CVEs from 2012
Total
5,222
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.4%
% with KEV
0.4%
% with exploit
0.5%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2012-3520 | low | — | 1.9 | 14y ago | The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCM_CREDENTIALS data, which might allow local users to spoof Netlink communication via a craft… | |
| CVE-2012-3741 | low | — | 1.9 | 14y ago | The Restrictions (aka Parental Controls) implementation in Apple iOS before 6 does not properly handle purchase attempts after a Disable Restrictions action, which allows local users to bypass an int… | |
| CVE-2012-3734 | low | — | 1.9 | 14y ago | Office Viewer in Apple iOS before 6 writes cleartext document data to a temporary file, which might allow local users to bypass a document's intended (1) Data Protection level or (2) encryption state… | |
| CVE-2012-3729 | low | — | 1.9 | 14y ago | The Berkeley Packet Filter (BPF) interpreter implementation in the kernel in Apple iOS before 6 accesses uninitialized memory locations, which allows local users to obtain sensitive information about… | |
| CVE-2012-2737 | low | — | 1.9 | 14y ago | The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache directo… | |
| CVE-2012-3116 | low | — | 1.9 | 14y ago | Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, and 6.2 allows local users to affect confidentiality via unknown ve… | |
| CVE-2012-1106 | low | — | 1.9 | 14y ago | The C handler plug-in in Automatic Bug Reporting Tool (ABRT), possibly 2.0.8 and earlier, does not properly set the group (GID) permissions on core dump files for setuid programs when the sysctl fs.s… | |
| CVE-2012-0742 | low | — | 1.9 | 14y ago | IBM Tivoli Event Pump 4.2.2, when the LOG_REQUESTS and VALIDATE_SOAP_USERS options are enabled, places credentials into the AOPSCLOG (aka AOPLOG) data set, which allows local users to obtain sensitiv… | |
| CVE-2012-0098 | low | — | 1.9 | 15y ago | Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2011-0813. | |
| CVE-2012-2425 | low | — | 1.8 | 14y ago | The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allow remote atta… | |
| CVE-2012-2424 | low | — | 1.8 | 14y ago | The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allow remote atta… | |
| CVE-2012-2423 | low | — | 1.8 | 14y ago | The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, provide different… | |
| CVE-2012-2421 | low | — | 1.8 | 14y ago | Absolute path traversal vulnerability in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Int… | |
| CVE-2012-2420 | low | — | 1.8 | 14y ago | The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, might allow remot… | |
| CVE-2012-2419 | low | — | 1.8 | 14y ago | Memory leak in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, al… | |
| CVE-2012-3215 | low | — | 1.7 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC, allows local users to affect confidentiality via unknown vectors related to Kernel. | |
| CVE-2012-3162 | low | — | 1.7 | 14y ago | Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows local users to affect confidentiality, related to MDS loading. | |
| CVE-2012-0174 | low | — | 1.7 | 14y ago | Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packe… | |
| CVE-2012-0494 | low | — | 1.7 | 15y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows local users to affect availability via unknown vectors. | |
| CVE-2012-0075 | low | — | 1.7 | 15y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect integrity via unknown vectors. | |
| CVE-2012-0391 | unknown | — | 1.5 | 4y ago | Apache Struts Remote Java Code Execution | |
| CVE-2012-5616 | low | — | 1.5 | 14y ago | Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) t… | |
| CVE-2012-3145 | low | — | 1.5 | 14y ago | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.0.5, 5.1.0, 5.2.0, 5.3.0 through 5.3.4, and 6.2.0 allows local users to affect… | |
| CVE-2012-6095 | low | — | 1.2 | 14y ago | ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD command… | |
| CVE-2012-3500 | low | — | 1.2 | 14y ago | scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2… | |
| CVE-2012-2103 | low | — | 1.2 | 14y ago | The qmailscan plugin for Munin 1.4.5 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. | |
| CVE-2012-4676 | low | — | 1.2 | 14y ago | The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and earlier allows local users to delete arbitrary files by constructing a (1) symlink or (2) hard link, a different vulnerability tha… | |
| CVE-2012-3487 | low | — | 1.2 | 14y ago | Race condition in Tunnelblick 3.3beta20 and earlier allows local users to kill unintended processes by waiting for a specific PID value to be assigned to a target process. | |
| CVE-2012-2678 | low | — | 1.2 | 14y ago | 389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers … | |
| CVE-2012-2313 | low | — | 1.2 | 14y ago | The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet… | |
| CVE-2012-0645 | low | — | 1.2 | 14y ago | Siri in Apple iOS before 5.1 does not properly restrict the ability of Mail.app to handle voice commands, which allows physically proximate attackers to bypass the locked state via a command that for… | |
| CVE-2012-6712 | unknown | — | — | — | In the Linux kernel before 3.4, a buffer overflow occurs in drivers/net/wireless/iwlwifi/iwl-agn-sta.c, which will cause at least memory corruption. | |
| CVE-2012-5887 | unknown | — | — | 4y ago | Improper Authentication in Apache Tomcat | |
| CVE-2012-3353 | unknown | — | — | 4y ago | Apache Sling JCR ContentLoader XmlReader Arbitrary File Load | |
| CVE-2012-3536 | unknown | — | — | 4y ago | Apache James Hupa Webmail application Cross-site Scripting Vulnerabilities | |
| CVE-2012-0785 | unknown | — | — | 4y ago | Hash collision attack vulnerability in Jenkins | |
| CVE-2012-1094 | unknown | — | — | 4y ago | JBoss AS may expose root content if excluded-contexts list is mismatched | |
| CVE-2012-1592 | unknown | — | — | 4y ago | Unrestricted Upload of File with Dangerous Type in Apache Struts2 | |
| CVE-2012-4441 | unknown | — | — | 4y ago | Jenkins CI Game Plugin allows Cross-Site Scripting (XSS) | |
| CVE-2012-4440 | unknown | — | — | 4y ago | Jenkins Violation Plugin allows Cross-Site Scripting (XSS) | |
| CVE-2012-4439 | unknown | — | — | 4y ago | Jenkins allows Cross-Site Scripting (XSS) via Crafted URL | |
| CVE-2012-4438 | unknown | — | — | 4y ago | Jenkins allows Data Insertion and Execution of Code by those with Read and HTTP Access | |
| CVE-2012-2945 | unknown | — | — | 4y ago | Hadoop symlink vulnerability |