| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
101 |
CVE-2012-0099 |
|
|
|
2012-01-18 |
2018-01-06 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to sshd. |
|
102 |
CVE-2012-0098 |
|
|
|
2012-01-18 |
2018-01-06 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2011-0813. |
|
103 |
CVE-2012-0097 |
|
|
|
2012-01-18 |
2017-08-29 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect confidentiality via unknown vectors related to ksh93 Shell. |
|
104 |
CVE-2012-0096 |
|
|
|
2012-01-18 |
2018-01-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Network. |
|
105 |
CVE-2012-0094 |
|
|
|
2012-01-18 |
2018-01-06 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows remote attackers to affect availability, related to TCP/IP. |
|
106 |
CVE-2012-0091 |
|
|
|
2012-01-18 |
2017-08-29 |
2.7 |
None |
Local Network |
High |
??? |
None |
Partial |
Partial |
|
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52.05 allows remote authenticated users to affect integrity and availability via unknown vectors related to Upgrade Change Assistance. |
|
107 |
CVE-2012-0089 |
|
|
|
2012-01-18 |
2017-08-29 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to ePerformance. |
|
108 |
CVE-2012-0088 |
|
|
|
2012-01-18 |
2017-08-29 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 8.9, 9.0, and 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Benefits Administration. |
|
109 |
CVE-2012-0087 |
|
|
|
2012-01-18 |
2019-12-17 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0101 and CVE-2012-0102. |
|
110 |
CVE-2012-0085 |
|
|
|
2012-01-18 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 7.5.2 and 10.1.3.5.1 allows remote attackers to affect integrity via unknown vectors related to Content Server. |
|
111 |
CVE-2012-0084 |
|
|
|
2012-01-18 |
2017-08-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 7.5.2, 10.1.3.5.1, 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote authenticated users to affect integrity via unknown vectors related to Content Server. |
|
112 |
CVE-2012-0083 |
|
|
|
2012-01-18 |
2017-08-29 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 7.5.2, 10.1.3.5.1, 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Search. |
|
113 |
CVE-2012-0082 |
|
|
|
2012-01-18 |
2017-08-29 |
5.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Partial |
|
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect integrity and availability via unknown vectors. |
|
114 |
CVE-2012-0081 |
|
|
|
2012-01-18 |
2017-08-29 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.1.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Administration. |
|
115 |
CVE-2012-0080 |
|
|
|
2012-01-18 |
2017-08-29 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
|
Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Talent Acquisition Management. |
|
116 |
CVE-2012-0079 |
|
|
|
2012-01-18 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in Oracle OpenSSO 7.1 and 8.0 allows remote attackers to affect integrity via unknown vectors related to Administration. |
|
117 |
CVE-2012-0078 |
|
|
|
2012-01-18 |
2017-08-29 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.2 and 12.1.3 allows remote authenticated users to affect confidentiality, related to REST Services (Menu, LOV). |
|
118 |
CVE-2012-0077 |
|
|
|
2012-01-18 |
2017-08-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4, 10.0.2, 10.3.3, 10.3.4, and 10.3.5 allows remote authenticated users to affect integrity, related to WLS-Console. |
|
119 |
CVE-2012-0076 |
|
|
|
2012-01-18 |
2017-08-29 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to ePerformance. |
|
120 |
CVE-2012-0075 |
|
|
|
2012-01-18 |
2019-12-17 |
1.7 |
None |
Remote |
High |
??? |
None |
Partial |
None |
|
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect integrity via unknown vectors. |
|
121 |
CVE-2012-0074 |
|
|
|
2012-01-18 |
2017-08-29 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
Unspecified vulnerability in the PeopleSoft Enterprise CRM component in Oracle PeopleSoft Products 8.9 allows remote authenticated users to affect integrity via unknown vectors related to Sales. |
|
122 |
CVE-2012-0073 |
|
|
|
2012-01-18 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the Oracle Forms component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors. |
|
123 |
CVE-2012-0072 |
|
|
|
2012-01-18 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the Listener component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.2 allows remote attackers to affect availability via unknown vectors. |
|
124 |
CVE-2012-0069 |
89 |
|
Exec Code Sql |
2012-01-24 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in ajax.php in Batavi before 1.2.1 allows remote attackers to execute arbitrary SQL commands via the boxToReload parameter. |
|
125 |
CVE-2012-0056 |
264 |
|
+Priv |
2012-01-27 |
2018-01-18 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The mem_write function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when writing to /proc/<pid>/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper. |
|
126 |
CVE-2012-0053 |
264 |
|
+Info |
2012-01-28 |
2021-06-06 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script. |
|
127 |
CVE-2012-0050 |
399 |
|
DoS |
2012-01-19 |
