CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2012

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
801 CVE-2012-4565 189 DoS 2012-12-21 2013-08-22
4.7
None Local Medium Not required None None Complete
The tcp_illinois_info function in net/ipv4/tcp_illinois.c in the Linux kernel before 3.4.19, when the net.ipv4.tcp_congestion_control illinois setting is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) by reading TCP stats.
802 CVE-2012-4564 DoS Exec Code Overflow 2012-11-11 2020-11-12
6.8
None Remote Medium Not required Partial Partial Partial
ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow.
803 CVE-2012-4563 79 XSS 2012-11-20 2013-03-02
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Google Web Toolkit (GWT) 2.4 Beta and release candidates before 2.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
804 CVE-2012-4562 189 DoS Exec Code Overflow 2012-11-30 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple integer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (infinite loop or crash) and possibly execute arbitrary code via unspecified vectors, which triggers a buffer overflow, infinite loop, or possibly some other unspecified vulnerabilities.
805 CVE-2012-4561 DoS 2012-11-30 2017-08-29
5.0
None Remote Low Not required None None Partial
The (1) publickey_make_dss, (2) publickey_make_rsa, (3) signature_from_string, (4) ssh_do_sign, and (5) ssh_sign_session_id functions in keys.c in libssh before 0.5.3 free "an invalid pointer on an error path," which might allow remote attackers to cause a denial of service (crash) via unspecified vectors.
806 CVE-2012-4560 119 DoS Exec Code Overflow 2012-11-30 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors.
807 CVE-2012-4559 399 DoS Exec Code 2012-11-30 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple double free vulnerabilities in the (1) agent_sign_data function in agent.c, (2) channel_request function in channels.c, (3) ssh_userauth_pubkey function in auth.c, (4) sftp_parse_attr_3 function in sftp.c, and (5) try_publickey_from_file function in keyfiles.c in libssh before 0.5.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
808 CVE-2012-4557 399 DoS 2012-11-30 2021-06-06
5.0
None Remote Low Not required None None Partial
The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
809 CVE-2012-4554 264 2012-11-11 2012-11-12
5.0
None Remote Low Not required Partial None None
The OpenID module in Drupal 7.x before 7.16 allows remote OpenID servers to read arbitrary files via a crafted DOCTYPE declaration in an XRDS file.
810 CVE-2012-4553 264 Exec Code +Info 2012-11-11 2012-11-12
6.8
None Remote Medium Not required Partial Partial Partial
Drupal 7.x before 7.16 allows remote attackers to obtain sensitive information and possibly re-install Drupal and execute arbitrary PHP code via an external database server, related to "transient conditions."
811 CVE-2012-4552 119 Exec Code Overflow 2012-11-18 2013-06-26
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the error function in ssg/ssgParser.cxx in PLIB 1.8.5 allows remote attackers to execute arbitrary code via a crafted 3d model file that triggers a long error message, as demonstrated by a .ase file.
812 CVE-2012-4551 399 DoS Exec Code Mem. Corr. 2012-11-30 2012-12-03
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in libunity-webapps before 2.4.1 allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted web site, related to "certain hash tables."
813 CVE-2012-4548 Exec Code 2012-11-11 2017-08-29
6.0
None Remote Medium ??? Partial Partial Partial
Argument injection vulnerability in syntax-highlighting.sh in cgit 9.0.3 and earlier allows remote authenticated users with permissions to add files to execute arbitrary commands via the --plug-in argument to the highlight command.
814 CVE-2012-4547 79 XSS 2012-10-31 2017-08-29
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in awredir.pl in AWStats before 7.1 has unknown impact and attack vectors.
815 CVE-2012-4544 20 DoS 2012-10-31 2017-08-29
2.1
None Local Low Not required None None Partial
The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk.
816 CVE-2012-4541 79 XSS 2012-11-19 2019-11-21
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Piwik before 1.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
817 CVE-2012-4540 189 DoS Exec Code Overflow +Info 2012-11-11 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1 allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly execute arbitrary code via a crafted webpage that triggers a heap-based buffer overflow, related to an error message and a "triggering event attached to applet." NOTE: the 1.4.x versions were originally associated with CVE-2013-4349, but that entry has been MERGED with this one.
