| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
51 |
CVE-2012-2511 |
119 |
|
DoS Overflow |
2012-05-15 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The DiagTraceAtoms function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. |
|
52 |
CVE-2012-2488 |
20 |
|
DoS |
2012-05-31 |
2012-08-25 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series devices allows remote attackers to cause a denial of service (packet transmission outage) via a crafted packet, aka Bug IDs CSCty94537 and CSCtz62593. |
|
53 |
CVE-2012-2450 |
|
|
DoS Exec Code |
2012-05-04 |
2017-12-14 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly register SCSI devices, which allows guest OS users to cause a denial of service (invalid write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS. |
|
54 |
CVE-2012-2449 |
119 |
|
DoS Exec Code Overflow |
2012-05-04 |
2017-12-14 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x through 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly configure the virtual floppy device, which allows guest OS users to cause a denial of service (out-of-bounds write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS. |
|
55 |
CVE-2012-2448 |
119 |
|
DoS Exec Code Overflow |
2012-05-04 |
2017-12-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
VMware ESXi 3.5 through 5.0 and ESX 3.5 through 4.1 allow remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via NFS traffic. |
|
56 |
CVE-2012-2436 |
79 |
|
XSS |
2012-05-27 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter in a move or (2) minimize action to admin/admin_index.php; (3) the karma_username parameter to module.php in the karma module; (4) q_1_low, (5) q_1_high, (6) q_2_low, or (7) q_2_high parameter in a configure action to module.php in the captcha module; or (8) the edit parameter to module.php in the admin_language module. |
|
57 |
CVE-2012-2435 |
22 |
|
Dir. Trav. CSRF |
2012-05-27 |
2012-05-29 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in the captcha module in Pligg CMS before 1.2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the captcha parameter to module.php, as demonstrated by cross-site request forgery (CSRF) attacks. |
|
58 |
CVE-2012-2429 |
189 |
|
Exec Code |
2012-05-25 |
2012-05-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The server in xArrow before 3.4.1 performs an invalid read operation, which allows remote attackers to execute arbitrary code via unspecified vectors. |
|
59 |
CVE-2012-2428 |
189 |
|
Exec Code Overflow |
2012-05-25 |
2012-05-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the server in xArrow before 3.4.1 allows remote attackers to execute arbitrary code via a crafted packet that triggers an out-of-bounds read operation. |
|
60 |
CVE-2012-2427 |
119 |
|
Exec Code Overflow |
2012-05-25 |
2012-05-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the server in xArrow before 3.4.1 allows remote attackers to execute arbitrary code via packets that trigger an invalid free operation. |
|
61 |
CVE-2012-2426 |
399 |
|
DoS |
2012-05-25 |
2012-05-28 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The server in xArrow before 3.4.1 does not properly allocate memory, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via unspecified vectors. |
|
62 |
CVE-2012-2411 |
119 |
|
Exec Code Overflow |
2012-05-18 |
2017-08-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted RealJukebox Media file. |
|
63 |
CVE-2012-2406 |
|
|
Exec Code |
2012-05-18 |
2017-08-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, does not properly parse ASMRuleBook data in RealMedia files, which allows remote attackers to execute arbitrary code via a crafted file. |
|
64 |
CVE-2012-2376 |
119 |
1
|
Exec Code Overflow |
2012-05-21 |
2017-08-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012. |
|
65 |
CVE-2012-2374 |
20 |
|
Http R.Spl. |
2012-05-23 |
2012-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input. |
|
66 |
CVE-2012-2369 |
134 |
|
Exec Code |
2012-05-23 |
2018-01-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Format string vulnerability in the log_message_cb function in otr-plugin.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 3.2.1 for Pidgin might allow remote attackers to execute arbitrary code via format string specifiers in data that generates a log message. |
|
67 |
CVE-2012-2352 |
264 |
|
|
2012-05-31 |
2012-08-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in Sympa before 6.1.11 does not check permissions, which allows remote attackers to list, read, and delete arbitrary list archives via vectors related to the (1) do_arc_manage, (2) do_arc_download, or (3) do_arc_delete functions. |
|
68 |
CVE-2012-2341 |
352 |
|
CSRF |
2012-05-18 |