2016-08-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108. |
|
128 |
CVE-2012-0040 |
79 |
|
XSS |
2012-01-24 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in modules/core/www/no_cookie.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the retryURL parameter. |
|
129 |
CVE-2012-0039 |
310 |
|
DoS |
2012-01-14 |
2012-02-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application. |
|
130 |
CVE-2012-0035 |
|
|
+Priv |
2012-01-19 |
2018-12-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file. |
|
131 |
CVE-2012-0031 |
399 |
|
DoS |
2012-01-18 |
2021-06-06 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function. |
|
132 |
CVE-2012-0030 |
264 |
|
Bypass |
2012-01-13 |
2017-08-29 |
4.9 |
None |
Remote |
Medium |
??? |
None |
Partial |
Partial |
|
Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter. |
|
133 |
CVE-2012-0029 |
119 |
|
DoS Exec Code Overflow |
2012-01-27 |
2017-08-29 |
7.4 |
None |
Local Network |
Medium |
??? |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets. |
|
134 |
CVE-2012-0027 |
399 |
|
DoS |
2012-01-06 |
2014-03-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client. |
|
135 |
CVE-2012-0024 |
400 |
|
DoS |
2012-01-08 |
2020-08-19 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set. |
|
136 |
CVE-2012-0022 |
189 |
|
DoS |
2012-01-19 |
2019-03-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858. |
|
137 |
CVE-2012-0021 |
20 |
|
DoS |
2012-01-28 |
2021-06-06 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value. |
|
138 |
CVE-2012-0013 |
|
|
Exec Code |
2012-01-10 |
2020-09-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability." |
|
139 |
CVE-2012-0009 |
|
|
+Priv |
2012-01-10 |
2019-02-26 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability." |
|
140 |
CVE-2012-0007 |
79 |
|
XSS Bypass |
2012-01-10 |
2018-10-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3.x and 4.0 does not properly evaluate characters after the detection of a Cascading Style Sheets (CSS) escaped character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML input, aka "AntiXSS Library Bypass Vulnerability." |
|
141 |
CVE-2012-0005 |
264 |
|
+Priv |
2012-01-10 |
2019-02-26 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability." |
|
142 |
CVE-2012-0004 |
|
|
Exec Code |
2012-01-10 |
2020-09-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability." |
|
143 |
CVE-2012-0003 |
|
|
Exec Code |
2012-01-10 |
2020-09-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability." |
|
144 |
CVE-2012-0001 |
|
|
Bypass |
2012-01-10 |
2020-09-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability." |
|
145 |
CVE-2011-5075 |
|
1
|
+Info |
2012-01-29 |
2012-02-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to obtain sensitive information via a direct request using the save action, which reveals the installation path. |
|
146 |
CVE-2011-5074 |
352 |
|
CSRF |
2012-01-29 |
2012-02-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to hijack the authentication of administrators for requests that change administrator email, add a new administrator, or insert arbitrary script via (1) user_profile_edit.php or (2) user_add.php. |
|
147 |
CVE-2011-5073 |
79 |
|
XSS |
2012-01-29 |
2012-02-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to inject arbitrary web script or HTML via the (1) mode parameter to contact_support.php; (2) contractid parameter to contract_add_service.php; (3) user parameter to edit_backup_users.php; (4) id parameter to edit_escalation_path.php; the Referer to (5) forgotpwd.php, (6) an approvalpage action to billable_incidents.php, or (7) transactions.php; (8) action parameter to inbox.php; (9) search_string parameter in a findcontact action to incident_add.php; table1 parameter to (10) report_customers.php, (11) report_incidents_by_engineer.php, (12) report_incidents_by_site.php, or (13) report_marketing.php; or the (14) startdate or (15) enddate parameter to report_incidents_by_vendor.php. |
|
148 |
CVE-2011-5072 |
89 |
|
Exec Code Sql |
2012-01-29 |
2012-02-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to portal/kb.php; (2) contractid parameter to contract_add_service.php; (3) id parameter to edit_escalation_path.php; (4) unlock, (5) lock, or (6) selected parameter to holding_queue.php; inc parameter in a report action to (7) report_customers.php or (8) report_incidents_by_site.php; (9) start parameter to search.php; or (10) sites parameter to transactions.php. |
|
149 |
CVE-2011-5071 |
89 |
|
Exec Code Sql |
2012-01-29 |
2012-02-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[] parameter to billable_incidents.php, or (4) search_string parameter to search.php. NOTE: some of these details are obtained from third party information. |
|
150 |
CVE-2011-5070 |
79 |
|
XSS |
2012-01-29 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) 3.65 allow remote attackers to inject arbitrary web script or HTML via (1) the file name to incident_attachments.php; (2) unspecified vectors in link_add.php, possibly involving origref, linkref, linktype parameters, which are not properly handled in the clean_int function in lib/base.inc.php, or the redirect parameter, which is not properly handled in the html_redirect function in lib/html.inc.php; and (3) unspecified vectors in translate.php. |
