CVEs from 2012
Total
5,193
critical
critical 962
high
high 747
medium
medium 2,886
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.8%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-3884 | medium | — | 5.0 | 14y ago | AirDroid 1.0.4 beta implements authentication through direct transmission of a password hash over HTTP, which makes it easier for remote attackers to obtain access by sniffing the local wireless netw… | |||
| CVE-2012-3698 | medium | — | 5.0 | 14y ago | Apple Xcode before 4.4 does not properly compose a designated requirement (DR) during signing of programs that lack bundle identifiers, which allows remote attackers to read keychain entries via a cr… | |||
| CVE-2012-3424 | medium | — | 5.0 | 14y ago | The decode_credentials method in actionpack/lib/action_controller/metal/http_authentication.rb in Ruby on Rails 3.x before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentic… | |||
| CVE-2012-2302 | medium | — | 5.0 | 14y ago | Site Documentation (Sitedoc) module for Drupal 6.x-1.x before 6.x-1.4 does not properly check the save location when archiving, which allows remote attackers to obtain sensitive information via unspe… | |||
| CVE-2012-2296 | medium | — | 5.0 | 14y ago | The Janrain Engage (formerly RPX) module for Drupal 6.x-1.x. 6.x-2.x before 6.x-2.2, and 7.x-2.x before 7.x-2.2 stores user profile data from Engage in session tables, which might allow remote attack… | |||
| CVE-2012-3693 | medium | — | 5.0 | 14y ago | Incomplete blacklist vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, by leveraging the availability of… | |||
| CVE-2012-2677 | medium | — | 5.0 | 14y ago | Integer overflow in the ordered_malloc function in boost/pool/pool.hpp in Boost Pool before 3.9 makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overfl… | |||
| CVE-2012-2673 | medium | — | 5.0 | 14y ago | Multiple integer overflows in the (1) GC_generic_malloc and (2) calloc functions in malloc.c, and the (3) GC_generic_malloc_ignore_off_page function in mallocx.c in Boehm-Demers-Weiser GC (libgc) bef… | |||
| CVE-2012-0680 | medium | — | 5.0 | 14y ago | Apple Safari before 6.0 does not properly handle the autocomplete attribute of a password input element, which allows remote attackers to bypass authentication by leveraging an unattended workstation. | |||
| CVE-2012-2646 | medium | — | 5.0 | 14y ago | The Sleipnir Mobile application before 2.1.0 and Sleipnir Mobile Black Edition application before 2.1.0 for Android do not properly implement the WebView class, which allows remote attackers to obtai… | |||
| CVE-2012-2196 | medium | — | 5.0 | 14y ago | IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to read arbitrary XML files via the (1) GET_WRAP_CFG_C or (2) GET_WRAP_CFG_C2 stored proce… | |||
| CVE-2012-2194 | medium | — | 5.0 | 14y ago | Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR stored procedure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to repla… | |||
| CVE-2012-3394 | medium | — | 5.0 | 14y ago | auth/ldap/ntlmsso_attempt.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 redirects users from an https LDAP login URL to an http URL, which allows r… | |||
| CVE-2012-3385 | medium | — | 5.0 | 14y ago | WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vecto… | |||
| CVE-2012-3357 | medium | — | 5.0 | 14y ago | The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers … | |||
| CVE-2012-3356 | medium | — | 5.0 | 14y ago | The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions via … | |||
| CVE-2012-2738 | medium | — | 5.0 | 14y ago | The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count v… | |||
| CVE-2012-2357 | medium | — | 5.0 | 14y ago | The Multi-Authentication feature in the Central Authentication Service (CAS) functionality in auth/cas/cas_form.html in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not use HTTPS, which allo… | |||
| CVE-2012-3365 | medium | — | 5.0 | 14y ago | The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors. | |||
| CVE-2012-1960 | medium | — | 5.0 | 14y ago | The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 might allow remote attackers … | |||
| CVE-2012-1959 | medium | — | 5.0 | 14y ago | Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not consider the presence of same-comp… | |||
| CVE-2012-3124 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect availability, related to Kernel/KSSL. | |||
| CVE-2012-3123 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server. | |||
| CVE-2012-3121 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows remote attackers to affect availability via unknown vectors related to in.tnamed and NameServer. | |||
| CVE-2012-1749 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Oracle MapViewer component in Oracle Fusion Middleware 10.1.3.1 and 11.1.1.5 allows remote attackers to affect confidentiality via unknown vectors related to Oracle M… | |||