2017-12-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the Take Control module 6.x-2.x before 6.x-2.2 for Drupal allows remote attackers to hijack the authentication of unspecified users for Ajax requests that manipulate files. |
|
69 |
CVE-2012-2340 |
264 |
|
|
2012-05-21 |
2012-06-28 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not specify sufficiently restrictive permissions, which allows remote authenticated users with the "access the site-wide contact form" permission to modify the module settings via unspecified vectors. |
|
70 |
CVE-2012-2339 |
79 |
|
XSS |
2012-05-21 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Glossary module 6.x-1.x before 6.x-1.8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "taxonomy information." |
|
71 |
CVE-2012-2338 |
89 |
|
Exec Code Sql |
2012-05-21 |
2012-05-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in includes/picture.class.php in Galette 0.63, 0.63.1, 0.63.2, 0.63.3, and 0.64rc1 allows remote attackers to execute arbitrary SQL commands via the id_adh parameter to picture.php. |
|
72 |
CVE-2012-2337 |
264 |
|
Bypass |
2012-05-18 |
2018-01-05 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address. |
|
73 |
CVE-2012-2336 |
20 |
|
DoS |
2012-05-11 |
2018-01-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823. |
|
74 |
CVE-2012-2335 |
264 |
|
Exec Code Bypass |
2012-05-11 |
2018-01-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence. |
|
75 |
CVE-2012-2333 |
189 |
|
DoS |
2012-05-14 |
2018-01-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation. |
|
76 |
CVE-2012-2329 |
119 |
|
DoS Overflow |
2012-05-11 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request. |
|
77 |
CVE-2012-2322 |
189 |
|
DoS Overflow |
2012-05-18 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Integer overflow in the dhcpv6_get_option function in gdhcp/client.c in ConnMan before 0.85 allows remote attackers to cause a denial of service (infinite loop and crash) via an invalid length value in a DHCP packet. |
|
78 |
CVE-2012-2321 |
20 |
|
Exec Code |
2012-05-18 |
2017-08-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The loopback plug-in in ConnMan before 0.85 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) host name or (2) domain name in a DHCP reply. |
|
79 |
CVE-2012-2320 |
264 |
|
DoS Bypass |
2012-05-18 |
2017-08-29 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
ConnMan before 0.85 does not ensure that netlink messages originate from the kernel, which allows remote attackers to bypass intended access restrictions and cause a denial of service via a crafted netlink message. |
|
80 |
CVE-2012-2319 |
264 |
|
Overflow +Priv |
2012-05-17 |
2015-05-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple buffer overflows in the hfsplus filesystem implementation in the Linux kernel before 3.3.5 allow local users to gain privileges via a crafted HFS plus filesystem, a related issue to CVE-2009-4020. |
|
81 |
CVE-2012-2311 |
89 |
|
Exec Code Sql |
2012-05-11 |
2018-01-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823. |
|
82 |
CVE-2012-2277 |
119 |
1
|
DoS Overflow |
2012-05-14 |
2017-08-29 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The IRM Server in EMC Documentum Information Rights Management 4.x before 4.7.0100 and 5.x before 5.0.1030 allows remote attackers to cause a denial of service (pvcontrol.exe process hang) via \n (line feed) characters in the Id fields of many "batch begin untethered" commands. |
|
83 |
CVE-2012-2276 |
119 |
1
|
DoS Overflow |
2012-05-14 |
2017-08-29 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The IRM Server in EMC Documentum Information Rights Management 4.x before 4.7.0100 and 5.x before 5.0.1030 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via input data that (1) lacks FIPS fields or (2) has an invalid version number. |
|
84 |
CVE-2012-2271 |
119 |
1
|
Exec Code Overflow |
2012-05-21 |
2017-12-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the InitLicenKeys function in a certain ActiveX control in SkinCrafter3_vs2005.dll in SkinCrafter 3.0 allows remote attackers to execute arbitrary code via a long string in the first argument (aka the reg_name argument). |
|
85 |
CVE-2012-2235 |
79 |
|
XSS |
2012-05-27 |
2012-05-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Support Incident Tracker (SiT!) 3.65 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter to index.php, which is not properly handled in an error message. |
|
86 |
CVE-2012-2217 |
264 |
|
|
2012-05-01 |
2017-12-14 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
