CVEs from 2012
Total
5,193
critical
critical 962
high
high 747
medium
medium 2,886
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.8%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-3459 | medium | — | 4.9 | 14y ago | Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted ad… | |||
| CVE-2012-2735 | medium | — | 4.9 | 14y ago | Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote attackers to hijack web sessions via a crafted session co… | |||
| CVE-2012-4402 | medium | — | 4.9 | 14y ago | webservice/lib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly restrict the use of web-service tokens, which allows remote authenticated users to run ar… | |||
| CVE-2012-1649 | medium | — | 4.9 | 14y ago | Cool Aid module before 6.x-1.9 for Drupal does not enforce access restrictions, which allows remote authenticated users with the administer coolaid permission to modify arbitrary pages via unspecifie… | |||
| CVE-2012-4582 | medium | — | 4.9 | 14y ago | McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to reset the passwords of arbit… | |||
| CVE-2012-3447 | medium | — | 4.9 | 14y ago | virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an im… | |||
| CVE-2012-3247 | medium | — | 4.9 | 14y ago | Unspecified vulnerability on the HP Integrity Server BL860c i2, BL870c i2, and BL890c i2 with firmware before 26.31 and the HP Integrity Server rx2800 i2 with firmware before 26.30 allows local users… | |||
| CVE-2012-3426 | medium | — | 4.9 | 14y ago | OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass in… | |||
| CVE-2012-0723 | medium | — | 4.9 | 14y ago | The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly implement the dupmsg system call, which allows local users to cause a denial of service (system crash) via a c… | |||
| CVE-2012-1752 | medium | — | 4.9 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability, related to Kernel/NFS. | |||
| CVE-2012-2016 | medium | — | 4.9 | 14y ago | Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows local users to obtain sensitive information via unknown vectors. | |||
| CVE-2012-1121 | medium | — | 4.9 | 14y ago | MantisBT before 1.2.9 does not properly check permissions, which allows remote authenticated users with manager privileges to (1) modify or (2) delete global categories. | |||
| CVE-2012-2192 | medium | — | 4.9 | 14y ago | The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.1.4-FP-25 SP-02 allows local users to cause a denial of service (system crash) via a crafted application that leverages the presence … | |||
| CVE-2012-2390 | medium | — | 4.9 | 14y ago | Memory leak in mm/hugetlb.c in the Linux kernel before 3.4.2 allows local users to cause a denial of service (memory consumption or system crash) via invalid MAP_HUGETLB mmap operations. | |||
| CVE-2012-2384 | medium | — | 4.9 | 14y ago | Integer overflow in the i915_gem_do_execbuffer function in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.3.5 on 32-bit platfo… | |||
| CVE-2012-2383 | medium | — | 4.9 | 14y ago | Integer overflow in the i915_gem_execbuffer2 function in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.3.5 on 32-bit platform… | |||
| CVE-2012-2121 | medium | — | 4.9 | 14y ago | The KVM implementation in the Linux kernel before 3.3.4 does not properly manage the relationships between memory slots and the iommu, which allows guest OS users to cause a denial of service (memory… | |||
| CVE-2012-1601 | medium | — | 4.9 | 14y ago | The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after … | |||
| CVE-2012-0652 | medium | — | 4.9 | 14y ago | Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or networked home directories are enabled, does not properly restrict what is written to the system log for network logins, which allows … | |||
| CVE-2012-1692 | medium | — | 4.9 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability, related to SCTP. | |||
| CVE-2012-1681 | medium | — | 4.9 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kernel/sockfs. | |||
| CVE-2012-0573 | medium | — | 4.9 | 14y ago | Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.4.0 allows remote authenticated users to… | |||
| CVE-2012-0525 | medium | — | 4.9 | 14y ago | Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 11.1.0.7, 11.2.0.2, and 11.2.0.3, and Oracle Enterprise Manager Grid Control 10.2.0.5 and 11.1.0.… | |||
| CVE-2012-2006 | medium | — | 4.9 | 14y ago | Unspecified vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to modify data or cause a denial of service via unknown vectors. | |||
| CVE-2012-2273 | medium | — | 4.9 | 14y ago | Comodo Internet Security before 5.10.228257.2253 on Windows 7 x64 allows local users to cause a denial of service (system crash) via a crafted 32-bit Portable Executable (PE) file with a kernel Image… | |||