| CVE-2012-1747 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, when running on Windows, allows remote attackers to … | |||
| CVE-2012-1746 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, when running on Windows, allows remote attackers to … | |||
| CVE-2012-1745 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to affect availability via un… | |||
| CVE-2012-1742 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to UI Framework, a different vulnerability than CVE-2012-1760. | |||
| CVE-2012-1738 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Oracle iPlanet Web Server component in Oracle Sun Products Suite Java System Web Server 6.1 and Oracle iPlanet Web Server 7.0 allows remote attackers to affect availa… | |||
| CVE-2012-1736 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Oracle MapViewer component in Oracle Fusion Middleware 10.1.3.1 allows remote attackers to affect confidentiality via unknown vectors related to Oracle Maps. | |||
| CVE-2012-0794 | medium | — | 5.0 | 14y ago | The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 uses a hardcoded password of nfgjeingjk, which makes it easi… | |||
| CVE-2012-0793 | medium | — | 5.0 | 14y ago | Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote attackers to view the profile images of arbitrary user accounts via unspecified vectors. | |||
| CVE-2012-4027 | medium | — | 5.0 | 14y ago | Directory traversal vulnerability in Tridium Niagara AX Framework allows remote attackers to read files outside of the intended images, nav, and px folders by leveraging incorrect permissions, as dem… | |||
| CVE-2012-4026 | medium | — | 5.0 | 14y ago | The Johnson Controls Pegasys P2000 server with software before 3.11 allows remote attackers to trigger false alerts via crafted packets to TCP port 41013 (aka the upload port), a different vulnerabil… | |||
| CVE-2012-2280 | medium | — | 5.0 | 14y ago | EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do not properly use frames, which allows remote attackers to inject arbitrary web script or HTML via uns… | |||
| CVE-2012-2837 | medium | — | 5.0 | 14y ago | The mnote_olympus_entry_get_value function in olympus/mnote-olympus-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (divide-by… | |||
| CVE-2012-2351 | medium | — | 5.0 | 14y ago | The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the "Match username attribute to Remote username" option to false, which allows remote SAML IdP servers to spoof users of… | |||
| CVE-2012-2640 | medium | — | 5.0 | 14y ago | The NEC BIGLOBE Yome Collection application 1.8.3 and earlier for Android allows remote attackers to read the IMEI value from an SD card via a crafted application that lacks the READ_PHONE_STATE perm… | |||
| CVE-2012-0410 | medium | — | 5.0 | 14y ago | Directory traversal vulnerability in WebAccess in Novell GroupWise before 8.03 allows remote attackers to read arbitrary files via the User.interface parameter. | |||
| CVE-2012-3847 | medium | — | 5.0 | 14y ago | slssvc.exe in Invensys Wonderware SuiteLink in Invensys InTouch 2012 and Wonderware Application Server 2012 allows remote attackers to cause a denial of service (resource consumption) via a long Unic… | |||
| CVE-2012-3007 | medium | — | 5.0 | 14y ago | Stack-based buffer overflow in slssvc.exe before 58.x in Invensys Wonderware SuiteLink in the Invensys System Platform software suite, as used in InTouch/Wonderware Application Server IT before 10.5 … | |||
| CVE-2012-2560 | medium | — | 5.0 | 14y ago | Directory traversal vulnerability in WellinTech KingView 6.53 allows remote attackers to read arbitrary files via a crafted HTTP request to port 8001. | |||
| CVE-2012-3829 | medium | — | 5.0 | 14y ago | Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header. | |||
| CVE-2012-2181 | medium | — | 5.0 | 14y ago | Directory traversal vulnerability in the Dojo module in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF14, and 8.0, allows remote attackers to read arbitrary files via a crafted URL. | |||
| CVE-2012-2748 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to obtain sensitive information via vectors related to "Inadequate filtering" and a "SQL error." | |||
| CVE-2012-2318 | medium | — | 5.0 | 14y ago | msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to cause a denial of service (application crash) by plac… | |||
| CVE-2012-1148 | medium | — | 5.0 | 14y ago | Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted X… | |||
| CVE-2012-2385 | medium | — | 5.0 | 14y ago | The terminal dispatcher in mosh before 1.2.1 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value. | |||
| CVE-2012-2098 | medium | — | 5.0 | 14y ago | Uncontrolled Resource Consumption in Apache Commons Compress | |||
| CVE-2012-2743 | medium | — | 5.0 | 14y ago | Revelation 0.4.13-2 and earlier does not iterate through SHA hashing algorithms for AES encryption, which makes it easier for context-dependent attackers to guess passwords via a brute force attack. | |||
