CVEs from 2012
Total
5,198
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.7%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-2662 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System allow remote attackers to inject arbitrary web script or HTML via u… | |||
| CVE-2012-4255 | medium | — | 4.3 | 14y ago | MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information via a direct request to learn/cubemail/refresh_dblist.php, which reveals the installation path in an error message. | |||
| CVE-2012-2326 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to inject arbitrary web script or HTML via a malforme… | |||
| CVE-2012-4071 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the comments module in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attacker… | |||
| CVE-2012-3464 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow re… | |||
| CVE-2012-3465 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 a… | |||
| CVE-2012-3463 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_tag_helper.rb in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attacker… | |||
| CVE-2012-4004 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Sleipnir Mobile application 2.2.0 and earlier and Sleipnir Mobile Black Edition application 2.2.0 and earlier for Android allows remote attackers to in… | |||
| CVE-2012-2960 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the import functionality in HP ArcSight Connector appliance 6.2.0.6244.0 and ArcSight Logger appliance 5.2.0.6288.0 allows remote attackers to inject arbit… | |||
| CVE-2012-3438 | medium | — | 4.3 | 14y ago | The Magick_png_malloc function in coders/png.c in GraphicsMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service… | |||
| CVE-2012-3437 | medium | — | 4.3 | 14y ago | The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of … | |||
| CVE-2012-3413 | medium | — | 4.3 | 14y ago | The HTMLQuoteColorer::process function in messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 through 4.8 does not disable JavaScript, Java, and Plugins, which allows remote attackers to inject arbitra… | |||
| CVE-2012-2648 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the GoodReader app 3.16 and earlier for iOS on the iPad, and 3.15.1 and earlier for iOS on the iPhone and iPod touch, allows remote attackers to inject arb… | |||
| CVE-2012-2317 | medium | — | 4.3 | 14y ago | The Debian php_crypt_revamped.patch patch for PHP 5.3.x, as used in the php5 package before 5.3.3-7+squeeze4 in Debian GNU/Linux squeeze, the php5 package before 5.3.2-1ubuntu4.17 in Ubuntu 10.04 LTS… | |||
| CVE-2012-2022 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i (NNMi) 8.x, 9.0x, 9.1x, and 9.20 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-1361 | medium | — | 4.3 | 14y ago | Cisco IOS 15.1 and 15.2, when the Multicast Music-on-Hold (MMoH) feature of Cisco Unified Communications Manager (CUCM) is enabled, allows remote attackers to obtain sensitive crosstalk information b… | |||
| CVE-2012-4146 | medium | — | 4.3 | 14y ago | Opera before 12.01 allows remote attackers to cause a denial of service (application crash) via a crafted web site, as demonstrated by the Lenovo "Shop now" page. | |||
| CVE-2012-4144 | medium | — | 4.3 | 14y ago | Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, does not properly escape characters in DOM elements, which makes it easier for remote attackers to bypass c… | |||
| CVE-2012-4142 | medium | — | 4.3 | 14y ago | Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, ignores some characters in HTML documents in unspecified circumstances, which makes it easier for remote at… | |||
| CVE-2012-2849 | medium | — | 4.3 | 14y ago | Off-by-one error in the GIF decoder in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of servi… | |||
| CVE-2012-2848 | medium | — | 4.3 | 14y ago | The drag-and-drop implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to bypass inten… | |||
| CVE-2012-2847 | medium | — | 4.3 | 14y ago | Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not request user confirmation before continuing a large series of downloads, which a… | |||
| CVE-2012-1969 | medium | — | 4.3 | 14y ago | The get_attachment_link function in Template.pm in Bugzilla 2.x and 3.x before 3.6.10, 3.7.x and 4.0.x before 4.0.7, 4.1.x and 4.2.x before 4.2.2, and 4.3.x before 4.3.2 does not check whether an att… | |||
| CVE-2012-1968 | medium | — | 4.3 | 14y ago | Bugzilla 4.1.x and 4.2.x before 4.2.2 and 4.3.x before 4.3.2 uses bug-editor privileges instead of bugmail-recipient privileges during construction of HTML bugmail documents, which allows remote atta… | |||
| CVE-2012-4043 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in global-protect/login.esp in Palo Alto Networks Global Protect Portal, Global Protect Gateway, and SSL VPN portals 3.1.x through 3.1.11 and 4.0.x through 4.… | |||
| CVE-2012-4058 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in SocketMail Pro 2.2.9 allows remote attackers to inject arbitrary web script or HTML via the subject of an email. | |||
| CVE-2012-3696 | medium | — | 4.3 | 14y ago | CRLF injection vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP request splitting attacks via a crafted web site that lever… | |||
| CVE-2012-3695 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML by leveraging improper URL canonicalization during the han… | |||
| CVE-2012-3694 | medium | — | 4.3 | 14y ago | WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to obtain sensitive information about full pathnames via a crafted web sit… | |||
| CVE-2012-3690 | medium | — | 4.3 | 14y ago | WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to read arbitrary files via a crafted web site. | |||