818 CVE-2012-4539 399 DoS 2012-11-21 2017-08-29
2.1
None Local Low Not required None None Partial
Xen 4.0 through 4.2, when running 32-bit x86 PV guests on 64-bit hypervisors, allows local guest OS administrators to cause a denial of service (infinite loop and hang or crash) via invalid arguments to GNTTABOP_get_status_frames, aka "Grant table hypercall infinite loop DoS vulnerability."
819 CVE-2012-4538 20 DoS 2012-11-24 2017-08-29
4.9
None Local Low Not required None None Complete
The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not properly check the pagetable state when running on shadow pagetables, which allows a local HVM guest OS to cause a denial of service (hypervisor crash) via unspecified vectors.
820 CVE-2012-4537 16 DoS 2012-11-21 2017-08-29
2.1
None Local Low Not required None None Partial
Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchronize the p2m and m2p tables when the set_p2m_entry function fails, which allows local HVM guest OS administrators to cause a denial of service (memory consumption and assertion failure), aka "Memory mapping failure DoS vulnerability."
821 CVE-2012-4536 DoS 2012-11-21 2017-08-29
2.1
None Local Low Not required None None Partial
The (1) domain_pirq_to_emuirq and (2) physdev_unmap_pirq functions in Xen 2.2 allows local guest OS administrators to cause a denial of service (Xen crash) via a crafted pirq value that triggers an out-of-bounds read.
822 CVE-2012-4535 399 DoS 2012-11-21 2017-08-29
1.9
None Local Medium Not required None None Partial
Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS administrators to cause a denial of service (Xen infinite loop and physical CPU consumption) by setting a VCPU with an "inappropriate deadline."
823 CVE-2012-4534 399 DoS 2012-12-19 2017-09-19
2.6
None Remote High Not required None None Partial
org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
824 CVE-2012-4533 79 XSS 2012-11-19 2018-12-04
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated users with repository commit access to inject arbitrary web script or HTML via the "function name" line.
825 CVE-2012-4532 79 XSS 2012-10-31 2012-11-01
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in modules/mod_languages/tmpl/default.php in the Language Switcher module for Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. NOTE: some of these details are obtained from third party information.
826 CVE-2012-4531 79 XSS 2012-10-31 2017-08-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
827 CVE-2012-4528 Bypass 2012-12-28 2021-02-12
5.0
None Remote Low Not required None Partial None
The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
828 CVE-2012-4527 119 DoS Exec Code Overflow 2012-11-21 2016-12-08
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long file name. NOTE: it is not clear whether this is a vulnerability.
829 CVE-2012-4523 264 Bypass 2012-11-20 2013-01-30
6.4
None Remote Low Not required Partial Partial None
radsecproxy before 1.6.1 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients.
830 CVE-2012-4522 264 2012-11-24 2013-05-04
5.0
None Remote Low Not required None Partial None
The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path.
831 CVE-2012-4520 20 2012-11-18 2013-05-04
6.4
None Remote Low Not required Partial Partial None
The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values.
832 CVE-2012-4518 264 2012-10-22 2013-03-08
3.6
None Local Low Not required None Partial Partial
ibacm 1.0.7 creates files with world-writable permissions, which allows local users to overwrite the ib_acm daemon log or ibacm.port file.
833 CVE-2012-4517 399 DoS 2012-10-22 2017-08-29
5.0
None Remote Low Not required None None Partial
ibacm before 1.0.6 does not properly manage reference counts for multicast connections, which allows remote attackers to cause a denial of service (ibacm service crash) via a crafted join response.
834 CVE-2012-4516 2012-10-22 2012-11-08
5.8
None Remote Medium Not required Partial Partial None
librdmacm 1.0.16, when ibacm.port is not specified, connects to port 6125, which allows remote attackers to specify the address resolution information for the application via a malicious ib_acm service.