| CVE-2012-0134 | medium | — | 4.9 | 14y ago | Unspecified vulnerability in HP OpenVMS 7.3-2 on the Alpha platform, 8.3 and 8.4 on the Alpha and IA64 platforms, and 8.3-1h1 on the IA64 platform allows local users to cause a denial of service via … | |||
| CVE-2012-0118 | medium | — | 4.9 | 15y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different v… | |||
| CVE-2012-0116 | medium | — | 4.9 | 15y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | |||
| CVE-2012-0103 | medium | — | 4.9 | 15y ago | Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to Kernel. | |||
| CVE-2012-0030 | medium | — | 4.9 | 15y ago | Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI par… | |||
| CVE-2012-6440 | medium | 4.8 | 4.8 | 14y ago | The Web server password authentication mechanism used by the products is vulnerable to a MitM and Replay attack. Successful exploitation of this vulnerability will allow unauthorized access of the pr… | |||
| CVE-2012-5969 | medium | — | 4.8 | 14y ago | Multiple directory traversal vulnerabilities on the Huawei E585 device allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the PATH_INFO of an sdcard/ request or (2) modify arbit… | |||
| CVE-2012-5968 | medium | — | 4.8 | 14y ago | The Huawei E585 device does not validate the status of admin sessions, which allows remote attackers to obtain sensitive user information and the session ID, and modify data, by leveraging access to … | |||
| CVE-2012-4565 | medium | — | 4.7 | 14y ago | The tcp_illinois_info function in net/ipv4/tcp_illinois.c in the Linux kernel before 3.4.19, when the net.ipv4.tcp_congestion_control illinois setting is enabled, allows local users to cause a denial… | |||
| CVE-2012-6333 | medium | — | 4.7 | 14y ago | Multiple HVM control operations in Xen 3.4 through 4.2 allow local HVM guest OS administrators to cause a denial of service (physical CPU consumption) via a large input. | |||
| CVE-2012-5515 | medium | — | 4.7 | 14y ago | The (1) XENMEM_decrease_reservation, (2) XENMEM_populate_physmap, and (3) XENMEM_exchange hypercalls in Xen 4.2 and earlier allow local guest administrators to cause a denial of service (long loop an… | |||
| CVE-2012-5514 | medium | — | 4.7 | 14y ago | The guest_physmap_mark_populate_on_demand function in Xen 4.2 and earlier does not properly unlock the subject GFNs when checking if they are in use, which allows local guest HVM administrators to ca… | |||
| CVE-2012-5511 | medium | — | 4.7 | 14y ago | Stack-based buffer overflow in the dirty video RAM tracking functionality in Xen 3.4 through 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) via a large bitmap image. | |||
| CVE-2012-5510 | medium | — | 4.7 | 14y ago | Xen 4.x, when downgrading the grant table version, does not properly remove the status page from the tracking list when freeing the page, which allows local guest OS administrators to cause a denial … | |||
| CVE-2012-6031 | medium | — | 4.7 | 14y ago | The do_tmem_get function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (CPU hang and host crash) via unspecified vectors related t… | |||
| CVE-2012-3496 | medium | — | 4.7 | 14y ago | XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG … | |||
| CVE-2012-3212 | medium | — | 4.7 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC T4 servers, allows local users to affect availability via unknown vectors related to Kernel. | |||
| CVE-2012-4442 | medium | — | 4.7 | 14y ago | Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the root account during operations with a non-root effective UID, which might allow local users to bypass intended file-read restrictio… | |||
| CVE-2012-2745 | medium | — | 4.7 | 14y ago | The copy_creds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users to cause a denial of service (pa… | |||
| CVE-2012-1765 | medium | — | 4.7 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect integrity via unknown vectors related to Branded Zone. | |||
| CVE-2012-1706 | medium | — | 4.7 | 14y ago | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affec… | |||
| CVE-2012-1111 | medium | — | 4.6 | 12y ago | lightdm before 1.0.9 does not properly close file descriptors before opening a child process, which allows local users to write to the lightdm log or have other unspecified impact. | |||
| CVE-2012-5697 | medium | — | 4.6 | 12y ago | The btinstall installation script in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 uses weak permissions (777) for all files in the frameworkgui/ directory, which allows local users t… | |||
| CVE-2012-5037 | medium | — | 4.6 | 12y ago | The ACL implementation in Cisco IOS before 15.1(1)SY on Catalyst 6500 and 7600 devices allows local users to cause a denial of service (device reload) via a "no object-group" command followed by an o… | |||
