CVEs from 2012
Total
5,194
critical
critical 962
high
high 747
medium
medium 2,886
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.8%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-5326 | medium | — | 7.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in admin/function.php in IDevSpot iSupport 1.x allows remote attackers to hijack the authentication of administrators for requests that add administrat… | |||
| CVE-2012-5323 | medium | — | 7.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in webconfig/admin_passwd/passwd.html/admin_passwd in Xavi X7968 allows remote attackers to hijack the authentication of administrators for requests th… | |||
| CVE-2012-5320 | medium | — | 7.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in password.cgi in Sagem F@ST 2604 253180972B allows remote attackers to hijack the authentication of administrators for requests that change the admin… | |||
| CVE-2012-5319 | medium | — | 7.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in setup/security.cgi in D-Link DCS-900, DCS-2000, and DCS-5300 allows remote attackers to hijack the authentication of administrators for requests tha… | |||
| CVE-2012-1416 | medium | — | 7.8 | 14y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in SocialCMS 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrator accounts vi… | |||
| CVE-2012-1308 | medium | — | 7.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in redpass.cgi in D-Link DSL-2640B Firmware EU_4.00 allows remote attackers to hijack the authentication of administrators for requests that change the… | |||
| CVE-2012-5318 | medium | — | 7.8 | 14y ago | Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with… | |||
| CVE-2012-1125 | medium | — | 7.8 | 14y ago | Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin before 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a fi… | |||
| CVE-2012-1414 | medium | — | 7.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in manager/news.php in Plume CMS 1.2.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that create News… | |||
| CVE-2012-1153 | medium | — | 7.8 | 14y ago | Unrestricted file upload vulnerability in addons/uploadify/uploadify.php in appRain CMF 0.1.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable exte… | |||
| CVE-2012-3412 | high | — | 7.8 | 14y ago | The sfc (aka Solarflare Solarstorm) driver in the Linux kernel before 3.2.30 allows remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafte… | |||
| CVE-2012-1897 | medium | — | 7.8 | 14y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Wolf CMS 0.75 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via th… | |||
| CVE-2012-4051 | medium | — | 7.8 | 14y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in editAccount.html in the JAMF Software Server (JSS) interface in JAMF Casper Suite before 8.61 allow remote attackers to hijack the authen… | |||
| CVE-2012-4623 | high | — | 7.8 | 14y ago | The DHCPv6 server in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x, 3.1.xS before 3.1.4S, 3.1.xSG and 3.2.xSG before 3.2.5SG, 3.2.xS, 3.2.xXO, 3.3.xS, and 3.3.xSG b… | |||
| CVE-2012-4621 | high | — | 7.8 | 14y ago | The Device Sensor feature in Cisco IOS 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via a DHCP packet, aka Bug ID CSCty96049. | |||
| CVE-2012-4620 | high | — | 7.8 | 14y ago | Cisco IOS 12.2 and 15.0 through 15.2 on Cisco 10000 series routers, when a tunnel interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via tunneled (1) GRE/I… | |||
| CVE-2012-4619 | high | — | 7.8 | 14y ago | The NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via transit IP packets, aka Bug ID CSCtr46123. | |||
| CVE-2012-4618 | high | — | 7.8 | 14y ago | The SIP ALG feature in the NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via transit IP packets, aka Bug ID CS… | |||
| CVE-2012-3949 | high | — | 7.8 | 14y ago | The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, 8.x before 8.5(1)su4, and 8.6 before 8.6(2a)su1; Cisco IOS 12.2 through 12.4 and 15.0 through 15.2… | |||
| CVE-2012-2897 | high | 7.8 | 7.8 | 14y ago | The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 201… | |||
| CVE-2012-4014 | high | — | 7.8 | 14y ago | Unspecified vulnerability in McAfee Email Anti-virus (formerly WebShield SMTP) allows remote attackers to cause a denial of service via unknown vectors. | |||
| CVE-2012-3011 | high | — | 7.8 | 14y ago | Directory traversal vulnerability in the web server in Fultek WinTr Scada 4.0.5 and earlier allows remote attackers to read arbitrary files via a crafted request. | |||
| CVE-2012-5005 | medium | — | 7.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in admin/admin_options.php in VR GPub 4.0 allows remote attackers to hijack the authentication of admins for requests that add admin accounts via an ad… | |||
| CVE-2012-5002 | medium | — | 7.8 | 14y ago | Stack-based buffer overflow in SR10 FTP server (SR10.exe) 1.1.0.6 in Ricoh DC Software DL-10 4.5.0.1, when the Log file name option is enabled, allows remote attackers to execute arbitrary code via a… | |||