| CVE-2012-2742 | medium | — | 5.0 | 14y ago | Revelation 0.4.13-2 and earlier uses only the first 32 characters of a password followed by a sequence of zeros, which reduces the entropy and makes it easier for context-dependent attackers to crack… | |||
| CVE-2012-2826 | medium | — | 5.0 | 14y ago | Google Chrome before 20.0.1132.43 does not properly implement texture conversion, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||
| CVE-2012-2825 | medium | — | 5.0 | 14y ago | The XSL implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors. | |||
| CVE-2012-2822 | medium | — | 5.0 | 14y ago | The PDF functionality in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||
| CVE-2012-2820 | medium | — | 5.0 | 14y ago | Google Chrome before 20.0.1132.43 does not properly implement SVG filters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||
| CVE-2012-2815 | medium | — | 5.0 | 14y ago | Google Chrome before 20.0.1132.43 allows remote attackers to obtain potentially sensitive information from a fragment identifier by leveraging access to an IFRAME element associated with a different … | |||
| CVE-2012-3798 | medium | — | 5.0 | 14y ago | The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when creating a local user account, allows attackers to obtain part of the initial input used to generate passwords, which makes it easier t… | |||
| CVE-2012-2720 | medium | — | 5.0 | 14y ago | The Token Authentication (tokenauth) module 6.x-1.x before 6.x-1.7 for Drupal does not properly revert user sessions, which might allow remote attackers to perform requests with extra privileges. | |||
| CVE-2012-2702 | medium | — | 5.0 | 14y ago | The Ubercart Product Keys module 6.x-1.x before 6.x-1.1 for Drupal does not properly check access for product keys, which allows remote attackers to read all unassigned product keys via certain condi… | |||
| CVE-2012-0191 | medium | — | 5.0 | 14y ago | The web container in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack does not properly perform access control for requests, which allows remote attackers to spoof a localhost request… | |||
| CVE-2012-2127 | medium | — | 5.0 | 14y ago | fs/proc/root.c in the procfs implementation in the Linux kernel before 3.2 does not properly interact with CLONE_NEWPID clone system calls, which allows remote attackers to cause a denial of service … | |||
| CVE-2012-2173 | medium | — | 5.0 | 14y ago | The ODBC driver in IBM Security AppScan Source 7.x and 8.x before 8.6 sends an SHA-1 hash of the connection password during connections to a solidDB database, which allows remote attackers to obtain … | |||
| CVE-2012-0950 | medium | — | 5.0 | 14y ago | The Apport hook (DistUpgradeApport.py) in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uploads the /var/log/dist-upgrade directory when reporting bugs to Launchpad, which allows rem… | |||
| CVE-2012-1724 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect availability, relate… | |||
| CVE-2012-1719 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows r… | |||
| CVE-2012-1718 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows r… | |||
| CVE-2012-1583 | medium | — | 5.0 | 14y ago | Double free vulnerability in the xfrm6_tunnel_rcv function in net/ipv6/xfrm6_tunnel.c in the Linux kernel before 2.6.22, when the xfrm6_tunnel module is enabled, allows remote attackers to cause a de… | |||
| CVE-2012-1145 | medium | — | 5.0 | 14y ago | spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploads to the NULL organization when mod_wsgi is used, which allows remot… | |||
| CVE-2012-3568 | medium | — | 5.0 | 14y ago | Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via crafted WebGL content, as demonstrated by a codeflow.org WebGL demo. | |||
| CVE-2012-3567 | medium | — | 5.0 | 14y ago | Opera before 12.00 Beta allows remote attackers to cause a denial of service (memory consumption or application hang) via an IFRAME element that uses the src="#" syntax to embed a parent document. | |||
| CVE-2012-3565 | medium | — | 5.0 | 14y ago | Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via crafted characters in domain names, as demonstrated by "IDNA2008 tests." | |||
| CVE-2012-3564 | medium | — | 5.0 | 14y ago | Opera before 12.00 Beta allows remote attackers to cause a denial of service (application hang) via an absolutely positioned wrap=off TEXTAREA element located next to an "overflow: auto" block elemen… | |||
| CVE-2012-3563 | medium | — | 5.0 | 14y ago | Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via a web page that contains invalid character encodings. | |||
| CVE-2012-3557 | medium | — | 5.0 | 14y ago | Opera before 11.65 does not properly restrict the reading of JSON strings, which allows remote attackers to perform cross-domain loading of JSON resources and consequently obtain sensitive informatio… | |||
