The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2012-1316 | Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks | MEDIUM | Jan 15, 2020 |
| CVE-2012-1301 | The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the url parameter. | High | Apr 21, 2017 |
| CVE-2012-1261 | Cross-site scripting (XSS) vulnerability in cgi-bin/scrut_fa_exclusions.cgi in Plixer International Scrutinizer NetFlow and sFlow Analyzer 8.6.2.16204 and other versions before 9.0.1.19899 allows remote attackers to inject arbitrary web script or HTML via the standalone parameter. | MEDIUM | Jan 14, 2020 |
| CVE-2012-1260 | Cross-site scripting (XSS) vulnerability in cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allows remote attackers to inject arbitrary web script or HTML via the newUser parameter. NOTE: this might not be a vulnerability, since an administrator might already have the privileges to create arbitrary script. | MEDIUM | Jan 9, 2020 |
| CVE-2012-1259 | Multiple SQL injection vulnerabilities in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allow remote attackers to execute arbitrary SQL commands via the (1) addip parameter to cgi-bin/scrut_fa_exclusions.cgi, (2) getPermissionsAndPreferences parameter to cgi-bin/login.cgi, or (3) possibly certain parameters to d4d/alarms.php as demonstrated by the search_str parameter. | HIGH | Jan 9, 2020 |
| CVE-2012-1258 | cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer before 9.0.1.19899 does not validate user permissions, which allow remote attackers to add user accounts with administrator privileges via the newuser, pwd, and selectedUserGroup parameters. | MEDIUM | Jan 9, 2020 |
| CVE-2012-1257 | Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session monitor. | LOW | Nov 21, 2019 |
| CVE-2012-1187 | Bitlbee does not drop extra group privileges correctly in unix.c | HIGH | Oct 31, 2019 |
| CVE-2012-1170 | Moodle before 2.2.2 has an external enrolment plugin context check issue where capability checks are not thorough | MEDIUM | Nov 14, 2019 |
| CVE-2012-1169 | Moodle before 2.2.2 has Personal information disclosure, when administrative setting users name display is set to first name only full names are shown in page breadcrumbs. | MEDIUM | Nov 14, 2019 |
| CVE-2012-1168 | Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified. | MEDIUM | Nov 14, 2019 |
| CVE-2012-1161 | Moodle before 2.2.2: Course information leak via hidden courses being displayed in tag search results | MEDIUM | Nov 14, 2019 |
| CVE-2012-1160 | Moodle before 2.2.2 has a permission issue in Forum Subscriptions where unenrolled users can subscribe/unsubscribe via mod/forum/index.php | MEDIUM | Nov 14, 2019 |
| CVE-2012-1159 | Moodle before 2.2.2: Overview report allows users to see hidden courses | MEDIUM | Nov 14, 2019 |
| CVE-2012-1158 | Moodle before 2.2.2 has a course information leak in gradebook where users are able to see hidden grade items in export | MEDIUM | Nov 14, 2019 |
| CVE-2012-1157 | Moodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default | MEDIUM | Nov 14, 2019 |
| CVE-2012-1156 | Moodle before 2.2.2 has users\' private files included in course backups | MEDIUM | Nov 14, 2019 |
| CVE-2012-1155 | Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to | MEDIUM | Nov 14, 2019 |
| CVE-2012-1148 | Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities. | Medium | Jul 4, 2012 |
| CVE-2012-1147 | readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files. | Medium | Jul 4, 2012 |
| CVE-2012-1124 | SQL injection vulnerability in search.php in phxEventManager 2.0 beta 5 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter. | HIGH | Feb 13, 2020 |
| CVE-2012-1115 | A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php. | MEDIUM | Dec 9, 2019 |
| CVE-2012-1114 | A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php. | MEDIUM | Dec 12, 2019 |
| CVE-2012-1109 | mwlib 0.13 through 0.13.4 has a denial of service vulnerability when parsing #iferror magic functions | MEDIUM | Nov 14, 2019 |
| CVE-2012-1105 | An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner. | LOW | Dec 6, 2019 |
