The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2012-1712 | Directory traversal vulnerability in the Liferay component in Oracle Sun GlassFish Web Space Server before 10.0 Update 7 Patch 2 has unknown impact and attack vectors. | High | Dec 21, 2012 |
| CVE-2012-1711 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to CORBA. | High | Jun 18, 2012 |
| CVE-2012-1710 | Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Designer. | High | May 4, 2012 |
| CVE-2012-1709 | Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Designer. | High | May 4, 2012 |
| CVE-2012-1708 | Unspecified vulnerability in the Application Express component in Oracle Database Server 4.0 and 4.1 allows remote attackers to affect integrity via unknown vectors. | Medium | May 4, 2012 |
| CVE-2012-1707 | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Core-Base. | Medium | May 4, 2012 |
| CVE-2012-1706 | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Logging. | Medium | May 4, 2012 |
| CVE-2012-1705 | Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. | Medium | Jan 17, 2013 |
| CVE-2012-1704 | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Core-Base. | Low | May 4, 2012 |
| CVE-2012-1703 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. | Medium | May 4, 2012 |
| CVE-2012-1702 | Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors. | Medium | Jan 17, 2013 |
| CVE-2012-1701 | Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Highly Interactive Web UI. | Medium | Jan 17, 2013 |
| CVE-2012-1700 | Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Siebel UI Framework. | Medium | Jan 17, 2013 |
| CVE-2012-1699 | The ProcSetEventMask function in difs/events.c in the xfs font server for X.Org X11R6 through X11R6.6 and XFree86 before 3.3.3 calls the SendErrToClient function with a mask value instead of a pointer, which allows local users to cause a denial of service (memory corruption and crash) or obtain potentially sensitive information from memory via a SetEventMask request that triggers an invalid pointer dereference. | Low | Dec 21, 2012 |
| CVE-2012-1698 | Unspecified vulnerability in Oracle Sun Solaris 11 allows remote authenticated users to affect confidentiality, related to Kernel/GLD. | Low | May 4, 2012 |
| CVE-2012-1697 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition. | Medium | May 4, 2012 |
| CVE-2012-1696 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. | Medium | May 4, 2012 |
| CVE-2012-1695 | Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware 28.2.2 and earlier, and JDK/JRE 5 and 6 27.7.1 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | High | May 4, 2012 |
| CVE-2012-1694 | Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality and integrity, related to libsasl. | Medium | May 4, 2012 |
| CVE-2012-1693 | Unspecified vulnerability in Oracle SPARC Enterprise M Series Servers XCP 1110 allows remote attackers to affect availability, related to XSCF Control Package (XCP). | Low | May 4, 2012 |
| CVE-2012-1692 | Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability, related to SCTP. | Medium | May 4, 2012 |
| CVE-2012-1691 | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel/Privileges. | Medium | May 4, 2012 |
| CVE-2012-1690 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. | Medium | May 4, 2012 |
| CVE-2012-1689 | Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. | Medium | Jul 18, 2012 |
| CVE-2012-1688 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability, related to Server DML. | Medium | May 4, 2012 |
| CVE-2012-1687 | Unspecified vulnerability in Oracle Solaris 10 and 11 allows local users to affect integrity and availability, related to Logical Domains (LDOM). | Medium | Jul 18, 2012 |
| CVE-2012-1686 | Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.6 and other versions allows remote attackers to affect integrity via unknown vectors related to Installation. | Medium | Oct 18, 2012 |
| CVE-2012-1685 | Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.6 allows remote attackers to affect integrity via unknown vectors related to Core. | Medium | Oct 22, 2012 |
| CVE-2012-1684 | Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Password Policy. | Medium | May 4, 2012 |
| CVE-2012-1683 | Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to gssd. | Medium | May 4, 2012 |
| CVE-2012-1682 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. | High | Sep 5, 2012 |
