The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2012-2254 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2012-2248 | An issue was discovered in dhclient 4.3.1-6 due to an embedded path variable. | HIGH | Nov 27, 2019 | n/a |
| CVE-2012-2245 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2012-2238 | trytond 2.4: ModelView.button fails to validate authorization | MEDIUM | Nov 22, 2019 | n/a |
| CVE-2012-2237 | Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript innerHTML as used when generating login forms, (2) links or (3) resources URLs, and (4) the Display name in a user profile. | MEDIUM | Dec 21, 2019 | n/a |
| CVE-2012-2226 | Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file. | HIGH | Jan 14, 2020 | n/a |
| CVE-2012-2216 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6720 and CVE-2012-6721. Reason: this candidate was intended for one issue, but the description and references inadvertently combined multiple issues. Notes: All CVE users should consult CVE-2012-6720 and CVE-2012-6721 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 | n/a |
| CVE-2012-2204 | InfoSphere Guardium aix_ktap module: DoS | MEDIUM | Feb 11, 2020 | n/a |
| CVE-2012-2201 | IBM WebSphere MQ 7.1 is vulnerable to a denial of service, caused by an error when handling user ids. A remote attacker could exploit this vulnerability to bypass the security configuration setup on a SVRCONN channel and flood the queue manager. | -- | Sep 29, 2022 | n/a |
| CVE-2012-2166 | IBM XIV Storage System 2810-A14 and 2812-A14 devices before level 10.2.4.e-2 and 2810-114 and 2812-114 devices before level 11.1.1 have hardcoded passwords for unspecified accounts, which allows remote attackers to gain user access via unknown vectors. IBM X-Force ID: 75041. | HIGH | Feb 9, 2018 | n/a |
| CVE-2012-2160 | IBM Rational Change 5.3 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the SUPP_TEMPLATE_FLAG parameter in a specially-crafted URL to execute script in a victim\'s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim\'s cookie-based authentication credentials. | -- | Sep 29, 2022 | n/a |
| CVE-2012-2148 | An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies | LOW | Dec 6, 2019 | n/a |
| CVE-2012-2142 | The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator. | MEDIUM | Jan 15, 2020 | n/a |
| CVE-2012-2130 | A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys. | MEDIUM | Dec 6, 2019 | n/a |
| CVE-2012-2110 | The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. | High | Apr 20, 2012 | n/a |
| CVE-2012-2092 | A Security Bypass vulnerability exists in Ubuntu Cobbler before 2,2,2 in the cobbler-ubuntu-import script due to an error when verifying the GPG signature. | MEDIUM | Dec 6, 2019 | n/a |
| CVE-2012-2087 | ISPConfig 3.0.4.3: the Add new Webdav user can chmod and chown entire server from client interface. | HIGH | Jan 30, 2020 | n/a |
| CVE-2012-2079 | A cross-site request forgery (CSRF) vulnerability in the Activity module 6.x-1.x for Drupal. | MEDIUM | Nov 22, 2019 | n/a |
| CVE-2012-2078 | Cross-site scripting (XSS) vulnerability in the Activity module 6.x-1.x for Drupal. | LOW | Nov 22, 2019 | n/a |
| CVE-2012-1994 | HP Systems Insight Manager before 7.0 allows a remote user on adjacent network to access information | LOW | Feb 11, 2020 | n/a |
| CVE-2012-1932 | A cross-site scripting (XSS) vulnerability in Wolf CMS 0.75 and earlier allows remote attackers to inject arbitrary web script or HTML via the setting[admin_email] parameter to admin/setting. | LOW | Feb 20, 2020 | n/a |
| CVE-2012-1915 | EllisLab CodeIgniter 2.1.2 allows remote attackers to bypass the xss_clean() Filter and perform XSS attacks. | MEDIUM | Jan 13, 2020 | n/a |
| CVE-2012-1913 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-0754. Reason: This candidate is a reservation duplicate of CVE-2010-0754. Notes: All CVE users should reference CVE-2010-0754 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 | n/a |
| CVE-2012-1903 | XSS in Telligent Community 5.6.583.20496 via a flash file and related to the allowScriptAccess parameter. | LOW | Feb 13, 2020 | n/a |
| CVE-2012-1884 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2012-1883 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2012-1871 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2012-1869 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2012-1637 | Cross-site scripting vulnerability (XSS) in the Quick Tabs module 6.x-2.x before 6.x-2.1, 6.x-3.x before 6.x-3.1, and 7.x-3.x before 7.x-3.3 for Drupal. | LOW | Nov 22, 2019 | n/a |
| CVE-2012-1622 | Apache OFBiz 10.04.x before 10.04.02 allows remote attackers to execute arbitrary code via unspecified vectors. | -- | Oct 26, 2017 | n/a |
| CVE-2012-1619 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2012-1615 | A Privilege Escalation vulnerability exits in Fedoraproject Sectool due to an incorrect DBus file. | MEDIUM | Dec 6, 2019 | n/a |
| CVE-2012-1609 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2012-1592 | A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files. | MEDIUM | Dec 13, 2019 | n/a |
| CVE-2012-1587 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4944. Reason: This candidate is a duplicate of CVE-2011-4944. Notes: All CVE users should reference CVE-2011-4944 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 | n/a |
| CVE-2012-1577 | lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0. | HIGH | Dec 10, 2019 | n/a |
| CVE-2012-1572 | OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space | MEDIUM | Nov 14, 2019 | n/a |
| CVE-2012-1567 | LinuxMint as of 2012-03-19 has temporary file creation vulnerabilities in mintUpdate. | MEDIUM | Feb 12, 2020 | n/a |
| CVE-2012-1566 | LinuxMint as of 2012-03-19 has temporary file creation vulnerabilities in mintNanny. | MEDIUM | Feb 12, 2020 | n/a |
| CVE-2012-1563 | Joomla! before 2.5.3 allows Admin Account Creation. | MEDIUM | Jan 15, 2020 | n/a |
| CVE-2012-1562 | Joomla! core before 2.5.3 allows unauthorized password change. | MEDIUM | Jan 15, 2020 | n/a |
| CVE-2012-1534 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4167. Reason: This candidate is a reservation duplicate of CVE-2012-4167. Notes: All CVE users should reference CVE-2012-4167 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 | n/a |
| CVE-2012-1501 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2012-1500 | Stored XSS vulnerability in UpdateFieldJson.jspa in JIRA 4.4.3 and GreenHopper before 5.9.8 allows an attacker to inject arbitrary script code. | LOW | Feb 13, 2020 | n/a |
| CVE-2012-1496 | Local file inclusion in WebCalendar before 1.2.5. | MEDIUM | Jan 29, 2020 | n/a |
| CVE-2012-1495 | install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter. | HIGH | Jan 29, 2020 | n/a |
| CVE-2012-1326 | Cisco IronPort Web Security Appliance up to and including 7.5 does not validate the basic constraints of the certificate authority which could lead to MITM attacks | MEDIUM | Jan 15, 2020 | n/a |
| CVE-2012-1316 | Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks | MEDIUM | Jan 15, 2020 | n/a |
| CVE-2012-1301 | The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the url parameter. | High | Apr 21, 2017 | n/a |
| CVE-2012-1261 | Cross-site scripting (XSS) vulnerability in cgi-bin/scrut_fa_exclusions.cgi in Plixer International Scrutinizer NetFlow and sFlow Analyzer 8.6.2.16204 and other versions before 9.0.1.19899 allows remote attackers to inject arbitrary web script or HTML via the standalone parameter. | MEDIUM | Jan 14, 2020 | n/a |
