CVEs from 2012

5,198 normalized CVEs published or assigned in this year.

Total

5,198

critical

critical 963

high

high 747

medium

medium 2,885

low

low 530

% Critical

18.5%

% with KEV

0.4%

% with exploit

16.7%

Top vendors

apple 11,954
mozilla 11,832
google 7,285
adobe 6,218
oracle 3,703
opera 3,601
ibm 2,977
ffmpeg 1,890

Top products

chrome 7,005
safari 6,451
itunes 4,416
firefox 4,272
seamonkey 3,619
opera_browser 3,599
mysql 2,827
thunderbird 2,165

Top packages

PyPI/plone 61
Packagist/typo3/cms 46
Packagist/moodle/moodle 30
RubyGems/actionpack 27
RubyGems/puppet 24
Maven/org.jenkins-ci.main:jenkins-core 16
Maven/org.apache.tomcat:tomcat 15
RubyGems/activerecord 15

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Flags	OS	Vendor	Published	Description
CVE-2012-10026	unknown	—	1.0				10mo ago	The WordPress plugin Asset-Manager version 2.0 and below contains an unauthenticated arbitrary file upload vulnerability in upload.php. The endpoint fails to properly validate and restrict uploaded f…
CVE-2012-1592	unknown	—	1.0				4y ago	Unrestricted Upload of File with Dangerous Type in Apache Struts2
CVE-2012-1572	unknown	—	—				—	OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space
CVE-2012-3490	unknown	—	—				—	The (1) my_popenv_impl and (2) my_spawnv functions in src/condor_utils/my_popen.cpp and the (3) systemCommand function in condor_vm-gahp/vmgahp_common.cpp in Condor 7.6.x before 7.6.10 and 7.8.x befo…
CVE-2012-2142	unknown	—	—				—	The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.
CVE-2012-6712	unknown	—	—				—	In the Linux kernel before 3.4, a buffer overflow occurs in drivers/net/wireless/iwlwifi/iwl-agn-sta.c, which will cause at least memory corruption.
CVE-2012-5887	unknown	—	—				4y ago	Improper Authentication in Apache Tomcat
CVE-2012-3353	unknown	—	—				4y ago	Apache Sling JCR ContentLoader XmlReader Arbitrary File Load
CVE-2012-3536	unknown	—	—				4y ago	Apache James Hupa Webmail application Cross-site Scripting Vulnerabilities
CVE-2012-1094	unknown	—	—				4y ago	JBoss AS may expose root content if excluded-contexts list is mismatched
CVE-2012-0785	unknown	—	—				4y ago	Hash collision attack vulnerability in Jenkins
CVE-2012-4441	unknown	—	—				4y ago	Jenkins CI Game Plugin allows Cross-Site Scripting (XSS)
CVE-2012-4439	unknown	—	—				4y ago	Jenkins allows Cross-Site Scripting (XSS) via Crafted URL
CVE-2012-4440	unknown	—	—				4y ago	Jenkins Violation Plugin allows Cross-Site Scripting (XSS)
CVE-2012-4438	unknown	—	—				4y ago	Jenkins allows Data Insertion and Execution of Code by those with Read and HTTP Access
CVE-2012-2945	unknown	—	—				4y ago	Hadoop symlink vulnerability