in gdhcp/client.c in ConnMan before 0.85 allows remote attackers to cause a denial of service (infinite loop and crash) via an invalid length value … | |||
| CVE-2012-0676 | medium | — | 5.0 | 14y ago | WebKit in Apple Safari before 5.1.7 does not properly track state information during the processing of form input, which allows remote attackers to fill in form fields on the pages of arbitrary web s… | |||
| CVE-2012-0651 | medium | — | 5.0 | 14y ago | The directory server in Directory Service in Apple Mac OS X 10.6.8 allows remote attackers to obtain sensitive information from process memory via a crafted message. | |||
| CVE-2012-0164 | medium | — | 5.0 | 14y ago | Microsoft .NET Framework 4 does not properly compare index values, which allows remote attackers to cause a denial of service (application hang) via crafted requests to a Windows Presentation Foundat… | |||
| CVE-2012-0580 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 5.2.2, 6.0.0, and 6.1.1 allows remote attackers to affect integrity via unknown vectors r… | |||
| CVE-2012-0376 | medium | — | 5.0 | 14y ago | The voice-sipstack component in Cisco Unified Communications Manager (CUCM) 8.5 allows remote attackers to cause a denial of service (core dump) via vectors involving SIP messages that arrive after a… | |||
| CVE-2012-0535 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors related… | |||
| CVE-2012-0361 | medium | — | 5.0 | 14y ago | The sccp-protocol component in Cisco IP Communicator (CIPC) 7.0 through 8.6 does not limit the rate of SCCP messages to Cisco Unified Communications Manager (CUCM), which allows remote attackers to c… | |||
| CVE-2012-0339 | medium | — | 5.0 | 14y ago | Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish TELNET connections from arbitrary … | |||
| CVE-2012-0338 | medium | — | 5.0 | 14y ago | Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish SSH connections from arbitrary sou… | |||
| CVE-2012-0335 | medium | — | 5.0 | 14y ago | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 through 8.4 do not properly perform proxy authentication during attempts to cut through a firewall, which allows remote … | |||
| CVE-2012-0333 | medium | — | 5.0 | 14y ago | Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML doc… | |||
| CVE-2012-2213 | medium | — | 5.0 | 14y ago | Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reprod… | |||
| CVE-2012-2212 | medium | — | 5.0 | 14y ago | McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might no… | |||
| CVE-2012-0473 | medium | — | 5.0 | 14y ago | The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey bef… | |||
| CVE-2012-0743 | medium | — | 5.0 | 14y ago | IBM Tivoli Directory Server (TDS) 6.3 and earlier allows remote attackers to cause a denial of service (daemon crash) via a malformed LDAP paged search request. | |||
| CVE-2012-1243 | medium | — | 5.0 | 14y ago | The TwitRocker2 application before 1.0.23 for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. | |||
| CVE-2012-2401 | medium | — | 5.0 | 14y ago | Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows… | |||
| CVE-2012-1180 | medium | — | 5.0 | 14y ago | Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjuncti… | |||
| CVE-2012-2268 | medium | — | 5.0 | 14y ago | master.exe in the SNMP Master Agent in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to cause a denial of service (unhandled exception and daemon crash)… | |||
| CVE-2012-2267 | medium | — | 5.0 | 14y ago | master.exe in the SNMP Master Agent in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to cause a denial of service (daemon crash) by establishing and clo… | |||
| CVE-2012-1809 | medium | — | 5.0 | 14y ago | The web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 allows remote attackers to cause a denial of service (resour… | |||
| CVE-2012-1596 | medium | — | 5.0 | 14y ago | The mp2t_process_fragmented_payload function in epan/dissectors/packet-mp2t.c in the MP2T dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial o… | |||
| CVE-2012-0147 | medium | — | 5.0 | 14y ago | Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafte… | |||
| CVE-2012-2054 | medium | — | 5.0 | 14y ago | Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the (1) Comment, (2) Document, (3) Iss… | |||
| CVE-2012-0255 | medium | — | 5.0 | 14y ago | The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allows remote attackers to cause a denial of service (assertion failure and da… | |||
