CVEs from 2012
Total
5,193
critical
critical 962
high
high 747
medium
medium 2,886
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.8%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-5329 | medium | — | 5.0 | 14y ago | Buffer overflow in TYPSoft FTP Server 1.1 allows remote authenticated users to cause a denial of service (application crash) via a long string in an APPE command. | |||
| CVE-2012-1623 | medium | — | 5.0 | 14y ago | The Registration Codes module before 6.x-2.4 for Drupal does not restrict access to the registration code list, which might allow remote attackers to bypass intended registration restrictions. | |||
| CVE-2012-1150 | medium | — | 5.0 | 14y ago | Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dep… | |||
| CVE-2012-0845 | medium | — | 5.0 | 14y ago | SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop an… | |||
| CVE-2012-5051 | medium | — | 5.0 | 14y ago | Directory traversal vulnerability in VMware CapacityIQ 1.5.x allows remote attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2012-5301 | medium | — | 5.0 | 14y ago | The default configuration of Cerberus FTP Server before 5.0.4.0 supports the DES cipher for SSH sessions, which makes it easier for remote attackers to obtain sensitive information by sniffing the ne… | |||
| CVE-2012-5298 | medium | — | 5.0 | 14y ago | Mavili Guestbook, as released in November 2007, stores guestbook.mdb under the web root with insufficient access control, which allows remote attackers to read the database via a direct request. | |||
| CVE-2012-3267 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.20 allows remote attackers to obtain sensitive information via unknown vectors. | |||
| CVE-2012-3266 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in IBRIX 6.1.196 through 6.1.251 on HP IBRIX X9000 Storage allows remote attackers to obtain sensitive information via unknown vectors. | |||
| CVE-2012-4063 | medium | — | 5.0 | 14y ago | The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via… | |||
| CVE-2012-1471 | medium | — | 5.0 | 14y ago | Directory traversal vulnerability in catalogue_file.php in ocPortal before 7.1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||
| CVE-2012-4830 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 through 7.0.0.6 allows remote attackers to obtain users' personal data via unknown vectors. | |||
| CVE-2012-3319 | medium | — | 5.0 | 14y ago | IBM Rational Business Developer 8.x before 8.0.1.4 allows remote attackers to obtain potentially sensitive information via a connection to a web service created with the Rational Business Developer p… | |||
| CVE-2012-3035 | medium | — | 5.0 | 14y ago | Buffer overflow in Emerson DeltaV 9.3.1 and 10.3 through 11.3.1 allows remote attackers to cause a denial of service (daemon crash) via a long string to an unspecified port. | |||
| CVE-2012-4429 | medium | — | 5.0 | 14y ago | Vino 2.28, 2.32, 3.4.2, and earlier allows remote attackers to read clipboard activity by listening on TCP port 5900. | |||
| CVE-2012-2241 | medium | — | 5.0 | 14y ago | scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to delete arbitrary files via a crafted (1) .dsc or (2) .changes file, probably related to a NULL byte in a filename. | |||
| CVE-2012-1591 | medium | — | 5.0 | 14y ago | The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles. | |||
| CVE-2012-1833 | medium | — | 5.0 | 14y ago | VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does not properly restrict data binding, which might allow remote attackers to bypass intended access restrictions and modify arbitrary … | |||
| CVE-2012-2680 | medium | — | 5.0 | 14y ago | Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, does not properly restrict access to resources, which allows remote attackers to obtain sensitive informa… | |||
| CVE-2012-2145 | medium | — | 5.0 | 14y ago | Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of inc… | |||
| CVE-2012-2892 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to bypass the pop-up blocker via unknown vectors. | |||
| CVE-2012-2891 | medium | — | 5.0 | 14y ago | The IPC implementation in Google Chrome before 22.0.1229.79 allows attackers to obtain potentially sensitive information about memory addresses via unspecified vectors. | |||
| CVE-2012-2884 | medium | — | 5.0 | 14y ago | Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||
| CVE-2012-2877 | medium | — | 5.0 | 14y ago | The extension system in Google Chrome before 22.0.1229.79 does not properly handle modal dialogs, which allows remote attackers to cause a denial of service (application crash) via unspecified vector… | |||
| CVE-2012-2199 | medium | — | 5.0 | 14y ago | The server message channel agent in the queue manager in the server in IBM WebSphere MQ 7.0.1 before 7.0.1.9, 7.1, and 7.5 on Solaris allows remote attackers to cause a denial of service (invalid add… | |||
