CVEs from 2012
Total
5,193
critical
critical 962
high
high 747
medium
medium 2,886
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.8%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-0534 | medium | — | 4.0 | 14y ago | Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect integrity vi… | |||
| CVE-2012-0533 | medium | — | 4.0 | 14y ago | Unspecified vulnerability in the PeopleSoft Enterprise FCSM component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related… | |||
| CVE-2012-0530 | medium | — | 4.0 | 14y ago | Unspecified vulnerability in the PeopleSoft Enterprise SCM component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote authenticated users to affect integrity via unknown vectors related to ePr… | |||
| CVE-2012-0521 | medium | — | 4.0 | 14y ago | Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.1 Bundle #9 allows remote authenticated users to affect confidentiality via unknown vectors relate… | |||
| CVE-2012-0515 | medium | — | 4.0 | 14y ago | Unspecified vulnerability in the Identity Manager Connector component in Oracle Fusion Middleware 9.1.0.4 allows remote authenticated users to affect integrity via unknown vectors. | |||
| CVE-2012-0514 | medium | — | 4.0 | 14y ago | Unspecified vulnerability in the PeopleSoft Enterprise CRM component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality, related to SEC. | |||
| CVE-2012-0466 | medium | — | 4.0 | 14y ago | template/en/default/list/list.js.tmpl in Bugzilla 2.x and 3.x before 3.6.9, 3.7.x and 4.0.x before 4.0.6, and 4.1.x and 4.2.x before 4.2.1 does not properly handle multiple logins, which allows remot… | |||
| CVE-2012-0712 | medium | — | 4.0 | 14y ago | The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 allows remote authenticated users to cause a denial of service (infinite loop) by calling the XMLPARSE function with a … | |||
| CVE-2012-0709 | medium | — | 4.0 | 14y ago | IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not properly check variables, which allows remote authenticated users to bypass intended restrictions on viewing table data by levera… | |||
| CVE-2012-1513 | medium | — | 4.0 | 14y ago | The Web Configuration tool in VMware vCenter Orchestrator (vCO) 4.0 before Update 4, 4.1 before Update 2, and 4.2 before Update 1 places the vCenter Server password in an HTML document, which allows … | |||
| CVE-2012-1497 | medium | — | 4.0 | 15y ago | The default configuration of Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 supports the "mt:Include file=" attribute, which allows remote authenticated users to conduct directory t… | |||
| CVE-2012-1289 | medium | — | 4.0 | 15y ago | Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the logfilename parameter to (1) b2b/admin/log.jsp or … | |||
| CVE-2012-0396 | medium | — | 4.0 | 15y ago | EMC Documentum xPlore 1.0, 1.1 before P07, and 1.2 does not properly enforce the requirement for BROWSE permission, which allows remote authenticated users to determine the existence of an object, or… | |||
| CVE-2012-0448 | medium | — | 4.0 | 15y ago | Bugzilla 2.x and 3.x before 3.4.14, 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 does not reject non-ASCII characters in e-mail addresses of new user … | |||
| CVE-2012-0495 | medium | — | 4.0 | 15y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-011… | |||
| CVE-2012-0491 | medium | — | 4.0 | 15y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-011… | |||
| CVE-2012-0490 | medium | — | 4.0 | 15y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors. | |||
| CVE-2012-0489 | medium | — | 4.0 | 15y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-011… | |||
| CVE-2012-0488 | medium | — | 4.0 | 15y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-011… | |||
| CVE-2012-0487 | medium | — | 4.0 | 15y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-011… | |||
| CVE-2012-0485 | medium | — | 4.0 | 15y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CV… | |||
| CVE-2012-0484 | medium | — | 4.0 | 15y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect confidentiality via unknown vectors. | |||
| CVE-2012-0120 | medium | — | 4.0 | 15y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CV… | |||
