| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
50901 |
CVE-2012-0441 |
119 |
|
DoS Overflow |
2012-06-05 |
2018-01-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response. |
|
50902 |
CVE-2012-0440 |
352 |
|
CSRF |
2012-02-02 |
2017-08-28 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in jsonrpc.cgi in Bugzilla 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 allows remote attackers to hijack the authentication of arbitrary users for requests that use the JSON-RPC API. |
|
50903 |
CVE-2012-0435 |
|
|
|
2013-01-26 |
2013-01-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
SUSE WebYaST before 1.2 0.2.63-0.6.1 allows remote attackers to modify the hosts list, and subsequently conduct man-in-the-middle attacks, via a crafted /host request on TCP port 4984. |
|
50904 |
CVE-2012-0433 |
200 |
|
+Info |
2018-06-08 |
2019-10-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The install-chef-suse.sh script shipped with crowbar before 2012-10-02 is creating files containing confidential data with insecure permissions, allowing local users to read confidential data. |
|
50905 |
CVE-2012-0430 |
|
|
Bypass |
2012-12-25 |
2013-03-13 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors. |
|
50906 |
CVE-2012-0429 |
|
|
DoS |
2012-12-25 |
2013-03-13 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request. |
|
50907 |
CVE-2012-0428 |
79 |
|
XSS |
2012-12-25 |
2013-03-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
50908 |
CVE-2012-0421 |
200 |
|
+Info |
2012-08-08 |
2012-08-08 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The SUSE Audit Log Keeper daemon before 0.2.1-0.4.6.1 for SUSE Manager and Spacewalk uses world-readable permissions for /etc/auditlog-keeper.conf, which allows local users to obtain passwords by reading this file. |
|
50909 |
CVE-2012-0420 |
|
|
|
2013-12-01 |
2013-12-02 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
zypp-refresh-wrapper in SUSE Zypper before 1.3.20 and 1.6.x before 1.6.166 allows local users to create files in arbitrary directories, or possibly have unspecified other impact, via a pathname in the ZYPP_LOCKFILE_ROOT environment variable. |
|
50910 |
CVE-2012-0419 |
22 |
|
Dir. Trav. |
2012-09-28 |
2013-04-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in the agent HTTP interfaces in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to read arbitrary files via directory traversal sequences in a request. |
|
50911 |
CVE-2012-0414 |
79 |
|
XSS |
2013-12-01 |
2014-03-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Spacewalk service in SUSE Manager 1.2 for SUSE Linux Enterprise (SLE) 11 SP1 allows remote attackers to inject arbitrary web script or HTML via an image name. |
|
50912 |
CVE-2012-0410 |
22 |
|
Dir. Trav. |
2012-07-05 |
2013-04-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in WebAccess in Novell GroupWise before 8.03 allows remote attackers to read arbitrary files via the User.interface parameter. |
|
50913 |
CVE-2012-0407 |
189 |
1
|
DoS Overflow |
2012-04-20 |
2012-08-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Integer overflow in the DPA_Utilities library in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (infinite loop) via a negative 64-bit value in a certain size field. |
|
50914 |
CVE-2012-0404 |
79 |
|
XSS |
2012-03-14 |
2012-03-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in EMC Documentum eRoom before 7.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
50915 |
CVE-2012-0403 |
22 |
|
Dir. Trav. |
2012-03-20 |
2017-12-05 |
6.3 |
None |
Remote |
Medium |
Single system |
Complete |
None |
None |
|
Directory traversal vulnerability in EMC RSA enVision 4.x before 4.1 Patch 4 allows remote authenticated users to have an unspecified impact via unknown vectors. |
|
50916 |
CVE-2012-0401 |
89 |
|
Exec Code Sql |
2012-03-20 |
2017-12-05 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in EMC RSA enVision 4.x before 4.1 Patch 4 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. |
|
50917 |
CVE-2012-0399 |
79 |
|
XSS |
2012-03-20 |
2017-12-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA enVision 4.x before 4.1 Patch 4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
50918 |
CVE-2012-0396 |
264 |
|
|
2012-02-06 |
2017-08-28 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
EMC Documentum xPlore 1.0, 1.1 before P07, and 1.2 does not properly enforce the requirement for BROWSE permission, which allows remote authenticated users to determine the existence of an object, or read object metadata, via a search. |
|
50919 |
CVE-2012-0394 |
94 |
2
|
Exec Code |
2012-01-08 |
2014-02-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself." |
|
50920 |
CVE-2012-0393 |
264 |
1
|
|
2012-01-08 |
2018-11-28 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object. |
|
50921 |
CVE-2012-0390 |
310 |
|
Exec Code |
2012-01-05 |
2014-03-26 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108. |
|
50922 |
CVE-2012-0389 |
79 |
1
|
XSS |
2012-01-24 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in MailEnable Professional, Enterprise, and Premium 4.26 and earlier, 5.x before 5.53, and 6.x before 6.03 allows remote attackers to inject arbitrary web script or HTML via the Username parameter. |
|
50923 |
CVE-2012-0376 |
|
|
DoS |
2012-05-03 |
2012-05-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The voice-sipstack component in Cisco Unified Communications Manager (CUCM) 8.5 allows remote attackers to cause a denial of service (core dump) via vectors involving SIP messages that arrive after an upgrade, aka Bug ID CSCtj87367. |
|
50924 |
CVE-2012-0362 |
264 |
|
Bypass |
2012-05-02 |
2012-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The extended ACL functionality in Cisco IOS 12.2(58)SE2 and 15.0(1)SE discards all lines that end with a log or time keyword, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by sending network traffic, aka Bug ID CSCts01106. |
|
50925 |
CVE-2012-0361 |
264 |
|
DoS |
2012-05-02 |