| CVE-2012-2187 | medium | — | 5.0 | 14y ago | IBM Remote Supervisor Adapter II firmware for System x3650, x3850 M2, and x3950 M2 1.13 and earlier generates weak RSA keys, which makes it easier for attackers to defeat cryptographic protection mec… | |||
| CVE-2012-3745 | medium | — | 5.0 | 14y ago | Off-by-one error in Telephony in Apple iOS before 6 allows remote attackers to cause a denial of service (buffer overflow and connectivity outage) via a crafted user-data header in an SMS message. | |||
| CVE-2012-3744 | medium | — | 5.0 | 14y ago | Telephony in Apple iOS before 6 uses an SMS message's return address as the displayed sender address, which allows remote attackers to spoof text communication via a message in which the return addre… | |||
| CVE-2012-3743 | medium | — | 5.0 | 14y ago | The System Logs implementation in Apple iOS before 6 does not restrict /var/log access by sandboxed apps, which allows remote attackers to obtain sensitive information via a crafted app that reads lo… | |||
| CVE-2012-3742 | medium | — | 5.0 | 14y ago | Safari in Apple iOS before 6 does not properly restrict use of an unspecified Unicode character that looks similar to the https lock indicator, which allows remote attackers to spoof https connection… | |||
| CVE-2012-3724 | medium | — | 5.0 | 14y ago | CFNetwork in Apple iOS before 6 does not properly identify the host portion of a URL, which allows remote attackers to obtain sensitive information by leveraging the construction of an HTTP request w… | |||
| CVE-2012-3721 | medium | — | 5.0 | 14y ago | Profile Manager in Apple Mac OS X before 10.7.5 does not properly perform authentication for the Device Management private interface, which allows attackers to enumerate managed devices via unspecifi… | |||
| CVE-2012-5007 | medium | — | 5.0 | 14y ago | The Fill PDF module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to write to arbitrary PDF files via unspecified vectors related to the fillpdf_merge_pdf function and incorrect arguments… | |||
| CVE-2012-2991 | medium | — | 5.0 | 14y ago | The PayPal (aka MODULE_PAYMENT_PAYPAL_STANDARD) module before 1.1 in osCommerce Online Merchant before 2.3.4 allows remote attackers to set the payment recipient via a modified value of the merchant'… | |||
| CVE-2012-4407 | medium | — | 5.0 | 14y ago | lib/filelib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly check the publication state of blog files, which allows remote attackers to obtain sensitive… | |||
| CVE-2012-4403 | medium | — | 5.0 | 14y ago | theme/yui_combo.php in Moodle 2.3.x before 2.3.2 does not properly construct error responses for the drag-and-drop script, which allows remote attackers to obtain the installation path by sending a r… | |||
| CVE-2012-3030 | medium | — | 5.0 | 14y ago | WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, stores sensitive information under the web root with insufficient access control, which allows remote at… | |||
| CVE-2012-2058 | medium | — | 5.0 | 14y ago | The Ubercart Payflow module for Drupal does not use a secure token, which allows remote attackers to forge payments via unspecified vectors. | |||
| CVE-2012-3919 | medium | — | 5.0 | 14y ago | The Cisco Application Control Engine (ACE) module 3.0 for Cisco Catalyst switches and Cisco routers does not properly monitor Load Balancer (LB) queues, which allows remote attackers to cause a denia… | |||
| CVE-2012-3915 | medium | — | 5.0 | 14y ago | The DMVPN tunnel implementation in Cisco IOS 15.2 allows remote attackers to cause a denial of service (persistent IKE state) via a large volume of hub-to-spoke traffic, aka Bug ID CSCtq39602. | |||
| CVE-2012-3901 | medium | — | 5.0 | 14y ago | The updateTime function in sensorApp on Cisco IPS 4200 series sensors 7.0 and 7.1 allows remote attackers to cause a denial of service (process crash and traffic-inspection outage) via network traffi… | |||
| CVE-2012-3899 | medium | — | 5.0 | 14y ago | sensorApp on Cisco IPS 4200 series sensors 6.0, 6.2, and 7.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and process crash, and tr… | |||
| CVE-2012-3094 | medium | — | 5.0 | 14y ago | The VPN downloader in the download_install component in Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495 on Linux accepts arbitrary X.509 server certificates without user interaction, w… | |||
| CVE-2012-4001 | medium | — | 5.0 | 14y ago | The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified … | |||
| CVE-2012-4817 | medium | — | 5.0 | 14y ago | The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS before 2.2.1.4-FP-25 SP-02, does not properly handle GID values, which allows remote attackers to cause a denial of service via … | |||
| CVE-2012-4683 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-4682. | |||
