CVEs from 2012
Total
5,235
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.4%
% with KEV
0.4%
% with exploit
0.5%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2012-1854 | unknown | — | 1.5 | 2mo ago | Microsoft Visual Basic for Applications (VBA) contains an insecure library loading vulnerability that could allow for remote code execution. | |
| CVE-2012-4792 | unknown | — | 1.5 | 2y ago | Microsoft Internet Explorer contains a use-after-free vulnerability that allows a remote attacker to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not p… | |
| CVE-2012-0151 | unknown | — | 1.5 | 4y ago | The Authenticode Signature Verification function in Microsoft Windows (WinVerifyTrust) does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remo… | |
| CVE-2012-5054 | unknown | — | 1.5 | 4y ago | Adobe Flash Player contains an integer overflow vulnerability that allows remote attackers to execute code via malformed arguments. | |
| CVE-2012-4969 | unknown | — | 1.5 | 4y ago | Microsoft Internet Explorer contains a use-after-free vulnerability that allows remote attackers to execute code via a crafted web site. | |
| CVE-2012-1889 | unknown | — | 1.5 | 4y ago | Microsoft XML Core Services contains a memory corruption vulnerability which could allow for remote code execution. | |
| CVE-2012-0767 | unknown | — | 1.5 | 4y ago | Adobe Flash Player contains a XSS vulnerability that allows remote attackers to inject web script or HTML. | |
| CVE-2012-0754 | unknown | — | 1.5 | 4y ago | Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS). | |
| CVE-2012-1710 | unknown | — | 1.5 | 4y ago | Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware allows remote attackers to affect confidentiality, integrity, and availability via Unknown ve… | |
| CVE-2012-0391 | unknown | — | 1.5 | 4y ago | The ExceptionDelegator component in Apache Struts 2 before 2.2.3.1 contains an improper input validation vulnerability that allows for remote code execution. | |
| CVE-2012-5076 | unknown | — | 1.5 | 4y ago | The default Java security properties configuration did not restrict access to the com.sun.org.glassfish.external and com.sun.org.glassfish.gmbal packages. An untrusted Java application or applet coul… | |
| CVE-2012-0518 | unknown | — | 1.5 | 4y ago | Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware allows remote attackers to affect integrity via Unknown vectors | |
| CVE-2012-2539 | unknown | — | 1.5 | 4y ago | Microsoft Word allows attackers to execute remote code or cause a denial-of-service (DoS) via crafted RTF data. | |
| CVE-2012-2034 | unknown | — | 1.5 | 4y ago | Adobe Flash Player contains a memory corruption vulnerability that allows for remote code execution or denial-of-service (DoS). | |
| CVE-2012-1823 | unknown | — | 1.5 | 4y ago | sapi/cgi/cgi_main.c in PHP, when configured as a CGI script, does not properly handle query strings, which allows remote attackers to execute arbitrary code. | |
| CVE-2012-1723 | unknown | — | 1.5 | 4y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related … | |
| CVE-2012-0507 | unknown | — | 1.5 | 4y ago | An incorrect type vulnerability exists in the Concurrency component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code. | |
| CVE-2012-4681 | unknown | — | 1.5 | 4y ago | The Java Runtime Environment (JRE) component in Oracle Java SE allow for remote code execution. | |
| CVE-2012-1535 | unknown | — | 1.5 | 4y ago | Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute arbitrary code or cause a denial of service via crafted SWF content. | |
| CVE-2012-1856 | unknown | — | 1.5 | 4y ago | The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers syst… | |
| CVE-2012-3152 | unknown | — | 1.5 | 5y ago | Oracle Fusion Middleware Reports Developer contains an unspecified vulnerability that allows remote attackers to affect confidentiality and integrity of affected systems. | |
| CVE-2012-0158 | unknown | — | 1.5 | 5y ago | Microsoft MSCOMCTL.OCX contains an unspecified vulnerability that allows for remote code execution, allowing an attacker to take complete control of an affected system under the context of the curren… | |
| CVE-2012-1096 | unknown | — | 1.0 | — | ||
| CVE-2012-4381 | unknown | — | — | — | MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force… | |
| CVE-2012-6122 | unknown | — | — | — | Buffer overflow in the thread scheduler in Chicken before 4.8.0.1 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value. | |
| CVE-2012-5582 | unknown | — | — | — | opendnssec misuses libcurl API | |
| CVE-2012-5535 | unknown | — | — | — | gnome-system-log polkit policy allows arbitrary files on the system to be read | |
| CVE-2012-6709 | unknown | — | — | — | ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate Validation. | |
| CVE-2012-5474 | unknown | — | — | — | The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret … | |
