CVEs from 2012
Total
5,193
critical
critical 962
high
high 747
medium
medium 2,886
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.8%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-0767 | unknown | — | 1.5 | 4y ago | Adobe Flash Player contains a XSS vulnerability that allows remote attackers to inject web script or HTML. | |||
| CVE-2012-0151 | unknown | — | 1.5 | 4y ago | The Authenticode Signature Verification function in Microsoft Windows (WinVerifyTrust) does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remo… | |||
| CVE-2012-5054 | unknown | — | 1.5 | 4y ago | Adobe Flash Player contains an integer overflow vulnerability that allows remote attackers to execute code via malformed arguments. | |||
| CVE-2012-1710 | unknown | — | 1.5 | 4y ago | Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware allows remote attackers to affect confidentiality, integrity, and availability via Unknown ve… | |||
| CVE-2012-0518 | unknown | — | 1.5 | 4y ago | Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware allows remote attackers to affect integrity via Unknown vectors | |||
| CVE-2012-2539 | unknown | — | 1.5 | 4y ago | Microsoft Word allows attackers to execute remote code or cause a denial-of-service (DoS) via crafted RTF data. | |||
| CVE-2012-2034 | unknown | — | 1.5 | 4y ago | Adobe Flash Player contains a memory corruption vulnerability that allows for remote code execution or denial-of-service (DoS). | |||
| CVE-2012-1856 | unknown | — | 1.5 | 4y ago | The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers syst… | |||
| CVE-2012-10024 | unknown | — | 1.0 | 10mo ago | XBMC version 11.0 contains a path traversal vulnerability in its embedded HTTP server. When accessed via HTTP Basic Authentication, the server fails to properly sanitize URI input, allowing authentic… | |||
| CVE-2012-10026 | unknown | — | 1.0 | 10mo ago | The WordPress plugin Asset-Manager version 2.0 and below contains an unauthenticated arbitrary file upload vulnerability in upload.php. The endpoint fails to properly validate and restrict uploaded f… | |||
| CVE-2012-1592 | unknown | — | 1.0 | 4y ago | Unrestricted Upload of File with Dangerous Type in Apache Struts2 | |||
| CVE-2012-2142 | unknown | — | — | — | The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator. | |||
| CVE-2012-1101 | unknown | — | — | — | systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure). | |||
| CVE-2012-5639 | unknown | — | — | — | LibreOffice and OpenOffice automatically open embedded content | |||
| CVE-2012-3490 | unknown | — | — | — | The (1) my_popenv_impl and (2) my_spawnv functions in src/condor_utils/my_popen.cpp and the (3) systemCommand function in condor_vm-gahp/vmgahp_common.cpp in Condor 7.6.x before 7.6.10 and 7.8.x befo… | |||
| CVE-2012-0216 | unknown | — | — | — | The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides exa… | |||
| CVE-2012-1572 | unknown | — | — | — | OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space | |||
| CVE-2012-6712 | unknown | — | — | — | In the Linux kernel before 3.4, a buffer overflow occurs in drivers/net/wireless/iwlwifi/iwl-agn-sta.c, which will cause at least memory corruption. | |||
| CVE-2012-3442 | unknown | — | — | 4y ago | The (1) django.http.HttpResponseRedirect and (2) django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which… | |||
| CVE-2012-5887 | unknown | — | — | 4y ago | Improper Authentication in Apache Tomcat | |||
| CVE-2012-3353 | unknown | — | — | 4y ago | Apache Sling JCR ContentLoader XmlReader Arbitrary File Load | |||
| CVE-2012-3536 | unknown | — | — | 4y ago | Apache James Hupa Webmail application Cross-site Scripting Vulnerabilities | |||
| CVE-2012-1094 | unknown | — | — | 4y ago | JBoss AS may expose root content if excluded-contexts list is mismatched | |||
| CVE-2012-0785 | unknown | — | — | 4y ago | Hash collision attack vulnerability in Jenkins | |||
| CVE-2012-4441 | unknown | — | — | 4y ago | Jenkins CI Game Plugin allows Cross-Site Scripting (XSS) | |||
| CVE-2012-4438 | unknown | — | — | 4y ago | Jenkins allows Data Insertion and Execution of Code by those with Read and HTTP Access | |||
| CVE-2012-4440 | unknown | — | — | 4y ago | Jenkins Violation Plugin allows Cross-Site Scripting (XSS) | |||
| CVE-2012-4439 | unknown | — | — | 4y ago | Jenkins allows Cross-Site Scripting (XSS) via Crafted URL | |||
| CVE-2012-2945 | unknown | — | — | 4y ago | Hadoop symlink vulnerability |