| CVE-2012-0119 | medium | — | 4.0 | 15y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CV… | |||
| CVE-2012-0115 | medium | — | 4.0 | 15y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CV… | |||
| CVE-2012-0102 | medium | — | 4.0 | 15y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CV… | |||
| CVE-2012-0101 | medium | — | 4.0 | 15y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CV… | |||
| CVE-2012-0089 | medium | — | 4.0 | 15y ago | Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to ePerf… | |||
| CVE-2012-0088 | medium | — | 4.0 | 15y ago | Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 8.9, 9.0, and 9.1 allows remote authenticated users to affect confidentiality via unknown vectors re… | |||
| CVE-2012-0087 | medium | — | 4.0 | 15y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CV… | |||
| CVE-2012-0078 | medium | — | 4.0 | 15y ago | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.2 and 12.1.3 allows remote authenticated users to affect confidentiality, related to REST … | |||
| CVE-2012-0076 | medium | — | 4.0 | 15y ago | Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related … | |||
| CVE-2012-0074 | medium | — | 4.0 | 15y ago | Unspecified vulnerability in the PeopleSoft Enterprise CRM component in Oracle PeopleSoft Products 8.9 allows remote authenticated users to affect integrity via unknown vectors related to Sales. | |||
| CVE-2012-4792 | unknown | — | 2.5 | 2y ago | Microsoft Internet Explorer contains a use-after-free vulnerability that allows a remote attacker to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not p… | |||
| CVE-2012-0754 | unknown | — | 2.5 | 4y ago | Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS). | |||
| CVE-2012-4969 | unknown | — | 2.5 | 4y ago | Microsoft Internet Explorer contains a use-after-free vulnerability that allows remote attackers to execute code via a crafted web site. | |||
| CVE-2012-1889 | unknown | — | 2.5 | 4y ago | Microsoft XML Core Services contains a memory corruption vulnerability which could allow for remote code execution. | |||
| CVE-2012-0391 | unknown | — | 2.5 | 4y ago | The ExceptionDelegator component in Apache Struts 2 before 2.2.3.1 contains an improper input validation vulnerability that allows for remote code execution. | |||
| CVE-2012-5076 | unknown | — | 2.5 | 4y ago | The default Java security properties configuration did not restrict access to the com.sun.org.glassfish.external and com.sun.org.glassfish.gmbal packages. An untrusted Java application or applet coul… | |||
| CVE-2012-1823 | unknown | — | 2.5 | 4y ago | sapi/cgi/cgi_main.c in PHP, when configured as a CGI script, does not properly handle query strings, which allows remote attackers to execute arbitrary code. | |||
| CVE-2012-1535 | unknown | — | 2.5 | 4y ago | Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute arbitrary code or cause a denial of service via crafted SWF content. | |||
| CVE-2012-4681 | unknown | — | 2.5 | 4y ago | The Java Runtime Environment (JRE) component in Oracle Java SE allow for remote code execution. | |||
| CVE-2012-0507 | unknown | — | 2.5 | 4y ago | An incorrect type vulnerability exists in the Concurrency component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code. | |||
| CVE-2012-1723 | unknown | — | 2.5 | 4y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related … | |||
| CVE-2012-3152 | unknown | — | 2.5 | 5y ago | Oracle Fusion Middleware Reports Developer contains an unspecified vulnerability that allows remote attackers to affect confidentiality and integrity of affected systems. | |||
| CVE-2012-0158 | unknown | — | 2.5 | 5y ago | Microsoft MSCOMCTL.OCX contains an unspecified vulnerability that allows for remote code execution, allowing an attacker to take complete control of an affected system under the context of the curren… | |||
| CVE-2012-1854 | unknown | — | 1.5 | 2mo ago | Microsoft Visual Basic for Applications (VBA) contains an insecure library loading vulnerability that could allow for remote code execution. | |||