| CVE-2012-3287 | medium | — | 5.0 | 14y ago | Poul-Henning Kamp md5crypt has insufficient algorithmic complexity and a consequently short runtime, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-… | |||
| CVE-2012-2606 | medium | — | 5.0 | 14y ago | The agent in Bradford Network Sentry before 5.3.3 does not require authentication for messages, which allows remote attackers to trigger the display of arbitrary text on a workstation via a crafted p… | |||
| CVE-2012-2566 | medium | — | 5.0 | 14y ago | Bloxx Web Filtering before 5.0.14 does not properly interpret X-Forwarded-For headers during access-control and logging operations for HTTPS connection attempts, which allows remote attackers to bypa… | |||
| CVE-2012-1816 | medium | — | 5.0 | 14y ago | PORTSERV.exe in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to cause a denial of service (daemon c… | |||
| CVE-2012-0441 | medium | — | 5.0 | 14y ago | The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, … | |||
| CVE-2012-0949 | medium | — | 5.0 | 14y ago | The Apport hook in Update Manager as used by Ubuntu 12.04 LTS, 11.10, and 11.04 uploads certain system state archive files when reporting bugs to Launchpad, which allows remote attackers to read repo… | |||
| CVE-2012-2661 | medium | — | 5.0 | 14y ago | The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveReco… | |||
| CVE-2012-2943 | medium | — | 5.0 | 14y ago | CRLF injection vulnerability in cryptographp.inc.php in Cryptographp allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the cfg parameter. | |||
| CVE-2012-1821 | medium | — | 5.0 | 14y ago | The Network Threat Protection module in the Manager component in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.700x on Windows Server 2003 allows remote attackers to cause a denial of ser… | |||
| CVE-2012-2374 | medium | — | 5.0 | 14y ago | CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting… | |||
| CVE-2012-2922 | medium | — | 5.0 | 14y ago | The request_path function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q[] parameter to index.php, which reveals the installati… | |||
| CVE-2012-2921 | medium | — | 5.0 | 14y ago | Universal Feed Parser (aka feedparser or python-feedparser) before 5.1.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML ENTITY declaration in a non-ASCII … | |||
| CVE-2012-1249 | medium | — | 5.0 | 14y ago | The iLunascape application 1.0.4.0 and earlier for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive stored information via a crafted applicatio… | |||
| CVE-2012-2322 | medium | — | 5.0 | 14y ago | Integer overflow in the dhcpv6_get_option function in gdhcp/client.c in ConnMan before 0.85 allows remote attackers to cause a denial of service (infinite loop and crash) via an invalid length value … | |||
| CVE-2012-0676 | medium | — | 5.0 | 14y ago | WebKit in Apple Safari before 5.1.7 does not properly track state information during the processing of form input, which allows remote attackers to fill in form fields on the pages of arbitrary web s… | |||
| CVE-2012-0651 | medium | — | 5.0 | 14y ago | The directory server in Directory Service in Apple Mac OS X 10.6.8 allows remote attackers to obtain sensitive information from process memory via a crafted message. | |||
| CVE-2012-0164 | medium | — | 5.0 | 14y ago | Microsoft .NET Framework 4 does not properly compare index values, which allows remote attackers to cause a denial of service (application hang) via crafted requests to a Windows Presentation Foundat… | |||
| CVE-2012-0580 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 5.2.2, 6.0.0, and 6.1.1 allows remote attackers to affect integrity via unknown vectors r… | |||
| CVE-2012-0376 | medium | — | 5.0 | 14y ago | The voice-sipstack component in Cisco Unified Communications Manager (CUCM) 8.5 allows remote attackers to cause a denial of service (core dump) via vectors involving SIP messages that arrive after a… | |||
| CVE-2012-0535 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors related… | |||
| CVE-2012-0361 | medium | — | 5.0 | 14y ago | The sccp-protocol component in Cisco IP Communicator (CIPC) 7.0 through 8.6 does not limit the rate of SCCP messages to Cisco Unified Communications Manager (CUCM), which allows remote attackers to c… | |||
| CVE-2012-0339 | medium | — | 5.0 | 14y ago | Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish TELNET connections from arbitrary … | |||
| CVE-2012-0338 | medium | — | 5.0 | 14y ago | Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish SSH connections from arbitrary sou… | |||
| CVE-2012-0335 | medium | — | 5.0 | 14y ago | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 through 8.4 do not properly perform proxy authentication during attempts to cut through a firewall, which allows remote … | |||
| CVE-2012-0333 | medium | — | 5.0 | 14y ago | Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML doc… |