CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2012

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4101 CVE-2012-0162 119 Exec Code Overflow 2012-05-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft .NET Framework 4 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Buffer Allocation Vulnerability."
4102 CVE-2012-0161 20 Exec Code 2012-05-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
4103 CVE-2012-0160 20 Exec Code 2012-05-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
4104 CVE-2012-0159 399 Exec Code 2012-05-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability."
4105 CVE-2012-0158 94 Exec Code 2012-04-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold and R2; Visual FoxPro 8.0 SP1 and 9.0 SP2; and Visual Basic 6.0 Runtime allow remote attackers to execute arbitrary code via a crafted (a) web site, (b) Office document, or (c) .rtf file that triggers "system state" corruption, as exploited in the wild in April 2012, aka "MSCOMCTL.OCX RCE Vulnerability."
4106 CVE-2012-0157 20 +Priv 2012-03-13 2020-09-28
7.2
None Local Low Not required Complete Complete Complete
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka "PostMessage Function Vulnerability."
4107 CVE-2012-0156 20 DoS 2012-03-13 2020-09-28
4.3
None Remote Medium Not required None None Partial
DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a denial of service (application hang) via a (1) instant message or (2) web site, aka "DirectWrite Application Denial of Service Vulnerability."
4108 CVE-2012-0155 94 Exec Code 2012-02-14 2022-03-01
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Remote Code Execution Vulnerability."
4109 CVE-2012-0154 399 +Priv 2012-02-14 2020-09-28
7.2
None Local Low Not required Complete Complete Complete
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers keyboard layout errors, aka "Keyboard Layout Use After Free Vulnerability."
4110 CVE-2012-0152 20 DoS 2012-03-13 2020-09-28
4.3
None Remote Medium Not required None None Partial
The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial of Service Vulnerability."
4111 CVE-2012-0151 20 Exec Code 2012-04-10 2020-09-28
9.3
None Remote Medium Not required Complete Complete Complete
The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability."
4112 CVE-2012-0150 119 Exec Code Overflow 2012-02-14 2020-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerability."
4113 CVE-2012-0149 20 +Priv 2012-02-14 2019-02-26
7.2
None Local Low Not required Complete Complete Complete
afd.sys in the Ancillary Function Driver in Microsoft Windows Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
4114 CVE-2012-0148 20 +Priv 2012-02-14 2020-09-28
7.2
None Local Low Not required Complete Complete Complete
afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "AfdPoll Elevation of Privilege Vulnerability."
4115 CVE-2012-0147 16 +Info 2012-04-10 2018-10-12
5.0
None Remote Low Not required Partial None None
Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability."
4116 CVE-2012-0146 20 2012-04-10 2018-10-12
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "UAG Blind HTTP Redirect Vulnerability."
4117 CVE-2012-0145 79 XSS 2012-02-14 2018-10-12
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in wizardlist.aspx Vulnerability."
4118 CVE-2012-0144 79 XSS 2012-02-14 2018-10-12
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in themeweb.aspx Vulnerability."
4119 CVE-2012-0143 399 Exec Code Mem. Corr. 2012-05-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2003 SP3 and Office 2008 for Mac do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Memory Corruption Using Various Modified Bytes Vulnerability."
4120 CVE-2012-0142 399 Exec Code Mem. Corr. 2012-05-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel File Format Memory Corruption in OBJECTLINK Record Vulnerability."
4121 CVE-2012-0141 119 Exec Code Overflow Mem. Corr. 2012-05-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel File Format Memory Corruption Vulnerability."
4122 CVE-2012-0138 94 Exec Code Mem. Corr. 2012-02-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0137.
4123 CVE-2012-0137 94 Exec Code Mem. Corr. 2012-02-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0138.
4124 CVE-2012-0136 94 Exec Code Mem. Corr. 2012-02-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0137, and CVE-2012-0138.
4125 CVE-2012-0135 DoS 2012-04-18 2017-08-29
3.5
None Remote Medium ??? None None Partial
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.0 allows remote authenticated users to cause a denial of service via unknown vectors.