| CVE-2012-2142 | unknown | — | — | — | The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator. | |
| CVE-2012-3462 | unknown | — | — | — | A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup o… | |
| CVE-2012-6123 | unknown | — | — | — | Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct "poisoned NUL byte attack." | |
| CVE-2012-6124 | unknown | — | — | — | A casting error in Chicken before 4.8.0 on 64-bit platform caused the random number generator to return a constant value. NOTE: the vendor states "This function wasn't used for security purposes (and… | |
| CVE-2012-3490 | unknown | — | — | — | The (1) my_popenv_impl and (2) my_spawnv functions in src/condor_utils/my_popen.cpp and the (3) systemCommand function in condor_vm-gahp/vmgahp_common.cpp in Condor 7.6.x before 7.6.10 and 7.8.x befo… | |
| CVE-2012-5644 | unknown | — | — | — | libuser has information disclosure when moving user's home directory | |
| CVE-2012-1101 | unknown | — | — | — | systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure). | |
| CVE-2012-1093 | unknown | — | — | — | The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package installation. | |
| CVE-2012-0049 | unknown | — | — | — | OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server. | |
| CVE-2012-0955 | unknown | — | — | — | software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS certificate validation in softwareproperties/ppa.py. software-properties didn't check TLS certificates under p… | |
| CVE-2012-5645 | unknown | — | — | — | A denial of service flaw was found in the way the server component of Freeciv before 2.3.4 processed certain packets. A remote attacker could send a specially-crafted packet that, when processed woul… | |
| CVE-2012-0812 | unknown | — | — | — | PostfixAdmin 2.3.4 has multiple XSS vulnerabilities | |
| CVE-2012-0046 | unknown | — | — | — | mediawiki allows deleted text to be exposed | |
| CVE-2012-6125 | unknown | — | — | — | Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions. | |
| CVE-2012-0216 | unknown | — | — | — | The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides exa… | |
| CVE-2012-3543 | unknown | — | — | — | mono 2.10.x ASP.NET Web Form Hash collision DoS | |
| CVE-2012-6711 | unknown | — | — | — | A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in fu… | |
| CVE-2012-5639 | unknown | — | — | — | LibreOffice and OpenOffice automatically open embedded content | |
| CVE-2012-5359 | unknown | — | — | — | Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted ASF file. | |
| CVE-2012-0952 | unknown | — | — | — | A heap buffer overflow was discovered in the device control ioctl in the Linux driver for Nvidia graphics cards, which may allow an attacker to overflow 49 bytes. This issue was fixed in version 295.… | |
| CVE-2012-0951 | unknown | — | — | — | A Memory Corruption Vulnerability exists in NVIDIA Graphics Drivers 29549 due to an unknown function in the file proc/driver/nvidia/registry. | |
| CVE-2012-2350 | unknown | — | — | — | pam_shield before 0.9.4: Default configuration does not perform protective action | |
| CVE-2012-5476 | unknown | — | — | — | Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value. | |
| CVE-2012-1114 | unknown | — | — | — | A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php. | |
| CVE-2012-1115 | unknown | — | — | — | A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php. | |
| CVE-2012-1187 | unknown | — | — | — | Bitlbee does not drop extra group privileges correctly in unix.c | |
| CVE-2012-1257 | unknown | — | — | — | Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session monitor. | |
| CVE-2012-6094 | unknown | — | — | — | cups (Common Unix Printing System) 'Listen localhost:631' option not honored correctly which could provide unauthorized access to the system | |
| CVE-2012-4428 | unknown | — | — | — | ||
| CVE-2012-6655 | unknown | — | — | — | An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords. | |
| CVE-2012-3409 | unknown | — | — | — | ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev which creates a possible privilege escalation | |
| CVE-2012-6639 | unknown | — | — | — | An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data. | |
| CVE-2012-6111 | unknown | — | — | — | gnome-keyring does not discard stored secrets when using gnome_keyring_lock_all_sync function | |
| CVE-2012-5340 | unknown | — | — | — | SumatraPDF 2.1.1/MuPDF 1.0 allows remote attackers to cause an Integer Overflow in the lex_number() function via a corrupt PDF file. | |
| CVE-2012-1572 | unknown | — | — | — | OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space | |
| CVE-2012-5630 | unknown | — | — | — | libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees. | |
| CVE-2012-6071 | unknown | — | — | — | nuSOAP before 0.7.3-5 does not properly check the hostname of a cert. | |