| CVE-2012-4682 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-4683. | |||
| CVE-2012-4922 | medium | — | 5.0 | 14y ago | The tor_timegm function in common/util.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.22-rc, does not properly validate time values, which allows remote attackers to cause a denial of service (as… | |||
| CVE-2012-4419 | medium | — | 5.0 | 14y ago | The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a denial of service (assertion failure and daemo… | |||
| CVE-2012-4903 | medium | — | 5.0 | 14y ago | Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by… | |||
| CVE-2012-2048 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in Adobe ColdFusion 10 and earlier allows attackers to cause a denial of service via unknown vectors. | |||
| CVE-2012-2774 | medium | — | 5.0 | 14y ago | The ff_MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors, related to starting "… | |||
| CVE-2012-4885 | medium | — | 5.0 | 14y ago | The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to cause a denial of service (infinite loop) via certain input, as demonstrated by the padleft f… | |||
| CVE-2012-2315 | medium | — | 5.0 | 14y ago | admin/Auth in OpenKM 5.1.7 and other versions before 5.1.8-2 does not properly enforce privileges for changing user roles, which allows remote authenticated users to assign administrator privileges t… | |||
| CVE-2012-1581 | medium | — | 5.0 | 14y ago | MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 uses weak random numbers for password reset tokens, which makes it easier for remote attackers to change the passwords of arbitrary users. | |||
| CVE-2012-1579 | medium | — | 5.0 | 14y ago | The resource loader in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive inform… | |||
| CVE-2012-1152 | medium | — | 5.0 | 14y ago | Multiple format string vulnerabilities in the error reporting functionality in the YAML::LibYAML (aka YAML-LibYAML and perl-YAML-LibYAML) module 0.38 for Perl allow remote attackers to cause a denial… | |||
| CVE-2012-1151 | medium | — | 5.0 | 14y ago | Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (proce… | |||
| CVE-2012-1611 | medium | — | 5.0 | 14y ago | Joomla! 2.5.x before 2.5.4 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end" information via unknown attack vectors. NOTE: this might be a dup… | |||
| CVE-2012-0837 | medium | — | 5.0 | 14y ago | Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain the installation path via unspecified vectors related to "administrator." | |||
| CVE-2012-0836 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 allows attackers to read the error log via unknown vectors. | |||
| CVE-2012-0835 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain sensitive information via unknown vectors related to "administrator." | |||
| CVE-2012-0821 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0819. | |||
| CVE-2012-0819 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0821. | |||
| CVE-2012-4752 | medium | — | 5.0 | 14y ago | appconfig.php in ownCloud before 4.0.6 does not properly restrict access, which allows remote authenticated users to edit app configurations via unspecified vectors. NOTE: this can be leveraged by u… | |||
| CVE-2012-4387 | medium | — | 5.0 | 14y ago | Denial of service in Apache Struts | |||
| CVE-2012-3526 | medium | — | 5.0 | 14y ago | The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For … | |||
| CVE-2012-3509 | medium | — | 5.0 | 14y ago | Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to c… | |||
| CVE-2012-2063 | medium | — | 5.0 | 14y ago | The Slidebox module before 7.x-1.4 for Drupal does not properly check permissions, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2012-1608 | medium | — | 5.0 | 14y ago | Typo3 API XSS Vulnerabilities | |||
| CVE-2012-1607 | medium | — | 5.0 | 14y ago | TYPO3 allows remote attackers to obtain the database name via a direct request | |||
| CVE-2012-1605 | medium | — | 5.0 | 14y ago | Typo3 Extbase Framework Unsafe Deserialization | |||
| CVE-2012-4747 | medium | — | 5.0 | 14y ago | Bugzilla 2.x and 3.x through 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 stores potentially sensitive information under the web root with insufficient a… | |||
| CVE-2012-3981 | medium | — | 5.0 | 14y ago | Auth/Verify/LDAP.pm in Bugzilla 2.x and 3.x before 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 does not restrict the characters in a username, which mig… | |||
| CVE-2012-4741 | medium | — | 5.0 | 14y ago | The RADIUS extension in PacketFence before 3.3.0 uses a different user name than is used for authentication for users with custom VLAN assignment extensions, which allows remote attackers to spoof us… | |||
| CVE-2012-3534 | medium | — | 5.0 | 14y ago | GNU Gatekeeper before 3.1 does not limit the number of connections to the status port, which allows remote attackers to cause a denial of service (connection and thread consumption) via a large numbe… | |||