4126 CVE-2012-0134 DoS 2012-04-19 2012-08-14
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in HP OpenVMS 7.3-2 on the Alpha platform, 8.3 and 8.4 on the Alpha and IA64 platforms, and 8.3-1h1 on the IA64 platform allows local users to cause a denial of service via unknown vectors.
4127 CVE-2012-0133 Exec Code 2012-04-12 2017-08-29
3.7
None Local High Not required Partial Partial Partial
HP ProCurve 5400 zl switches with certain serial numbers include a compact flash card that contains an unspecified virus, which might allow user-assisted remote attackers to execute arbitrary code on a PC by leveraging manual transfer of this card.
4128 CVE-2012-0132 79 XSS 2012-04-05 2017-08-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 9.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4129 CVE-2012-0131 DoS 2012-04-05 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Distributed Computing Environment (DCE) 1.8 and 1.9 on HP HP-UX B.11.11 and B.11.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
4130 CVE-2012-0130 200 +Info 2012-04-05 2017-08-29
5.0
None Remote Low Not required Partial None None
HP Onboard Administrator (OA) before 3.50 allows remote attackers to obtain sensitive information via unspecified vectors.
4131 CVE-2012-0129 264 Exec Code Bypass 2012-04-05 2017-08-29
7.6
None Remote High Not required Complete Complete Complete
HP Onboard Administrator (OA) before 3.50 allows remote attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors.
4132 CVE-2012-0128 20 2012-04-05 2017-08-29
5.8
None Remote Medium Not required Partial Partial None
HP Onboard Administrator (OA) before 3.50 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
4133 CVE-2012-0127 Exec Code 2012-03-31 2017-12-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Performance Manager 9.00 allows remote attackers to execute arbitrary code via unknown vectors.
4134 CVE-2012-0126 +Info 2012-03-28 2017-12-06
5.8
None Remote Medium Not required Partial Partial None
Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.11 and 11.23 allows remote attackers to obtain access to diagnostic information via unknown vectors, a related issue to CVE-2012-0125.
4135 CVE-2012-0125 +Info 2012-03-28 2017-12-06
3.3
None Local Medium Not required Partial Partial None
Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.31 allows local users to obtain access to diagnostic information via unknown vectors, a related issue to CVE-2012-0126.
4136 CVE-2012-0124 DoS Exec Code 2012-03-14 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors.
4137 CVE-2012-0123 DoS Exec Code 2012-03-14 2018-01-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1498.
4138 CVE-2012-0122 DoS Exec Code 2012-03-14 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1393.
4139 CVE-2012-0121 DoS Exec Code 2012-03-14 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1392.
4140 CVE-2012-0120 2012-01-18 2019-12-17
4.0
None Remote Low ??? None None Partial
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0485, and CVE-2012-0492.
4141 CVE-2012-0119 2012-01-18 2019-12-17
4.0
None Remote Low ??? None None Partial
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.
4142 CVE-2012-0118 2012-01-18 2019-12-17
4.9
None Remote Medium ??? Partial None Partial
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0113.
4143 CVE-2012-0117 2012-01-18 2019-12-17
3.5
None Remote Medium ??? None None Partial
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.
4144 CVE-2012-0116 2012-01-18 2019-12-17
4.9
None Remote Medium ??? Partial Partial None
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
4145 CVE-2012-0115 2012-01-18 2019-12-17
4.0
None Remote Low ??? None None Partial
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.
4146 CVE-2012-0114 2012-01-18 2019-12-17
3.0
None Local Medium ??? Partial Partial None
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows local users to affect confidentiality and integrity via unknown vectors.
4147 CVE-2012-0113 2012-01-18 2019-12-17
5.5
None Remote Low ??? Partial None Partial
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0118.
4148 CVE-2012-0112 2012-01-18 2019-12-17
3.5
None Remote Medium ??? None None Partial
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.
4149 CVE-2012-0111 2012-01-18 2017-09-19
3.6
None Local Low Not required Partial Partial None
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality and integrity via unknown vectors related to Shared Folders.
4150 CVE-2012-0110 2012-01-18 2014-01-14
4.4
None Local Medium Not required Partial Partial Partial
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect confidentiality, integrity, and availability, related to Outside In Image Export SDK.
Total number of vulnerabilities : 5297   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 (This Page)84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.