2012-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The sccp-protocol component in Cisco IP Communicator (CIPC) 7.0 through 8.6 does not limit the rate of SCCP messages to Cisco Unified Communications Manager (CUCM), which allows remote attackers to cause a denial of service via vectors that trigger (1) on hook and (2) off hook messages, as demonstrated by a Plantronics headset, aka Bug ID CSCti40315. |
|
50926 |
CVE-2012-0360 |
399 |
|
DoS |
2014-04-23 |
2014-04-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376. |
|
50927 |
CVE-2012-0340 |
79 |
|
XSS |
2012-02-13 |
2013-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the management interface on the Cisco IronPort Encryption Appliance with software before 6.5.3 allows remote attackers to inject arbitrary web script or HTML via the header parameter to the default URI under admin/, aka bug ID 72410. |
|
50928 |
CVE-2012-0339 |
20 |
|
|
2012-05-02 |
2012-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish TELNET connections from arbitrary source IP addresses via a standard TELNET client, aka Bug ID CSCsi77774. |
|
50929 |
CVE-2012-0338 |
20 |
|
|
2012-05-02 |
2012-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish SSH connections from arbitrary source IP addresses via a standard SSH client, aka Bug ID CSCsv86113. |
|
50930 |
CVE-2012-0337 |
89 |
|
Exec Code Sql |
2012-05-02 |
2012-05-11 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the web component in Cisco Unified MeetingPlace 7.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtx08939. |
|
50931 |
CVE-2012-0335 |
287 |
|
+Info |
2012-05-02 |
2012-11-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 through 8.4 do not properly perform proxy authentication during attempts to cut through a firewall, which allows remote attackers to obtain sensitive information via a connection attempt, aka Bug ID CSCtx42746. |
|
50932 |
CVE-2012-0333 |
287 |
|
|
2012-05-02 |
2012-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768. |
|
50933 |
CVE-2012-0328 |
200 |
|
+Info |
2012-03-19 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Janetter before 3.3.0.0 (aka 3.3.0) allows remote attackers to obtain session information for twitter.com web sites via unspecified vectors. |
|
50934 |
CVE-2012-0327 |
79 |
|
XSS |
2012-04-05 |
2012-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Redmine before 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
50935 |
CVE-2012-0326 |
264 |
|
|
2012-03-17 |
2018-01-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The twicca application 0.7.0 through 0.9.30 for Android does not properly restrict the use of network privileges, which allows remote attackers to read media files on an SD card via a crafted application. |
|
50936 |
CVE-2012-0325 |
79 |
|
XSS |
2012-03-09 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0324. |
|
50937 |
CVE-2012-0324 |
79 |
|
XSS |
2012-03-09 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0325. |
|
50938 |
CVE-2012-0323 |
79 |
|
XSS |
2012-03-09 |
2012-07-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Autocomplete plugin before 3.0 for SquirrelMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
50939 |
CVE-2012-0322 |
264 |
|
|
2012-03-05 |
2014-03-20 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The EStrongs ES File Explorer application 1.6.0.2 through 1.6.1.1 for Android does not properly restrict access, which allows remote attackers to read arbitrary files via vectors involving an unspecified function. |
|
50940 |
CVE-2012-0321 |
|
|
DoS |
2012-03-02 |
2012-03-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the device driver in Kingsoft Internet Security 2011 allows local users to cause a denial of service via a crafted application. |
|
50941 |
CVE-2012-0319 |
94 |
|
Exec Code |
2012-03-02 |
2018-01-17 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
The file-management system in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote authenticated users to execute arbitrary commands by leveraging the file-upload feature, related to an "OS Command Injection" issue. |
|
50942 |
CVE-2012-0318 |
79 |
|
XSS |
2012-03-02 |
2018-01-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to inject arbitrary web script or HTML via vectors involving templates, a different issue than CVE-2012-1262. |
|
50943 |
CVE-2012-0317 |
352 |
|
CSRF |
2012-03-02 |
2018-01-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to hijack the authentication of arbitrary users for requests that modify data via the (1) commenting feature or (2) community script. |
|
50944 |
CVE-2012-0316 |
200 |
|
+Info |
2012-03-01 |
2018-01-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Cookpad 1.5.16 and earlier and Cookpad Noseru 1.1.1 and earlier applications for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. |
|
50945 |
CVE-2012-0314 |
352 |
|
CSRF |
2012-02-02 |
2012-02-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site request forgery (CSRF) vulnerabilities on the eAccess Pocket WiFi (aka GP02) router before 2.00 with firmware 11.203.11.05.168 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) initialize settings or (2) reboot the device. |
|
50946 |
CVE-2012-0313 |
79 |
|
XSS |
2012-01-23 |
2012-01-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in glucose 2 before stage 6.2 allows remote attackers to inject arbitrary web script or HTML via an RSS feed. |
|
50947 |
CVE-2012-0312 |
79 |
|
XSS |
2012-01-26 |
2012-02-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9, and osCommerce Online Merchant before 2.3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
50948 |
CVE-2012-0311 |
79 |
|
XSS |
2012-01-26 |
2012-02-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
50949 |
CVE-2012-0310 |
94 |
|
Http R.Spl. |
2012-01-12 |
2017-08-28 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
CRLF injection vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. |
|
50950 |
CVE-2012-0309 |
79 |
|
XSS |
2012-01-12 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