The HTC IQRD service for Android on the HTC EVO 4G before 4.67.651.3, EVO Design 4G before 2.12.651.5, Shift 4G before 2.77.651.3, EVO 3D before 2.17.651.5, EVO View 4G before 2.23.651.1, Vivid before 3.26.502.56, and Hero does not restrict localhost access to TCP port 2479, which allows remote attackers to (1) send SMS messages, (2) obtain the Network Access Identifier (NAI) and its password, or trigger (3) popup messages or (4) tones via a crafted application that leverages the android.permission.INTERNET permission. |
|
87 |
CVE-2012-2176 |
119 |
|
Exec Code Overflow |
2012-05-25 |
2017-08-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple stack-based buffer overflows in a certain ActiveX control in qp2.cab in IBM Lotus Quickr 8.2 before 8.2.0.27-002a for Domino allow remote attackers to execute arbitrary code via a long argument to the (1) Attachment_Times or (2) Import_Times method. |
|
88 |
CVE-2012-2162 |
310 |
|
+Info |
2012-05-01 |
2017-08-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password, which allows remote attackers to obtain sensitive information by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack. |
|
89 |
CVE-2012-2123 |
264 |
|
Bypass |
2012-05-17 |
2017-12-29 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The cap_bprm_set_creds function in security/commoncap.c in the Linux kernel before 3.3.3 does not properly handle the use of file system capabilities (aka fcaps) for implementing a privileged executable file, which allows local users to bypass intended personality restrictions via a crafted application, as demonstrated by an attack that uses a parent process to disable ASLR. |
|
90 |
CVE-2012-2121 |
264 |
|
DoS |
2012-05-17 |
2018-01-05 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The KVM implementation in the Linux kernel before 3.3.4 does not properly manage the relationships between memory slots and the iommu, which allows guest OS users to cause a denial of service (memory leak and host OS crash) by leveraging administrative access to the guest OS to conduct hotunplug and hotplug operations on devices. |
|
91 |
CVE-2012-2120 |
264 |
|
|
2012-05-18 |
2012-05-21 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
latex2man in texlive-extra-utils 2011.20120322, and possibly other versions or packages, when used with the H or T option, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. |
|
92 |
CVE-2012-2118 |
20 |
|
DoS Exec Code |
2012-05-18 |
2017-08-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Format string vulnerability in the LogVHdrMessageVerb function in os/log.c in X.Org X11 1.11 allows attackers to cause a denial of service or possibly execute arbitrary code via format string specifiers in an input device name. |
|
93 |
CVE-2012-2093 |
59 |
|
|
2012-05-18 |
2017-08-29 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
src/common/latex.py in Gajim 0.15 allows local users to overwrite arbitrary files via a symlink attack on a temporary latex file, related to the get_tmpfile_name function. |
|
94 |
CVE-2012-2042 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-05-24 |
2012-09-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0780, CVE-2012-2023, CVE-2012-2024, CVE-2012-2025, and CVE-2012-2026. |
|
95 |
CVE-2012-2033 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-05-09 |
2017-11-22 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Adobe Shockwave Player before 11.6.5.635 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2029, CVE-2012-2030, CVE-2012-2031, and CVE-2012-2032. |
|
96 |
CVE-2012-2032 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-05-09 |
2017-11-22 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Adobe Shockwave Player before 11.6.5.635 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2029, CVE-2012-2030, CVE-2012-2031, and CVE-2012-2033. |
|
97 |
CVE-2012-2031 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-05-09 |
2017-11-22 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Adobe Shockwave Player before 11.6.5.635 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2029, CVE-2012-2030, CVE-2012-2032, and CVE-2012-2033. |
|
98 |
CVE-2012-2030 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-05-09 |
2017-11-22 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Adobe Shockwave Player before 11.6.5.635 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2029, CVE-2012-2031, CVE-2012-2032, and CVE-2012-2033. |
|
99 |
CVE-2012-2029 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-05-09 |
2017-11-22 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Adobe Shockwave Player before 11.6.5.635 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2030, CVE-2012-2031, CVE-2012-2032, and CVE-2012-2033. |
|
100 |
CVE-2012-2028 |
119 |
|
Exec Code Overflow |
2012-05-09 |
2017-11-22 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via unspecified vectors. |