| CVE-2012-0064 | medium | — | 4.6 | 13y ago | xkeyboard-config before 2.5 in X.Org before 7.6 enables certain XKB debugging functions by default, which allows physically proximate attackers to bypass an X screen lock via keyboard combinations th… | |||
| CVE-2012-4135 | medium | — | 4.6 | 13y ago | Directory traversal vulnerability in filesys in Cisco NX-OS 6.1(2) and earlier allows local users to access arbitrary files via crafted command-line arguments during a delete action, aka Bug IDs CSCt… | |||
| CVE-2012-4131 | medium | — | 4.6 | 13y ago | Directory traversal vulnerability in tar in Cisco NX-OS allows local users to access arbitrary files via crafted command-line arguments, aka Bug IDs CSCty07157, CSCty07159, CSCty07162, and CSCty07164. | |||
| CVE-2012-4113 | medium | — | 4.6 | 13y ago | The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and read arbitrary files via crafted command parameters within the command-line interfa… | |||
| CVE-2012-4107 | medium | — | 4.6 | 13y ago | The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary commands via crafted parameters to a file-related command, aka Bu… | |||
| CVE-2012-4105 | medium | — | 4.6 | 13y ago | The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service (component crash) via crafted "debug hardware" parameters, aka Bug ID CSCtq86… | |||
| CVE-2012-4081 | medium | — | 4.6 | 13y ago | MCServer in the Cisco Management Controller in Cisco Unified Computing System (UCS) allows local users to cause a denial of service (application crash) via invalid MCTools parameters, aka Bug ID CSCt… | |||
| CVE-2012-4093 | medium | — | 4.6 | 13y ago | The Manager component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service via an invalid Smart Call Home contact address, aka Bug ID CSCtl00186. | |||
| CVE-2012-4542 | medium | — | 4.6 | 14y ago | block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restricti… | |||
| CVE-2012-5429 | medium | — | 4.6 | 14y ago | The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of service (kernel fault and system crash) via a crafted applicati… | |||
| CVE-2012-6472 | medium | — | 4.6 | 14y ago | Opera before 12.12 on UNIX uses weak permissions for the profile directory, which allows local users to obtain sensitive information by reading a (1) cache file, (2) password file, or (3) configurati… | |||
| CVE-2012-6065 | medium | — | 4.6 | 14y ago | The OM Maximenu module 6.x-1.43 and earlier for Drupal, when the "Title has PHP" option is enabled, allows remote authenticated users with the "Administer OM Maximenu" permission to execute arbitrary… | |||
| CVE-2012-4411 | medium | — | 4.6 | 14y ago | The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrators to obtain sensitive host resource information via the qemu monitor. NOTE: this might be a duplicate of CVE-2007-099… | |||
| CVE-2012-1167 | medium | — | 4.6 | 14y ago | The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the ser… | |||
| CVE-2012-4506 | medium | — | 4.6 | 14y ago | Directory traversal vulnerability in gitolite 3.x before 3.1, when wild card repositories and a pattern matching "../" are enabled, allows remote authenticated users to create arbitrary repositories … | |||
| CVE-2012-3211 | medium | — | 4.6 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/System Call. | |||
| CVE-2012-0065 | medium | — | 4.6 | 14y ago | Heap-based buffer overflow in the receive_packet function in libusbmuxd/libusbmuxd.c in usbmuxd 1.0.5 through 1.0.7 allows physically proximate attackers to execute arbitrary code via a long SerialNu… | |||
| CVE-2012-3736 | medium | — | 4.6 | 14y ago | The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors related to ending a FaceTime call. | |||
| CVE-2012-3723 | medium | — | 4.6 | 14y ago | Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts field of a USB hub descriptor, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (… | |||
| CVE-2012-3257 | medium | — | 4.6 | 14y ago | HP Business Availability Center (BAC) 8.07 allows remote authenticated users to hijack web sessions via unspecified vectors. | |||
| CVE-2012-3537 | medium | — | 4.6 | 14y ago | The Crowbar Ohai plugin (chef/cookbooks/ohai/files/default/plugins/crowbar.rb) in the Deployer Barclamp in Crowbar, possibly 1.4 and earlier, allows local users to execute arbitrary shell commands vi… | |||
| CVE-2012-3527 | medium | — | 4.6 | 14y ago | TYPO3 allows remote authenticated backend users to unserialize arbitrary objects | |||
| CVE-2012-3410 | medium | — | 4.6 | 14y ago | Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properl… | |||
| CVE-2012-2375 | medium | — | 4.6 | 14y ago | The __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the NFSv4 implementation in the Linux kernel before 3.3.2 uses an incorrect length variable during a copy operation, which allows remote N… | |||