| CVE-2012-0953 | unknown | — | — | — | A race condition was discovered in the Linux drivers for Nvidia graphics which allowed an attacker to exfiltrate kernel memory to userspace. This issue was fixed in version 295.53. | |
| CVE-2012-1102 | unknown | — | — | — | It was discovered that the XML::Atom Perl module before version 0.39 did not disable external entities when parsing XML from potentially untrusted sources. This may allow attackers to gain read acces… | |
| CVE-2012-6712 | unknown | — | — | — | In the Linux kernel before 3.4, a buffer overflow occurs in drivers/net/wireless/iwlwifi/iwl-agn-sta.c, which will cause at least memory corruption. | |
| CVE-2012-0844 | unknown | — | — | — | Information-disclosure vulnerability in Netsurf through 2.8 due to a world-readable cookie jar. | |
| CVE-2012-1577 | unknown | — | — | — | lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0. | |
| CVE-2012-6114 | unknown | — | — | — | The git-changelog utility in git-extras 1.7.0 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/changelog or (2) /tmp/.git-effort. | |
| CVE-2012-5360 | unknown | — | — | — | Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted QT file. | |
| CVE-2012-2248 | unknown | — | — | — | An issue was discovered in dhclient 4.3.1-6 due to an embedded path variable. | |
| CVE-2012-6083 | unknown | — | — | — | Freeciv before 2.3.3 allows remote attackers to cause a denial of service via a crafted packet. | |
| CVE-2012-2736 | unknown | — | — | — | In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network. | |
| CVE-2012-0842 | unknown | — | — | — | surf: cookie jar has read access from other local user | |
| CVE-2012-4434 | unknown | — | — | — | fwknop before 2.0.3 allow remote authenticated users to cause a denial of service (server crash) or possibly execute arbitrary code. | |
| CVE-2012-6136 | unknown | — | — | — | tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes. | |
| CVE-2012-10047 | unknown | — | — | 10mo ago | Cyclope Employee Surveillance Solution versions 6.x are vulnerable to a SQL injection flaw in its login mechanism. The username parameter in the auth-login POST request is not properly sanitized, all… | |
| CVE-2012-10032 | unknown | — | — | 10mo ago | Maxthon3 version 3.2.2 build 1000 and prior are vulnerable to cross context scripting (XCS) via the about:history page. The browser’s trusted zone improperly handles injected script content, allowing… | |
| CVE-2012-10027 | unknown | — | — | 10mo ago | WP-Property plugin for WordPress up to and including version 1.35.0 contains an unauthenticated file upload vulnerability in the third-party `uploadify.php` script. A remote attacker can upload arbit… | |
| CVE-2012-10024 | unknown | — | — | 10mo ago | XBMC version 11.0 contains a path traversal vulnerability in its embedded HTTP server. When accessed via HTTP Basic Authentication, the server fails to properly sanitize URI input, allowing authentic… | |
| CVE-2012-3442 | unknown | — | — | 4y ago | The (1) django.http.HttpResponseRedirect and (2) django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which… | |
| CVE-2012-5887 | unknown | — | — | 4y ago | Improper Authentication in Apache Tomcat | |
| CVE-2012-3353 | unknown | — | — | 4y ago | Apache Sling JCR ContentLoader XmlReader Arbitrary File Load | |
| CVE-2012-3536 | unknown | — | — | 4y ago | Apache James Hupa Webmail application Cross-site Scripting Vulnerabilities | |
| CVE-2012-1987 | unknown | — | — | 4y ago | Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with… | |
| CVE-2012-20001 | unknown | — | — | 4y ago | PrestaShop XSS Vulnerability | |
| CVE-2012-1094 | unknown | — | — | 4y ago | JBoss AS may expose root content if excluded-contexts list is mismatched | |
| CVE-2012-0785 | unknown | — | — | 4y ago | Hash collision attack vulnerability in Jenkins | |
| CVE-2012-4383 | unknown | — | — | 4y ago | Contao core SQL Injection Vulnerability | |
| CVE-2012-6133 | unknown | — | — | 4y ago | Multiple cross-site scripting (XSS) vulnerabilities in Roundup before 1.4.20 allow remote attackers to inject arbitrary web script or HTML via the (1) @ok_message or (2) @error_message parameter to i… | |
| CVE-2012-1592 | unknown | — | — | 4y ago | Unrestricted Upload of File with Dangerous Type in Apache Struts2 | |
| CVE-2012-2238 | unknown | — | — | 4y ago | trytond 2.4: ModelView.button fails to validate authorization | |
| CVE-2012-4441 | unknown | — | — | 4y ago | Jenkins CI Game Plugin allows Cross-Site Scripting (XSS) | |
| CVE-2012-4438 | unknown | — | — | 4y ago | Jenkins allows Data Insertion and Execution of Code by those with Read and HTTP Access | |
| CVE-2012-4440 | unknown | — | — | 4y ago | Jenkins Violation Plugin allows Cross-Site Scripting (XSS) | |
| CVE-2012-4439 | unknown | — | — | 4y ago | Jenkins allows Cross-Site Scripting (XSS) via Crafted URL | |
| CVE-2012-1159 | unknown | — | — | 4y ago | Moodle included private user files in course backups |