| CVE-2012-1901 | medium | — | 7.8 | 14y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in FlexCMS 3.2.1 and earlier allow remote attackers to (1) hijack the authentication of users for requests that change account settings via … | |||
| CVE-2012-2996 | medium | — | 7.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in saveAccountSubTab.imss in Trend Micro InterScan Messaging Security Suite 7.1-Build_Win32_1394 allows remote attackers to hijack the authentication o… | |||
| CVE-2012-3079 | high | — | 7.8 | 14y ago | Cisco IOS 12.2 allows remote attackers to cause a denial of service (CPU consumption) by establishing many IPv6 neighbors, aka Bug ID CSCtn78957. | |||
| CVE-2012-3060 | high | — | 7.8 | 14y ago | Cisco Unity Connection (UC) 8.6, 9.0, and 9.5 allows remote attackers to cause a denial of service (CPU consumption) via malformed UDP packets, aka Bug ID CSCtz76269. | |||
| CVE-2012-2275 | medium | — | 7.8 | 14y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in TestLink 1.9.3 and earlier allow remote attackers to hijack the authentication of users for requests that add, delete, or modify sensitiv… | |||
| CVE-2012-4244 | high | — | 7.8 | 14y ago | ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and na… | |||
| CVE-2012-4629 | high | — | 7.8 | 14y ago | The Cisco ASA-CX Context-Aware Security module before 9.0.2-103 for Adaptive Security Appliances (ASA) devices, and Prime Security Manager (aka PRSM) before 9.0.2-103, allows remote attackers to caus… | |||
| CVE-2012-3935 | high | — | 7.8 | 14y ago | Cisco Unified Presence (CUP) before 8.6(3) and Jabber Extensible Communications Platform (aka Jabber XCP) before 5.3 allow remote attackers to cause a denial of service (process crash) via a crafted … | |||
| CVE-2012-2316 | medium | — | 7.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in servlet/admin/AuthServlet.java in OpenKM 5.1.7 and other versions before 5.1.8-2 allows remote attackers to hijack the authentication of administrat… | |||
| CVE-2012-4877 | medium | — | 7.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that a… | |||
| CVE-2012-1112 | medium | — | 7.8 | 14y ago | Directory traversal vulnerability in Open-Realty CMS 2.5.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the select_users_template parameter t… | |||
| CVE-2012-3012 | high | — | 7.8 | 14y ago | The Arbiter Power Sentinel 1133A device with firmware before 11Jun2012 Rev 421 allows remote attackers to cause a denial of service (Ethernet outage) via unspecified Ethernet traffic that fills a buf… | |||
| CVE-2012-4746 | medium | — | 7.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in accessaccount.cgi in ZTE ZXDSL 831IIV7.5.0a_Z29_OV allows remote attackers to hijack the authentication of administrators for requests that change t… | |||
| CVE-2012-0308 | medium | — | 7.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to hijack the authentication of administrators. | |||
| CVE-2012-4036 | medium | — | 7.8 | 14y ago | Unrestricted file upload vulnerability in admin.php in PBBoard 2.1.4 allows remote administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via… | |||
| CVE-2012-1933 | medium | — | 7.8 | 14y ago | Multiple PHP remote file inclusion vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4 before RC4, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in… | |||
| CVE-2012-2104 | medium | — | 7.8 | 14y ago | cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequenc… | |||
| CVE-2012-1921 | medium | — | 7.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in goform/admin/formWlEncrypt in Sitecom WLM-2501 allows remote attackers to hijack the authentication of administrators for requests that change the r… | |||
| CVE-2012-3252 | high | — | 7.8 | 14y ago | Unspecified vulnerability in HP Serviceguard A.11.19 and A.11.20 allows remote attackers to cause a denial of service via unknown vectors. | |||
| CVE-2012-4237 | medium | — | 7.8 | 14y ago | Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subject_module_id param… | |||
| CVE-2012-3294 | medium | — | 7.8 | 14y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier, and WebSphere MQ - Managed File Transfer 7.5, allo… | |||
| CVE-2012-4325 | medium | — | 7.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in upload/users.php in Utopia News Pro (UNP) 1.4.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that… | |||
| CVE-2012-4280 | medium | — | 7.8 | 14y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in admin/agenteditor.php in Free Realty 3.1-0.6 allow remote attackers to hijack the authentication of administrators for requests that (1) … | |||
| CVE-2012-2602 | medium | — | 7.8 | 14y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to hijack the authentication of administrators fo… | |||
| CVE-2012-2744 | high | — | 7.8 | 14y ago | net/ipv6/netfilter/nf_conntrack_reasm.c in the Linux kernel before 2.6.34, when the nf_conntrack_ipv6 module is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference… | |||