| CVE-2012-3650 | medium | — | 4.3 | 14y ago | WebKit in Apple Safari before 6.0 accesses uninitialized memory locations during the rendering of SVG images, which allows remote attackers to obtain sensitive information from process memory via a c… | |||
| CVE-2012-2676 | medium | — | 4.3 | 14y ago | Multiple integer overflows in the (1) malloc and (2) calloc functions in Hoard before 3.9 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows on … | |||
| CVE-2012-2675 | medium | — | 4.3 | 14y ago | Multiple integer overflows in the (1) CallMalloc (malloc) and (2) nedpcalloc (calloc) functions in nedmalloc (nedmalloc.c) before 1.10 beta2 make it easier for context-dependent attackers to perform … | |||
| CVE-2012-2674 | medium | — | 4.3 | 14y ago | Multiple integer overflows in the (1) chk_malloc, (2) leak_malloc, and (3) leak_memalign functions in libc/bionic/malloc_debug_leak.c in Bionic (libc) for Android, when libc.debug.malloc is set, make… | |||
| CVE-2012-0679 | medium | — | 4.3 | 14y ago | Apple Safari before 6.0 allows remote attackers to read arbitrary files via a feed:// URL. | |||
| CVE-2012-0678 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML via a feed:// URL. | |||
| CVE-2012-3868 | medium | — | 4.3 | 14y ago | Race condition in the ns_client structure management in ISC BIND 9.9.x before 9.9.1-P2 allows remote attackers to cause a denial of service (memory consumption or process exit) via a large volume of … | |||
| CVE-2012-3389 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in mod/lti/typessettings.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via … | |||
| CVE-2012-2751 | medium | — | 4.3 | 14y ago | ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/f… | |||
| CVE-2012-0867 | medium | — | 4.3 | 14y ago | PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof conn… | |||
| CVE-2012-1966 | medium | — | 4.3 | 14y ago | Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cro… | |||
| CVE-2012-1965 | medium | — | 4.3 | 14y ago | Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feed: URL, which allows remote attackers to bypass unspecified cross-site scrip… | |||
| CVE-2012-1963 | medium | — | 4.3 | 14y ago | The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey be… | |||
| CVE-2012-1961 | medium | — | 4.3 | 14y ago | Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values i… | |||
| CVE-2012-1957 | medium | — | 4.3 | 14y ago | An unspecified parser-utility class in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do… | |||
| CVE-2012-3131 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 9, 10, and 11 allows remote attackers to affect confidentiality, related to Network/NFS. | |||
| CVE-2012-3130 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect integrity via unknown vectors related to pkg.depotd. | |||
| CVE-2012-3115 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Oracle MapViewer component in Oracle Fusion Middleware 10.1.3.1, 11.1.1.5, and 11.1.1.6 allows remote attackers to affect integrity via unknown vectors related to Ins… | |||
| CVE-2012-3114 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, and 6.2 allows remote attackers to affect integrity via unknown vec… | |||
| CVE-2012-3112 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect integrity via unknown vectors related to Solaris Management Console. | |||
| CVE-2012-1761 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via unknown vectors related to UI Framework. | |||
| CVE-2012-1760 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to UI Framework, a different vulnerability than CVE-2012-1742. | |||
| CVE-2012-1730 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors r… | |||
| CVE-2012-1729 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Hyperion BI+ component in Oracle Hyperion 11.1.1.3 and earlier allows remote attackers to affect integrity via unknown vectors related to UI and Visualization. | |||
| CVE-2012-1715 | medium | — | 4.3 | 14y ago | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity, related to HTML Page… | |||
| CVE-2012-0799 | medium | — | 4.3 | 14y ago | Moodle 2.0.x before 2.0.7 and 2.1.x before 2.1.4, when an anonymous front-page forum is enabled, allows remote attackers to obtain session keys for their sessions by visiting the front page. | |||
| CVE-2012-2645 | medium | — | 4.3 | 14y ago | The Yahoo! Japan Yahoo! Browser application 1.2.0 and earlier for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted ap… | |||
| CVE-2012-2021 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in HP AssetManager 5.20, 5.21, 5.22, and 9.30 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-2278 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the (1) Self-Service Console and (2) Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before … | |||
| CVE-2012-0283 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the tpl_mediaFileList function in inc/template.php in DokuWiki before 2012-01-25b allows remote attackers to inject arbitrary web script or HTML via the ns… | |||
| CVE-2012-3999 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in admin/login.php in Sticky Notes 0.3.09062012.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter. | |||
| CVE-2012-3997 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Sticky Notes before 0.2.27052012.5 allow remote attackers to inject arbitrary web script or HTML via the (1) paste_user or (2) paste_lang parame… | |||
| CVE-2012-3382 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitra… | |||
| CVE-2012-1870 | medium | — | 4.3 | 14y ago | The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other p… | |||
| CVE-2012-1863 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attacker… | |||
| CVE-2012-1861 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to in… | |||
| CVE-2012-1859 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows rem… | |||