| CVE-2012-1681 | Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kernel/sockfs. | Medium | May 10, 2012 |
| CVE-2012-1680 | Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Siebel Apps - Multi-channel Technologies. | Medium | Jan 17, 2013 |
| CVE-2012-1679 | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect integrity via unknown vectors related to Core-Base. | Low | May 10, 2012 |
| CVE-2012-1678 | Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 8.98, 9.1, and 24 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC. | Low | Jan 17, 2013 |
| CVE-2012-1677 | Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware allows remote attackers to affect integrity via unknown vectors. | Medium | Jan 17, 2013 |
| CVE-2012-1676 | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Virtual Banking. | Low | May 4, 2012 |
| CVE-2012-1675 | The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, and 11.2.0.3, and 10g 10.2.0.3, 10.2.0.4, and 10.2.0.5, as used in Oracle Fusion Middleware, Enterprise Manager, E-Business Suite, and possibly other products, allows remote attackers to execute arbitrary database commands by performing a remote registration of a database (1) instance or (2) service name that already exists, then conducting a man-in-the-middle (MITM) attack to hijack database connections, aka TNS Poison. | High | May 9, 2012 |
| CVE-2012-1674 | Unspecified vulnerability in the Siebel Clinical component in Oracle Industry Applications 7.7, 7.8, 8.0.0.x, 8.1.1.x, and 8.2.2.x allows remote authenticated users to affect integrity via unknown vectors related to Web UI. | Medium | May 4, 2012 |
| CVE-2012-1673 | SQL injection vulnerability in loginscript.php in e-ticketing allows remote attackers to execute arbitrary SQL commands via the password parameter. | High | Apr 11, 2012 |
| CVE-2012-1672 | SQL injection vulnerability in getcity.php in Hotel Booking Portal 0.1 allows remote attackers to execute arbitrary SQL commands via the country parameter. | High | Apr 11, 2012 |
| CVE-2012-1671 | Directory traversal vulnerability in index.php in phpPaleo 4.8b155 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | Medium | Oct 9, 2012 |
| CVE-2012-1670 | admin/index.php in PHP Grade Book before 1.9.5 BETA allows remote attackers to read the database via a SaveSQL action. | Medium | Apr 2, 2012 |
| CVE-2012-1669 | Directory traversal vulnerability in index.php in phpMoneyBooks before 1.0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter. | Medium | Nov 18, 2014 |
| CVE-2012-1667 | ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record. | High | Jun 6, 2012 |
| CVE-2012-1666 | Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion before 4.1.2, VMware View before 5.1, and VMware ESX 4.1 before U3 and 5.0 before P03 allows local users to gain privileges via a Trojan horse tpfc.dll file in the current working directory.Per: http://cwe.mitre.org/data/definitions/426.html \'CWE-426 Untrusted Search Path\' | Medium | Sep 10, 2012 |
| CVE-2012-1665 | Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow (1) remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/login.php or (2) remote administrators to execute arbitrary SQL commands via the status parameter to admin/stats_monthly_sales.php or (3) country parameter in a process action to admin/create_account_process.php. | High | May 21, 2015 |
| CVE-2012-1664 | Multiple cross-site scripting (XSS) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in a process action to admin/login.php; (2) pageTitle, (3) current_product_id, or (4) cPath parameter to admin/new_attributes_include.php; (5) sb_id, (6) sb_key, (7) gc_id, (8) gc_key, or (9) path parameter to admin/htaccess.php; (10) title parameter to admin/information_form.php; (11) search parameter to admin/xsell.php; (12) gross or (13) max parameter to admin/stats_products_purchased.php; (14) status parameter to admin/stats_monthly_sales.php; (15) sorted parameter to admin/stats_customers.php; (16) information_id parameter to /admin/information_manager.php; or (17) zID parameter to /admin/geo_zones.php. | Medium | May 21, 2015 |
| CVE-2012-1663 | Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list. | High | Mar 14, 2012 |
| CVE-2012-1662 | CA ARCserve Backup r12.0 through SP2, r12.5 before SP2, r15 through SP1, and r16 before SP1 on Windows allows remote attackers to cause a denial of service (service shutdown) via a crafted network request. | Medium | Mar 22, 2012 |