| CVE-2012-1328 | medium | — | 4.6 | 14y ago | Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2 do not properly handle downloads of configuration information to an RT phone, which allows local users to gain privileges via uns… | |||
| CVE-2012-1931 | medium | — | 4.6 | 14y ago | Opera before 11.62 on UNIX, when used in conjunction with an unspecified printing application, allows local users to overwrite arbitrary files via a symlink attack on a temporary file during printing. | |||
| CVE-2012-1930 | medium | — | 4.6 | 14y ago | Opera before 11.62 on UNIX uses world-readable permissions for temporary files during printing, which allows local users to obtain sensitive information by reading these files. | |||
| CVE-2012-0420 | medium | — | 4.4 | 13y ago | zypp-refresh-wrapper in SUSE Zypper before 1.3.20 and 1.6.x before 1.6.166 allows local users to create files in arbitrary directories, or possibly have unspecified other impact, via a pathname in th… | |||
| CVE-2012-6076 | medium | — | 4.4 | 13y ago | Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and poss… | |||
| CVE-2012-2372 | medium | — | 4.4 | 14y ago | The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG… | |||
| CVE-2012-2252 | medium | — | 4.4 | 14y ago | Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option. | |||
| CVE-2012-2251 | medium | — | 4.4 | 14y ago | rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) "-e" or (2) "--" command line option. | |||
| CVE-2012-5675 | medium | — | 4.4 | 14y ago | Adobe ColdFusion 9.0 through 9.0.2, and 10, allows local users to bypass intended shared-hosting sandbox permissions via unspecified vectors. | |||
| CVE-2012-6036 | medium | — | 4.4 | 14y ago | The (1) memc_save_get_next_page, (2) tmemc_restore_put_page and (3) tmemc_restore_flush_page functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 do not check for negative id pools, w… | |||
| CVE-2012-6034 | medium | — | 4.4 | 14y ago | The (1) tmemc_save_get_next_page and (2) tmemc_save_get_next_inv functions and the (3) TMEMC_SAVE_GET_POOL_UUID sub-operation in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 "do not check … | |||
| CVE-2012-6033 | medium | — | 4.4 | 14y ago | The do_tmem_control function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly check privileges, which allows local guest OS users to access control stack operations via un… | |||
| CVE-2012-4436 | medium | — | 4.4 | 14y ago | Buffer overflow in the run_last_args function in client/fwknop.c in fwknop before 2.0.3, when processing --last, might allow local users to cause a denial of service (client crash) and possibly execu… | |||
| CVE-2012-3466 | medium | — | 4.4 | 14y ago | GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to "idle" or "timeout," does not properly limit the amount of time a passphrase is cached, which allows attackers to have an unsp… | |||
| CVE-2012-5095 | medium | — | 4.4 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to inetd. | |||
| CVE-2012-4677 | medium | — | 4.4 | 14y ago | Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by using a crafted Info.plist file to control the gOkIfNotSecure value. | |||
| CVE-2012-3381 | medium | — | 4.4 | 14y ago | sfcb in sblim-sfcb places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | |||
| CVE-2012-3386 | medium | — | 4.4 | 14y ago | The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local use… | |||
| CVE-2012-2652 | medium | — | 4.4 | 14y ago | The bdrv_open function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink att… | |||
| CVE-2012-3018 | medium | — | 4.4 | 14y ago | The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authen… | |||
| CVE-2012-0305 | medium | — | 4.4 | 14y ago | Untrusted search path vulnerability in Symantec System Recovery 2011 before SP2 and Backup Exec System Recovery 2010 before SP5 allows local users to gain privileges via a Trojan horse DLL in the cur… | |||
| CVE-2012-1750 | medium | — | 4.4 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to mailx. | |||
| CVE-2012-1054 | medium | — | 4.4 | 14y ago | Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local … | |||
| CVE-2012-0110 | medium | — | 4.4 | 15y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect confidentiality, integrity, and availa… | |||
| CVE-2012-3458 | medium | — | 4.3 | 4y ago | Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors. | |||
| CVE-2012-6082 | medium | — | 4.3 | 4y ago | Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the page name in a rss link. | |||
| CVE-2012-5494 | medium | — | 4.3 | 4y ago | Cross-site scripting (XSS) vulnerability in python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, relat… |