CVEs from 2012
Total
5,197
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.7%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-5076 | unknown | — | 2.5 | 4y ago | The default Java security properties configuration did not restrict access to the com.sun.org.glassfish.external and com.sun.org.glassfish.gmbal packages. An untrusted Java application or applet coul… | |||
| CVE-2012-1823 | unknown | — | 2.5 | 4y ago | sapi/cgi/cgi_main.c in PHP, when configured as a CGI script, does not properly handle query strings, which allows remote attackers to execute arbitrary code. | |||
| CVE-2012-1535 | unknown | — | 2.5 | 4y ago | Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute arbitrary code or cause a denial of service via crafted SWF content. | |||
| CVE-2012-0507 | unknown | — | 2.5 | 4y ago | An incorrect type vulnerability exists in the Concurrency component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code. | |||
| CVE-2012-4681 | unknown | — | 2.5 | 4y ago | The Java Runtime Environment (JRE) component in Oracle Java SE allow for remote code execution. | |||
| CVE-2012-1723 | unknown | — | 2.5 | 4y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related … | |||
| CVE-2012-0158 | unknown | — | 2.5 | 5y ago | Microsoft MSCOMCTL.OCX contains an unspecified vulnerability that allows for remote code execution, allowing an attacker to take complete control of an affected system under the context of the curren… | |||
| CVE-2012-3152 | unknown | — | 2.5 | 5y ago | Oracle Fusion Middleware Reports Developer contains an unspecified vulnerability that allows remote attackers to affect confidentiality and integrity of affected systems. | |||
| CVE-2012-1854 | unknown | — | 1.5 | 2mo ago | Microsoft Visual Basic for Applications (VBA) contains an insecure library loading vulnerability that could allow for remote code execution. | |||
| CVE-2012-5054 | unknown | — | 1.5 | 4y ago | Adobe Flash Player contains an integer overflow vulnerability that allows remote attackers to execute code via malformed arguments. | |||
| CVE-2012-0767 | unknown | — | 1.5 | 4y ago | Adobe Flash Player contains a XSS vulnerability that allows remote attackers to inject web script or HTML. | |||
| CVE-2012-0151 | unknown | — | 1.5 | 4y ago | The Authenticode Signature Verification function in Microsoft Windows (WinVerifyTrust) does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remo… | |||
| CVE-2012-1710 | unknown | — | 1.5 | 4y ago | Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware allows remote attackers to affect confidentiality, integrity, and availability via Unknown ve… | |||
| CVE-2012-0518 | unknown | — | 1.5 | 4y ago | Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware allows remote attackers to affect integrity via Unknown vectors | |||
| CVE-2012-2034 | unknown | — | 1.5 | 4y ago | Adobe Flash Player contains a memory corruption vulnerability that allows for remote code execution or denial-of-service (DoS). | |||
| CVE-2012-2539 | unknown | — | 1.5 | 4y ago | Microsoft Word allows attackers to execute remote code or cause a denial-of-service (DoS) via crafted RTF data. | |||
| CVE-2012-1856 | unknown | — | 1.5 | 4y ago | The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers syst… | |||
| CVE-2012-10026 | unknown | — | 1.0 | 10mo ago | The WordPress plugin Asset-Manager version 2.0 and below contains an unauthenticated arbitrary file upload vulnerability in upload.php. The endpoint fails to properly validate and restrict uploaded f… | |||
| CVE-2012-1592 | unknown | — | 1.0 | 4y ago | Unrestricted Upload of File with Dangerous Type in Apache Struts2 | |||
| CVE-2012-1572 | unknown | — | — | — | OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space | |||
| CVE-2012-6712 | unknown | — | — | — | In the Linux kernel before 3.4, a buffer overflow occurs in drivers/net/wireless/iwlwifi/iwl-agn-sta.c, which will cause at least memory corruption. | |||
| CVE-2012-3490 | unknown | — | — | — | The (1) my_popenv_impl and (2) my_spawnv functions in src/condor_utils/my_popen.cpp and the (3) systemCommand function in condor_vm-gahp/vmgahp_common.cpp in Condor 7.6.x before 7.6.10 and 7.8.x befo… | |||
| CVE-2012-2142 | unknown | — | — | — | The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator. | |||
| CVE-2012-5639 | unknown | — | — | — | LibreOffice and OpenOffice automatically open embedded content | |||
| CVE-2012-5887 | unknown | — | — | 4y ago | Improper Authentication in Apache Tomcat | |||
| CVE-2012-3353 | unknown | — | — | 4y ago | Apache Sling JCR ContentLoader XmlReader Arbitrary File Load | |||
| CVE-2012-3536 | unknown | — | — | 4y ago | Apache James Hupa Webmail application Cross-site Scripting Vulnerabilities | |||
| CVE-2012-1094 | unknown | — | — | 4y ago | JBoss AS may expose root content if excluded-contexts list is mismatched | |||
| CVE-2012-0785 | unknown | — | — | 4y ago | Hash collision attack vulnerability in Jenkins | |||
| CVE-2012-4441 | unknown | — | — | 4y ago | Jenkins CI Game Plugin allows Cross-Site Scripting (XSS) | |||
| CVE-2012-4439 | unknown | — | — | 4y ago | Jenkins allows Cross-Site Scripting (XSS) via Crafted URL | |||
| CVE-2012-4438 | unknown | — | — | 4y ago | Jenkins allows Data Insertion and Execution of Code by those with Read and HTTP Access | |||
| CVE-2012-4440 | unknown | — | — | 4y ago | Jenkins Violation Plugin allows Cross-Site Scripting (XSS) | |||
| CVE-2012-2945 | unknown | — | — | 4y ago | Hadoop symlink vulnerability |