| CVE-2012-1104 | A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed. | MEDIUM | Dec 6, 2019 |
| CVE-2012-1102 | It was discovered that the XML::Atom Perl module before version 0.39 did not disable external entities when parsing XML from potentially untrusted sources. This may allow attackers to gain read access to otherwise protected resources, depending on how the library is used. | MEDIUM | Jul 9, 2021 |
| CVE-2012-1101 | systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure). | LOW | Mar 11, 2020 |
| CVE-2012-1096 | NetworkManager 0.9 and earlier allows local users to use other users\' certificates or private keys when making a connection via the file path when adding a new connection. | MEDIUM | Mar 10, 2020 |
| CVE-2012-1094 | JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed. | MEDIUM | Mar 10, 2020 |
| CVE-2012-1093 | The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package installation. | MEDIUM | Feb 21, 2020 |
| CVE-2012-1092 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-1410. Reason: This candidate is a reservation duplicate of CVE-2012-1410. Notes: All CVE users should reference CVE-2012-1410 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 |
| CVE-2012-1091 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-1410. Reason: This candidate is a reservation duplicate of CVE-2012-1410. Notes: All CVE users should reference CVE-2012-1410 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 |
| CVE-2012-1001 | Multiple cross-site scripting (XSS) vulnerabilities in Chyrp before 2.1.2 and before 2.5 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) content parameter to includes/ajax.php or (2) body parameter to includes/error.php. | MEDIUM | Nov 22, 2019 |
| CVE-2012-0972 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none | -- | Nov 7, 2023 |
| CVE-2012-0971 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none | -- | Nov 7, 2023 |
| CVE-2012-0970 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none | -- | Nov 7, 2023 |
| CVE-2012-0969 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none | -- | Nov 7, 2023 |
| CVE-2012-0968 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none | -- | Nov 7, 2023 |
| CVE-2012-0967 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none | -- | Nov 7, 2023 |
| CVE-2012-0966 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none | -- | Nov 7, 2023 |
| CVE-2012-0965 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none | -- | Nov 7, 2023 |
| CVE-2012-0964 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none | -- | Nov 7, 2023 |
| CVE-2012-0963 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none | -- | Nov 7, 2023 |
| CVE-2012-0955 | software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS certificate validation in softwareproperties/ppa.py. software-properties didn\'t check TLS certificates under python2 and only checked certificates under python3 if a valid certificate bundle was provided. Fixed in software-properties version 0.92. | MEDIUM | Dec 2, 2020 |
| CVE-2012-0953 | A race condition was discovered in the Linux drivers for Nvidia graphics which allowed an attacker to exfiltrate kernel memory to userspace. This issue was fixed in version 295.53. | MEDIUM | May 8, 2020 |
| CVE-2012-0952 | A heap buffer overflow was discovered in the device control ioctl in the Linux driver for Nvidia graphics cards, which may allow an attacker to overflow 49 bytes. This issue was fixed in version 295.53. | MEDIUM | May 8, 2020 |
| CVE-2012-0951 | A Memory Corruption Vulnerability exists in NVIDIA Graphics Drivers 29549 due to an unknown function in the file proc/driver/nvidia/registry. | MEDIUM | Feb 12, 2020 |
| CVE-2012-0945 | whoopsie-daisy before 0.1.26: Root user can remove arbitrary files | MEDIUM | Jan 15, 2020 |
| CVE-2012-0941 | Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiGate UTM WAF appliances with FortiOS 4.3.x before 4.3.6 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Endpoint Monitor, (2) Dialup List, or (3) Log&Report Display modules, or the fields_sorted_opt parameter to (4) user/auth/list or (5) endpointcompliance/app_detect/predefined_sig_list. | MEDIUM | Feb 9, 2018 |
