| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
11351 |
CVE-2012-0538 |
|
|
|
2012-05-03 |
2017-12-06 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Search. |
|
11352 |
CVE-2012-0535 |
|
|
|
2012-05-03 |
2017-12-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors related to Change Password Page. |
|
11353 |
CVE-2012-0532 |
|
|
|
2012-05-03 |
2017-12-06 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
Unspecified vulnerability in the Identity Manager component in Oracle Fusion Middleware 11.1.1.3 and 11.1.1.5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to User Config Management. |
|
11354 |
CVE-2012-0528 |
|
|
|
2012-05-03 |
2013-10-10 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, and 11.1.0.7, and Oracle Enterprise Manager Grid Control, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security Framework. |
|
11355 |
CVE-2012-0517 |
|
|
|
2012-05-03 |
2017-12-06 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to eCompensation Manager Desktop. |
|
11356 |
CVE-2012-0512 |
|
|
|
2012-05-03 |
2013-10-10 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 11.1.0.7 and 11.2.0.2 and Oracle Enterprise Manager Grid Control allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Enterprise Config Management. |
|
11357 |
CVE-2012-0501 |
|
|
|
2012-02-15 |
2018-01-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors. |
|
11358 |
CVE-2012-0486 |
|
|
|
2012-01-18 |
2018-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495. |
|
11359 |
CVE-2012-0473 |
189 |
|
+Info |
2012-04-25 |
2017-12-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 calls the FindMaxElementInSubArray function with incorrect template arguments, which allows remote attackers to obtain sensitive information from video memory via a crafted WebGL.drawElements call. |
|
11360 |
CVE-2012-0456 |
200 |
|
+Info |
2012-03-14 |
2018-01-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to obtain sensitive information from process memory via vectors that trigger an out-of-bounds read. |
|
11361 |
CVE-2012-0453 |
352 |
|
CSRF |
2012-02-24 |
2018-01-10 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in xmlrpc.cgi in Bugzilla 4.0.2 through 4.0.4 and 4.1.1 through 4.2rc2, when mod_perl is used, allows remote attackers to hijack the authentication of arbitrary users for requests that modify the product's installation via the XML-RPC API. |
|
11362 |
CVE-2012-0447 |
200 |
|
+Info |
2012-02-01 |
2017-09-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image. |
|
11363 |
CVE-2012-0445 |
264 |
|
Bypass |
2012-02-01 |
2017-09-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to bypass the HTML5 frame-navigation policy and replace arbitrary sub-frames by creating a form submission target with a sub-frame's name attribute. |
|
11364 |
CVE-2012-0441 |
119 |
|
DoS Overflow |
2012-06-05 |
2018-01-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response. |
|
11365 |
CVE-2012-0440 |
352 |
|
CSRF |
2012-02-02 |
2017-08-28 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in jsonrpc.cgi in Bugzilla 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 allows remote attackers to hijack the authentication of arbitrary users for requests that use the JSON-RPC API. |
|
11366 |
CVE-2012-0435 |
|
|
|
2013-01-26 |
2013-01-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
SUSE WebYaST before 1.2 0.2.63-0.6.1 allows remote attackers to modify the hosts list, and subsequently conduct man-in-the-middle attacks, via a crafted /host request on TCP port 4984. |
|
11367 |
CVE-2012-0419 |
22 |
|
Dir. Trav. |
2012-09-28 |
2013-04-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in the agent HTTP interfaces in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to read arbitrary files via directory traversal sequences in a request. |
|
11368 |
CVE-2012-0410 |
22 |
|
Dir. Trav. |
2012-07-05 |
2013-04-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in WebAccess in Novell GroupWise before 8.03 allows remote attackers to read arbitrary files via the User.interface parameter. |
|
11369 |
CVE-2012-0407 |
189 |
1
|
DoS Overflow |
2012-04-20 |
2012-08-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Integer overflow in the DPA_Utilities library in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (infinite loop) via a negative 64-bit value in a certain size field. |
|
11370 |
CVE-2012-0376 |
|
|
DoS |
2012-05-03 |
2012-05-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The voice-sipstack component in Cisco Unified Communications Manager (CUCM) 8.5 allows remote attackers to cause a denial of service (core dump) via vectors involving SIP messages that arrive after an upgrade, aka Bug ID CSCtj87367. |
|
11371 |
CVE-2012-0361 |
264 |
|
DoS |
2012-05-02 |
2012-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The sccp-protocol component in Cisco IP Communicator (CIPC) 7.0 through 8.6 does not limit the rate of SCCP messages to Cisco Unified Communications Manager (CUCM), which allows remote attackers to cause a denial of service via vectors that trigger (1) on hook and (2) off hook messages, as demonstrated by a Plantronics headset, aka Bug ID CSCti40315. |
|
11372 |
CVE-2012-0360 |
399 |
|
DoS |
2014-04-23 |
2014-04-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376. |
|
11373 |
CVE-2012-0339 |
20 |
|
|
2012-05-02 |
2012-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish TELNET connections from arbitrary source IP addresses via a standard TELNET client, aka Bug ID CSCsi77774. |
|
11374 |
CVE-2012-0338 |
20 |
|
|
2012-05-02 |
2012-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish SSH connections from arbitrary source IP addresses via a standard SSH client, aka Bug ID CSCsv86113. |
|
11375 |
CVE-2012-0335 |
287 |
|
+Info |
2012-05-02 |
2012-11-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 through 8.4 do not properly perform proxy authentication during attempts to cut through a firewall, which allows remote attackers to obtain sensitive information via a connection attempt, aka Bug ID CSCtx42746. |
|
11376 |
CVE-2012-0333 |
287 |
|
|