| CVE-2012-0151 | unknown | — | 1.5 | 4y ago | The Authenticode Signature Verification function in Microsoft Windows (WinVerifyTrust) does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remo… | |||
| CVE-2012-5054 | unknown | — | 1.5 | 4y ago | Adobe Flash Player contains an integer overflow vulnerability that allows remote attackers to execute code via malformed arguments. | |||
| CVE-2012-0767 | unknown | — | 1.5 | 4y ago | Adobe Flash Player contains a XSS vulnerability that allows remote attackers to inject web script or HTML. | |||
| CVE-2012-1710 | unknown | — | 1.5 | 4y ago | Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware allows remote attackers to affect confidentiality, integrity, and availability via Unknown ve… | |||
| CVE-2012-2034 | unknown | — | 1.5 | 4y ago | Adobe Flash Player contains a memory corruption vulnerability that allows for remote code execution or denial-of-service (DoS). | |||
| CVE-2012-2539 | unknown | — | 1.5 | 4y ago | Microsoft Word allows attackers to execute remote code or cause a denial-of-service (DoS) via crafted RTF data. | |||
| CVE-2012-0518 | unknown | — | 1.5 | 4y ago | Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware allows remote attackers to affect integrity via Unknown vectors | |||
| CVE-2012-1856 | unknown | — | 1.5 | 4y ago | The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers syst… | |||
| CVE-2012-10024 | unknown | — | 1.0 | 10mo ago | XBMC version 11.0 contains a path traversal vulnerability in its embedded HTTP server. When accessed via HTTP Basic Authentication, the server fails to properly sanitize URI input, allowing authentic… | |||
| CVE-2012-10026 | unknown | — | 1.0 | 10mo ago | The WordPress plugin Asset-Manager version 2.0 and below contains an unauthenticated arbitrary file upload vulnerability in upload.php. The endpoint fails to properly validate and restrict uploaded f… | |||
| CVE-2012-1592 | unknown | — | 1.0 | 4y ago | Unrestricted Upload of File with Dangerous Type in Apache Struts2 | |||
| CVE-2012-2142 | unknown | — | — | — | The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator. | |||
| CVE-2012-5639 | unknown | — | — | — | LibreOffice and OpenOffice automatically open embedded content | |||
| CVE-2012-3490 | unknown | — | — | — | The (1) my_popenv_impl and (2) my_spawnv functions in src/condor_utils/my_popen.cpp and the (3) systemCommand function in condor_vm-gahp/vmgahp_common.cpp in Condor 7.6.x before 7.6.10 and 7.8.x befo… | |||
| CVE-2012-1572 | unknown | — | — | — | OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space | |||
| CVE-2012-1101 | unknown | — | — | — | systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure). | |||
| CVE-2012-6712 | unknown | — | — | — | In the Linux kernel before 3.4, a buffer overflow occurs in drivers/net/wireless/iwlwifi/iwl-agn-sta.c, which will cause at least memory corruption. | |||
| CVE-2012-0216 | unknown | — | — | — | The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides exa… | |||
| CVE-2012-3442 | unknown | — | — | 4y ago | The (1) django.http.HttpResponseRedirect and (2) django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which… | |||
| CVE-2012-5887 | unknown | — | — | 4y ago | Improper Authentication in Apache Tomcat | |||
| CVE-2012-3353 | unknown | — | — | 4y ago | Apache Sling JCR ContentLoader XmlReader Arbitrary File Load | |||
| CVE-2012-3536 | unknown | — | — | 4y ago | Apache James Hupa Webmail application Cross-site Scripting Vulnerabilities | |||
| CVE-2012-0785 | unknown | — | — | 4y ago | Hash collision attack vulnerability in Jenkins | |||
| CVE-2012-1094 | unknown | — | — | 4y ago | JBoss AS may expose root content if excluded-contexts list is mismatched | |||
| CVE-2012-4441 | unknown | — | — | 4y ago | Jenkins CI Game Plugin allows Cross-Site Scripting (XSS) | |||
| CVE-2012-4438 | unknown | — | — | 4y ago | Jenkins allows Data Insertion and Execution of Code by those with Read and HTTP Access | |||
| CVE-2012-4440 | unknown | — | — | 4y ago | Jenkins Violation Plugin allows Cross-Site Scripting (XSS) | |||
| CVE-2012-4439 | unknown | — | — | 4y ago | Jenkins allows Cross-Site Scripting (XSS) via Crafted URL | |||
| CVE-2012-2945 | unknown | — | — | 4y ago | Hadoop symlink vulnerability |