835 CVE-2012-4515 399 DoS Exec Code 2012-11-11 2012-11-12
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by accessing an iframe when it is being updated.
836 CVE-2012-4514 DoS 2012-11-11 2012-11-12
5.0
None Remote Low Not required None None Partial
rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted web page, related to "trying to reuse a frame with a null part."
837 CVE-2012-4513 119 DoS Overflow 2012-11-11 2012-11-12
6.4
None Remote Low Not required Partial None Partial
khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large canvas dimensions, which leads to an unexpected sign extension and a heap-based buffer over-read.
838 CVE-2012-4511 200 +Info 2012-10-22 2017-01-05
5.8
None Remote Medium Not required Partial Partial None
services/flickr/flickr.c in libsocialweb before 0.25.21 automatically connects to Flickr when no Flickr account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle (MITM) attack.
839 CVE-2012-4510 264 2012-11-20 2013-12-05
5.8
None Remote Medium Not required Partial Partial None
cups-pk-helper before 0.2.3 does not properly wrap the (1) cupsGetFile and (2) cupsPutFile function calls, which allows user-assisted remote attackers to read or overwrite sensitive files using CUPS resources.
840 CVE-2012-4508 362 +Info 2012-12-21 2014-01-08
1.9
None Local Medium Not required Partial None None
Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from a deleted file by reading an extent that was not properly marked as uninitialized.
841 CVE-2012-4507 DoS 2012-10-22 2013-03-01
5.0
None Remote Low Not required None None Partial
The strchr function in procmime.c in Claws Mail (aka claws-mail) 3.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted email.
842 CVE-2012-4506 22 Dir. Trav. 2012-10-22 2019-09-09
4.6
None Remote High ??? Partial Partial Partial
Directory traversal vulnerability in gitolite 3.x before 3.1, when wild card repositories and a pattern matching "../" are enabled, allows remote authenticated users to create arbitrary repositories and possibly perform other actions via a .. (dot dot) in a repository name.
843 CVE-2012-4505 119 Overflow 2012-11-11 2018-08-13
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the px_pac_reload function in lib/pac.c in libproxy 0.2.x and 0.3.x allows remote servers to have an unspecified impact via a crafted Content-Length size in an HTTP response header for a proxy.pac file request, a different vulnerability than CVE-2012-4504.
844 CVE-2012-4504 119 Overflow 2012-11-11 2018-08-13
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the url::get_pac function in url.cpp in libproxy 0.4.x before 0.4.9 allows remote servers to have an unspecified impact via a large proxy.pac file.
845 CVE-2012-4501 264 2012-10-26 2012-10-26
10.0
None Remote Low Not required Complete Complete Complete
Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
846 CVE-2012-4500 264 Bypass 2012-10-31 2013-03-02
3.5
None Remote Medium ??? None Partial None
The Announcements module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the "access announcements" permission to bypass node access restrictions and possibly have other unspecified impact.
847 CVE-2012-4499 264 2012-10-31 2012-11-01
5.0
None Remote Low Not required None Partial None
The contact formatter page in the Email Field module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to email the stored address in the entity via unspecified vectors.
848 CVE-2012-4498 264 Bypass 2012-11-02 2012-11-06
7.5
None Remote Low Not required Partial Partial Partial
The Activism module 6.x-2.x before 6.x-2.1 for Drupal does not properly restrict access to the "Campaign" content type, which might allow remote attackers to bypass access restrictions and possibly have other unspecified impact.
849 CVE-2012-4497 79 XSS 2012-11-02 2017-11-29
2.1
None Remote High ??? None Partial None
Cross-site scripting (XSS) vulnerability in the "3 slide gallery" in the Elegant Theme module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via a slide URL.
850 CVE-2012-4496 79 XSS 2012-10-31 2017-11-30
2.1
None Remote High ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Custom Publishing Options module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer nodes" permission to inject arbitrary web script or HTML via the status labels parameter.
Total number of vulnerabilities : 5297   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 (This Page)18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.