2012-05-02 |
2012-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768. |
|
11377 |
CVE-2012-0328 |
200 |
|
+Info |
2012-03-19 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Janetter before 3.3.0.0 (aka 3.3.0) allows remote attackers to obtain session information for twitter.com web sites via unspecified vectors. |
|
11378 |
CVE-2012-0326 |
264 |
|
|
2012-03-17 |
2018-01-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The twicca application 0.7.0 through 0.9.30 for Android does not properly restrict the use of network privileges, which allows remote attackers to read media files on an SD card via a crafted application. |
|
11379 |
CVE-2012-0316 |
200 |
|
+Info |
2012-03-01 |
2018-01-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Cookpad 1.5.16 and earlier and Cookpad Noseru 1.1.1 and earlier applications for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. |
|
11380 |
CVE-2012-0310 |
94 |
|
Http R.Spl. |
2012-01-12 |
2017-08-28 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
CRLF injection vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. |
|
11381 |
CVE-2012-0301 |
287 |
|
|
2012-07-05 |
2012-07-06 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Session fixation vulnerability in Brightmail Control Center in Symantec Message Filter 6.3 allows remote attackers to hijack web sessions via unspecified vectors. |
|
11382 |
CVE-2012-0294 |
22 |
|
Dir. Trav. |
2012-05-23 |
2012-10-29 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Directory traversal vulnerability in the Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to delete files via unspecified vectors. |
|
11383 |
CVE-2012-0292 |
20 |
1
|
DoS |
2012-03-07 |
2018-01-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The awhost32 service in Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) allows remote attackers to cause a denial of service (daemon crash) via a crafted TCP session on port 5631. |
|
11384 |
CVE-2012-0291 |
20 |
|
DoS |
2012-02-22 |
2018-01-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) allow remote attackers to cause a denial of service (application crash or hang) via (1) malformed data from a client, (2) malformed data from a server, or (3) an invalid response. |
|
11385 |
CVE-2012-0268 |
189 |
|
Exec Code Overflow |
2012-01-19 |
2012-01-23 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafted JPG image that triggers a heap-based buffer overflow. |
|
11386 |
CVE-2012-0260 |
399 |
|
DoS |
2012-06-05 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers. |
|
11387 |
CVE-2012-0256 |
119 |
|
DoS Overflow |
2012-03-26 |
2013-03-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header. |
|
11388 |
CVE-2012-0255 |
119 |
|
DoS Overflow |
2012-04-05 |
2018-01-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a message associated with a malformed Four-octet AS Number Capability (aka AS4 capability). |
|
11389 |
CVE-2012-0241 |
119 |
|
DoS Overflow Mem. Corr. |
2012-02-21 |
2018-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory corruption) via a modified stream identifier to a function. |
|
11390 |
CVE-2012-0239 |
287 |
|
|
2012-02-21 |
2018-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to modify an administrative password via a password-change request. |
|
11391 |
CVE-2012-0236 |
200 |
|
+Info |
2012-02-21 |
2018-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Advantech/BroadWin WebAccess 7.0 and earlier allows remote attackers to obtain sensitive information via a direct request to a URL. NOTE: the vendor reportedly "does not consider it to be a security risk." |
|
11392 |
CVE-2012-0222 |
119 |
|
DoS Overflow |
2012-04-02 |
2012-04-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The FactoryTalk (FT) RNADiagReceiver service in Rockwell Automation Allen-Bradley FactoryTalk CPR9 through SR5 and RSLogix 5000 17 through 20 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted packet. |
|
11393 |
CVE-2012-0221 |
20 |
|
DoS |
2012-04-02 |
2012-04-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The FactoryTalk (FT) RNADiagReceiver service in Rockwell Automation Allen-Bradley FactoryTalk CPR9 through SR5 and RSLogix 5000 17 through 20 does not properly handle the return value from an unspecified function, which allows remote attackers to cause a denial of service (service outage) via a crafted packet. |
|
11394 |
CVE-2012-0215 |
264 |
|
|
2012-07-12 |
2012-08-09 |
5.5 |
None |
Remote |
Low |
Single system |
None |
Partial |
Partial |
|
model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a (1) create, (2) write, (3) delete, or (4) copy rpc call. |
|
11395 |
CVE-2012-0213 |
399 |
|
DoS |
2012-08-07 |
2017-02-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document. |
|
11396 |
CVE-2012-0206 |
399 |
|
DoS |
2012-02-17 |
2016-11-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
common_startup.cc in PowerDNS (aka pdns) Authoritative Server before 2.9.22.5 and 3.x before 3.0.1 allows remote attackers to cause a denial of service (packet loop) via a crafted UDP DNS response. |
|
11397 |
CVE-2012-0193 |
20 |
|
DoS |
2012-01-19 |
2012-01-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.43, 6.1 before 6.1.0.43, 7.0 before 7.0.0.23, and 8.0 before 8.0.0.3 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. |
|
11398 |
CVE-2012-0191 |
264 |
|
|
2012-06-22 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The web container in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack does not properly perform access control for requests, which allows remote attackers to spoof a localhost request origin via crafted headers. |
|
11399 |
CVE-2012-0164 |
|
|
DoS |
2012-05-08 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft .NET Framework 4 does not properly compare index values, which allows remote attackers to cause a denial of service (application hang) via crafted requests to a Windows Presentation Foundation (WPF) application, aka ".NET Framework Index Comparison Vulnerability." |
|
11400 |
CVE-2012-0147 |
16 |
|
+Info |
2012-04-10 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability." |