| CVE-2012-0130 | medium | — | 5.0 | 14y ago | HP Onboard Administrator (OA) before 3.50 allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2012-0222 | medium | — | 5.0 | 14y ago | The FactoryTalk (FT) RNADiagReceiver service in Rockwell Automation Allen-Bradley FactoryTalk CPR9 through SR5 and RSLogix 5000 17 through 20 allows remote attackers to cause a denial of service (out… | |||
| CVE-2012-1926 | medium | — | 5.0 | 14y ago | Opera before 11.62 allows remote attackers to bypass the Same Origin Policy via the (1) history.pushState and (2) history.replaceState functions in conjunction with cross-domain frames, leading to un… | |||
| CVE-2012-1920 | medium | — | 5.0 | 14y ago | @Mail WebMail Client in AtMail Open-Source 1.04 and earlier allows remote attackers to obtain configuration information via a direct request to install/info.php, which calls the phpinfo function. | |||
| CVE-2012-1918 | medium | — | 5.0 | 14y ago | Multiple directory traversal vulnerabilities in (1) compose.php and (2) libs/Atmail/SendMsg.php in @Mail WebMail Client in AtMail Open-Source before 1.05 allow remote attackers to read arbitrary file… | |||
| CVE-2012-1917 | medium | — | 5.0 | 14y ago | compose.php in @Mail WebMail Client in AtMail Open-Source before 1.05 does not properly handle ../ (dot dot slash) sequences in the unique parameter, which allows remote attackers to conduct director… | |||
| CVE-2012-1573 | medium | — | 5.0 | 14y ago | gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (he… | |||
| CVE-2012-1569 | medium | — | 5.0 | 14y ago | The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remo… | |||
| CVE-2012-0256 | medium | — | 5.0 | 14y ago | Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long … | |||
| CVE-2012-1089 | medium | — | 5.0 | 14y ago | Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wi… | |||
| CVE-2012-1841 | medium | — | 5.0 | 14y ago | Absolute path traversal vulnerability in logShow.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware… | |||
| CVE-2012-1838 | medium | — | 5.0 | 14y ago | The web management interface on the LG-Nortel ELO GS24M switch allows remote attackers to bypass authentication, and consequently obtain cleartext credential and configuration information, via a dire… | |||
| CVE-2012-1837 | medium | — | 5.0 | 14y ago | The (1) webreports, (2) post/create-role, and (3) post/update-role programs in IBM Tivoli Endpoint Manager (TEM) before 8.2 do not include the HTTPOnly flag in a Set-Cookie header for a cookie, which… | |||
| CVE-2012-1662 | medium | — | 5.0 | 14y ago | CA ARCserve Backup r12.0 through SP2, r12.5 before SP2, r15 through SP1, and r16 before SP1 on Windows allows remote attackers to cause a denial of service (service shutdown) via a crafted network re… | |||
| CVE-2012-0710 | medium | — | 5.0 | 14y ago | IBM DB2 9.1 before FP11, 9.5 before FP9, 9.7 before FP5, and 9.8 before FP4 allows remote attackers to cause a denial of service (daemon crash) via a crafted Distributed Relational Database Architect… | |||
| CVE-2012-1181 | medium | — | 5.0 | 14y ago | fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to… | |||
| CVE-2012-0328 | medium | — | 5.0 | 14y ago | Janetter before 3.3.0.0 (aka 3.3.0) allows remote attackers to obtain session information for twitter.com web sites via unspecified vectors. | |||
| CVE-2012-1786 | medium | — | 5.0 | 14y ago | The Media Upload form in the Video Embed & Thumbnail Generator plugin before 2.0 for WordPress allows remote attackers to obtain the installation path via unknown vectors. | |||
| CVE-2012-0326 | medium | — | 5.0 | 14y ago | The twicca application 0.7.0 through 0.9.30 for Android does not properly restrict the use of network privileges, which allows remote attackers to read media files on an SD card via a crafted applica… | |||
| CVE-2012-1165 | medium | — | 5.0 | 14y ago | The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application cra… | |||
| CVE-2012-1178 | medium | — | 5.0 | 14y ago | The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service (application crash) via an OIM message … | |||
| CVE-2012-0456 | medium | — | 5.0 | 14y ago | The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.… | |||
| CVE-2012-2139 | medium | — | 5.0 | 14y ago | Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the… |