| CVE-2012-1350 | high | — | 7.8 | 14y ago | Cisco IOS 12.3 and 12.4 on Aironet access points allows remote attackers to cause a denial of service (radio-interface input-queue hang) via IAPP 0x3281 packets, aka Bug ID CSCtc12426. | |||
| CVE-2012-2472 | high | — | 7.8 | 14y ago | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 and 8.4, when SIP inspection is enabled, create many identical pre-allocated secondary pinholes, which might allow remot… | |||
| CVE-2012-2469 | high | — | 7.8 | 14y ago | Cisco NX-OS 4.2, 5.0, 5.1, and 5.2 on Nexus 7000 series switches, when the High Availability (HA) policy is configured for Reset, allows remote attackers to cause a denial of service (device reset) v… | |||
| CVE-2012-3017 | high | — | 7.8 | 14y ago | Siemens SIMATIC S7-400 PN CPU devices with firmware 5.x allow remote attackers to cause a denial of service (defect-mode transition and service outage) via (1) malformed HTTP traffic or (2) malformed… | |||
| CVE-2012-3016 | high | — | 7.8 | 14y ago | Siemens SIMATIC S7-400 PN CPU devices with firmware 6 before 6.0.3 allow remote attackers to cause a denial of service (defect-mode transition and service outage) via crafted ICMP packets. | |||
| CVE-2012-3817 | high | — | 7.8 | 14y ago | ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initializ… | |||
| CVE-2012-3120 | high | — | 7.8 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 8 allows remote attackers to affect availability, related to TCP/IP. | |||
| CVE-2012-1740 | high | — | 7.8 | 14y ago | Unspecified vulnerability in the Oracle Application Express Listener component in Oracle Application Express Listener 1.1-ea, 1.1.1, 1.1.2, and 1.1.3 allows remote attackers to affect confidentiality… | |||
| CVE-2012-0282 | medium | — | 7.8 | 14y ago | Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ImageLeftPosition value in … | |||
| CVE-2012-0277 | medium | — | 7.8 | 14y ago | Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PCT image. | |||
| CVE-2012-0276 | medium | — | 7.8 | 14y ago | Multiple heap-based buffer overflows in XnView before 1.99 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a (1) SGI32LogLum compressed… | |||
| CVE-2012-4028 | high | — | 7.8 | 14y ago | Tridium Niagara AX Framework does not properly store credential data, which allows context-dependent attackers to bypass intended access restrictions by using the stored information for authenticatio… | |||
| CVE-2012-3350 | medium | — | 7.8 | 14y ago | SQL injection vulnerability in index.php in Webmatic 3.1.1 allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header. | |||
| CVE-2012-2614 | medium | — | 7.8 | 14y ago | Buffer overflow in programmer.exe in Lattice Diamond Programmer 1.4.2 allows user-assisted remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long stri… | |||
| CVE-2012-3073 | high | — | 7.8 | 14y ago | The IP implementation on Cisco TelePresence Multipoint Switch before 1.8.1, Cisco TelePresence Manager before 1.9.0, and Cisco TelePresence Recording Server 1.8 and earlier allows remote attackers to… | |||
| CVE-2012-2970 | high | — | 7.8 | 14y ago | The Synel SY-780/A Time & Attendance terminal allows remote attackers to cause a denial of service (device hang) via network traffic to port (1) 1641, (2) 3734, or (3) 3735. | |||
| CVE-2012-2017 | high | — | 7.8 | 14y ago | Unspecified vulnerability on HP Photosmart Wireless e-All-in-One B110, e-All-in-One D110, Plus e-All-in-One B210, eStation All-in-One C510, Ink Advantage e-All-in-One K510, and Premium Fax e-All-in-O… | |||
| CVE-2012-2816 | high | — | 7.8 | 14y ago | Google Chrome before 20.0.1132.43 on Windows does not properly isolate sandboxed processes, which might allow remote attackers to cause a denial of service (process interference) via unspecified vect… | |||
| CVE-2012-3058 | high | — | 7.8 | 14y ago | Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(4.1), 8.5 before 8.5(1.11), and 8… | |||
| CVE-2012-3578 | medium | — | 7.8 | 14y ago | Unrestricted file upload vulnerability in html/Upload.php in the FCChat Widget plugin 2.2.13.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with a f… | |||
| CVE-2012-3289 | high | — | 7.8 | 14y ago | VMware Workstation 8.x before 8.0.4, VMware Player 4.x before 4.0.4, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow remote attackers to cause a denial of service (guest OS crash) v… | |||
| CVE-2012-3291 | high | — | 7.8 | 14y ago | Heap-based buffer overflow in OpenConnect 3.18 allows remote servers to cause a denial of service via a crafted greeting banner. | |||
| CVE-2012-1185 | high | 7.8 | 7.8 | 14y ago | Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execu… | |||
| CVE-2012-2488 | high | — | 7.8 | 14y ago | Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series devices allows remote attackers to cause a denial of service (packet transmission outage) via a crafted packet, aka Bug IDs CSCty94… | |||