| CVE-2012-3533 | medium | — | 5.0 | 14y ago | The python SDK before 3.1.0.6 and CLI before 3.1.0.8 for oVirt 3.1 does not check the server SSL certificate against the client keys, which allows remote attackers to spoof a server via a man-in-the-… | |||
| CVE-2012-2704 | medium | — | 5.0 | 14y ago | The Advertisement module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access to debug information, which allows remote attackers to obtain sensitive site configuration information tha… | |||
| CVE-2012-4171 | medium | — | 5.0 | 14y ago | Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and be… | |||
| CVE-2012-2867 | medium | — | 5.0 | 14y ago | The SPDY implementation in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service (application crash) via unspecified vectors. | |||
| CVE-2012-4010 | medium | — | 5.0 | 14y ago | Opera before 11.60 allows remote attackers to spoof the address bar via unspecified homograph characters, a different vulnerability than CVE-2010-2660. | |||
| CVE-2012-3312 | medium | — | 5.0 | 14y ago | The datasource definition editor in IBM InfoSphere Guardium 8.2 and earlier, when the save-password setting is enabled, transmits cleartext database credentials, which allows remote attackers to obta… | |||
| CVE-2012-3972 | medium | — | 5.0 | 14y ago | The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey b… | |||
| CVE-2012-1643 | medium | — | 5.0 | 14y ago | The Faster Permissions module 7.x-2.x before 7.x-1.2 for Drupal does not check the "administer permissions" permission, which allows remote attackers to modify access permissions via unspecified vect… | |||
| CVE-2012-1642 | medium | — | 5.0 | 14y ago | includes/linkchecker.pages.inc in the Link checker module 6.x-2.x before 6.x-2.5 for Drupal does not properly enforce access permissions on broken links, which allows remote attackers to obtain sensi… | |||
| CVE-2012-3467 | medium | — | 5.0 | 14y ago | Apache QPID Allows Remote Authentication Bypass | |||
| CVE-2012-3421 | medium | — | 5.0 | 14y ago | The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by se… | |||
| CVE-2012-3420 | medium | — | 5.0 | 14y ago | Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted… | |||
| CVE-2012-3419 | medium | — | 5.0 | 14y ago | Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments. | |||
| CVE-2012-3418 | medium | — | 5.0 | 14y ago | libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a PDU with the numcreds field value greater than the… | |||
| CVE-2012-0855 | medium | — | 5.0 | 14y ago | Heap-based buffer overflow in the get_sot function in the J2K decoder (j2k.c) in libavcodec in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via unspeci… | |||
| CVE-2012-4678 | medium | — | 5.0 | 14y ago | munin-cgi-graph for Munin 2.0 rc4 does not delete temporary files, which allows remote attackers to cause a denial of service (disk consumption) via many requests to an image with unique parameters. | |||
| CVE-2012-2147 | medium | — | 5.0 | 14y ago | munin-cgi-graph in Munin 2.0 rc4 allows remote attackers to cause a denial of service (disk or memory consumption) via many image requests with large values in the (1) size_x or (2) size_y parameters. | |||
| CVE-2012-4674 | medium | — | 5.0 | 14y ago | PluXml before 5.1.6 allows remote attackers to obtain the installation path via the PHPSESSID. | |||
| CVE-2012-3519 | medium | — | 5.0 | 14y ago | routerlist.c in Tor before 0.2.2.38 uses a different amount of time for relay-list iteration depending on which relay is chosen, which might allow remote attackers to obtain sensitive information abo… | |||
| CVE-2012-3518 | medium | — | 5.0 | 14y ago | The networkstatus_parse_vote_from_string function in routerparse.c in Tor before 0.2.2.38 does not properly handle an invalid flavor name, which allows remote attackers to cause a denial of service (… | |||
| CVE-2012-3517 | medium | — | 5.0 | 14y ago | Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might allow remote attackers to cause a denial of service (daemon crash) via vectors related to failed DNS requests. | |||
| CVE-2012-3514 | medium | — | 5.0 | 14y ago | OCaml Xml-Light Library before r234 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service … | |||
| CVE-2012-3501 | medium | — | 5.0 | 14y ago | The squidclamav_check_preview_handler function in squidclamav.c in SquidClamav 5.x before 5.8 and 6.x before 6.7 passes an unescaped URL to a system command call, which allows remote attackers to cau… | |||
| CVE-2012-4605 | medium | — | 5.0 | 14y ago | The default configuration of the SMTP component in Websense Email Security 6.1 through 7.3 enables weak SSL ciphers in the "SurfControl plc\SuperScout Email Filter\SMTP" registry key, which makes it … |