| CVE-2012-3238 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Co… | |||
| CVE-2012-2446 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in tools/local_lookup.php in the WebAdmin Portal in Netsweeper allows remote attackers to inject arbitrary web script or HTML via the group parameter in a loo… | |||
| CVE-2012-2644 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 and earlier for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different… | |||
| CVE-2012-2643 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in KENT-WEB YY-BOARD before 6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted form entry. | |||
| CVE-2012-2642 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 and earlier for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different… | |||
| CVE-2012-2018 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 8.x, 9.0x, and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-2641 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Zenphoto before 1.4.3 allows remote attackers to inject arbitrary web script or HTML by triggering improper interaction with an unspecified library. | |||
| CVE-2012-0302 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Brightmail Control Center in Symantec Message Filter 6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-2143 | medium | — | 4.3 | 14y ago | The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contai… | |||
| CVE-2012-3846 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in index.php in PHP-pastebin 2.1 allows remote attackers to inject arbitrary web script or HTML via the title parameter. | |||
| CVE-2012-3844 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in vBulletin 4.1.12 allows remote attackers to inject arbitrary web script or HTML via a long string in the subject parameter when creating a post. | |||
| CVE-2012-3843 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the registration page in e107, probably 1.0.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-3833 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the default index page in admin/ in Quick.CMS 4.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter. | |||
| CVE-2012-3832 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in decoda/Decoda.php in Decoda before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to (1) b or (2) div tags. | |||
| CVE-2012-3828 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Joomla! 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the Host HTTP Header. | |||
| CVE-2012-1147 | medium | — | 4.3 | 14y ago | readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files. | |||
| CVE-2012-0876 | medium | — | 4.3 | 14y ago | The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a deni… | |||
| CVE-2012-3826 | low | — | 4.3 | 14y ago | Multiple integer underflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers to cause a denial of service (loop) via vectors related to the R3 dissector, a different vul… | |||
| CVE-2012-3825 | low | — | 4.3 | 14y ago | Multiple integer overflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) BACapp and (2) Bl… | |||
| CVE-2012-2394 | low | — | 4.3 | 14y ago | Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause… | |||
| CVE-2012-2393 | low | — | 4.3 | 14y ago | epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 does not properly construct certain array data structures, which allows remote atta… | |||
| CVE-2012-2392 | low | — | 4.3 | 14y ago | Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) ANSI MAP, (2) ASF, (3) IEEE 802.11, (4) IEEE 8… | |||
| CVE-2012-2664 | medium | — | 4.3 | 14y ago | The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file (/root/anaconda-ks.cfg) when creating an archiv… | |||
| CVE-2012-1118 | medium | — | 4.3 | 14y ago | The access_has_bug_level function in core/access_api.php in MantisBT before 1.2.9 does not properly restrict access when the private_bug_view_threshold is set to an array, which allows remote attacke… | |||
| CVE-2012-2717 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Mobile Tools module 6.x-2.x before 6.x-2.3 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) Mobile URL f… | |||
| CVE-2012-2722 | medium | — | 4.3 | 14y ago | The node selection interface in the WYSIWYG editor (CKEditor) in the Node Embed module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.0 for Drupal does not properly check permissions, which allows r… | |||
| CVE-2012-2715 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the themes_links function in template.php in the Amadou theme module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web scri… | |||
| CVE-2012-2706 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to user registration. | |||
| CVE-2012-0186 | medium | — | 4.3 | 14y ago | Directory traversal vulnerability in the Eclipse Help component in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack allows remote attackers to discover the locations of files via a cr… | |||
| CVE-2012-2495 | medium | — | 4.3 | 14y ago | The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the… | |||
| CVE-2012-2494 | medium | — | 4.3 | 14y ago | The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 and 3.x before 3.0 MR8 does not compare the timestamp of offered software to t… | |||
| CVE-2012-3790 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in index.php in Adiscon LogAnalyzer before 3.4.4 and 3.5.x before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the highlight param… | |||
| CVE-2012-2180 | medium | — | 4.3 | 14y ago | The chaining functionality in the Distributed Relational Database Architecture (DRDA) module in IBM DB2 9.7 before FP6 and 9.8 before FP5 allows remote attackers to cause a denial of service (NULL po… |