| CVE-2012-2426 | high | — | 7.8 | 14y ago | The server in xArrow before 3.4.1 does not properly allocate memory, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via unspecified vectors. | |||
| CVE-2012-2320 | high | — | 7.8 | 14y ago | ConnMan before 0.85 does not ensure that netlink messages originate from the kernel, which allows remote attackers to bypass intended access restrictions and cause a denial of service via a crafted n… | |||
| CVE-2012-1097 | high | 7.8 | 7.8 | 14y ago | The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL poin… | |||
| CVE-2012-0044 | high | 7.8 | 7.8 | 14y ago | Integer overflow in the drm_mode_dirtyfb_ioctl function in drivers/gpu/drm/drm_crtc.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.1.5 allows local users to gain privi… | |||
| CVE-2012-1804 | high | — | 7.8 | 14y ago | The OPC server in Progea Movicon before 11.3 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted HTTP request. | |||
| CVE-2012-0180 | high | 7.8 | 7.8 | 14y ago | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 C… | |||
| CVE-2012-1936 | medium | — | 7.8 | 14y ago | The wp_create_nonce function in wp-includes/pluggable.php in WordPress 3.3.1 and earlier associates a nonce with a user account instead of a user session, which might make it easier for remote attack… | |||
| CVE-2012-0378 | high | — | 7.8 | 14y ago | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allow remote attackers to cause a denial of service (connection limit exceeded) by triggering a large number… | |||
| CVE-2012-0550 | medium | — | 7.8 | 14y ago | Unspecified vulnerability in the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1 allows remote attackers to affect confidentiality, integrity, and… | |||
| CVE-2012-1802 | high | — | 7.8 | 14y ago | Buffer overflow in the embedded web server on the Siemens Scalance X Industrial Ethernet switch X414-3E before 3.7.1, X308-2M before 3.7.2, X-300EEC before 3.7.2, XR-300 before 3.7.2, and X-300 befor… | |||
| CVE-2012-1315 | high | — | 7.8 | 14y ago | Memory leak in the SIP inspection feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload)… | |||
| CVE-2012-1314 | high | — | 7.8 | 14y ago | The WAAS Express feature in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit traffic, aka Bug ID CSCtt45381. | |||
| CVE-2012-1311 | high | — | 7.8 | 14y ago | The RSVP feature in Cisco IOS 15.0 and 15.1 and IOS XE 3.2.xS through 3.4.xS before 3.4.2S, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue w… | |||
| CVE-2012-1310 | high | — | 7.8 | 14y ago | Memory leak in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted IP packets, aka B… | |||
| CVE-2012-0388 | high | — | 7.8 | 14y ago | Memory leak in the H.323 inspection feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reloa… | |||
| CVE-2012-0387 | high | — | 7.8 | 14y ago | Memory leak in the HTTP Inspection Engine feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device… | |||
| CVE-2012-0386 | high | — | 7.8 | 14y ago | The SSHv2 implementation in Cisco IOS 12.2, 12.4, 15.0, 15.1, and 15.2 and IOS XE 2.3.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.2S allows remote attackers to cause a denial of service (dev… | |||
| CVE-2012-0385 | high | — | 7.8 | 14y ago | The Smart Install feature in Cisco IOS 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (device reload) by sending a malformed Smart Install message over TCP, aka Bug I… | |||
| CVE-2012-0383 | high | — | 7.8 | 14y ago | Memory leak in the NAT feature in Cisco IOS 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (memory consumption, and device hang or reload) via SIP packets that require tran… | |||
| CVE-2012-1498 | medium | — | 7.8 | 14y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Webfolio CMS 1.1.4 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an adminis… | |||
| CVE-2012-1297 | medium | — | 7.8 | 14y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and earlier allow remote attackers to hijack the authentication of administrators for requ… | |||
| CVE-2012-0356 | high | — | 7.8 | 14y ago | Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 7.0 through 7.2 before 7.2(5.7), 8.0 before 8.0(… | |||
| CVE-2012-0355 | high | — | 7.8 | 14y ago | Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(2.11) and 8.5 before 8.5(1.4) all… | |||
| CVE-2012-0370 | high | — | 7.8 | 15y ago | Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.0 and 7.1 before 7.1.91.0, when WebAuth is enabled, allow remote attackers to cause a denial of service… | |||
| CVE-2012-0369 | high | — | 7.8 | 15y ago | Cisco Wireless LAN Controller (WLC) devices with software 6.0 and 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (device reloa… | |||
| CVE-2012-0368 | high | — | 7.8 | 15y ago | The administrative management interface on Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allows remo… | |||
| CVE-2012-0367 | high | — | 7.8 | 15y ago | Cisco Unity Connection before 7.1.5b(Su5), 8.0 and 8.5 before 8.5.1(Su3), and 8.6 before 8.6.2 allows remote attackers to cause a denial of service (services crash) via a series of crafted TCP segmen… |