Vulnerabilities (CVE)

Filtered by CWE-20
Total 11449 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-1817 1 Emerson 3 Deltav, Deltav Proessentials Scientific Graph, Deltav Workstation 2026-06-16 7.5 HIGH N/A
Buffer overflow in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via an invalid field in a project file.
CVE-2012-1785 2 Kylegilman, Wordpress 2 Video Embed \& Thumbnail Generator, Wordpress 2026-06-16 7.5 HIGH N/A
kg_callffmpeg.php in the Video Embed & Thumbnail Generator plugin before 2.0 for WordPress allows remote attackers to execute arbitrary commands via unspecified vectors.
CVE-2012-1783 1 Saurabh Gupta 1 Tiny Server 2026-06-16 7.8 HIGH N/A
Tiny Server 1.1.9 and earlier allows remote attackers to cause a denial of service (crash) via a long string in a GET request without an HTTP version number.
CVE-2012-1662 2 Broadcom, Microsoft 2 Arcserve Backup, Windows 2026-06-16 5.0 MEDIUM N/A
CA ARCserve Backup r12.0 through SP2, r12.5 before SP2, r15 through SP1, and r16 before SP1 on Windows allows remote attackers to cause a denial of service (service shutdown) via a crafted network request.
CVE-2012-1608 1 Typo3 1 Typo3 2026-06-16 5.0 MEDIUM N/A
The t3lib_div::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and inject arbitrary web script or HTML via non printable characters.
CVE-2012-1589 1 Drupal 1 Drupal 2026-06-16 5.8 MEDIUM N/A
Open redirect vulnerability in the Form API in Drupal 7.x before 7.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted parameters in a destination URL.
CVE-2012-1535 7 Adobe, Apple, Linux and 4 more 9 Flash Player, Mac Os X, Linux Kernel and 6 more 2026-06-16 9.3 HIGH 7.8 HIGH
Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document.
CVE-2012-1472 1 Vmware 1 Vcenter Chargeback Manager 2026-06-16 6.4 MEDIUM N/A
VMware vCenter Chargeback Manager (aka CBM) before 2.0.1 does not properly handle XML API requests, which allows remote attackers to read arbitrary files or cause a denial of service via unspecified vectors.
CVE-2012-1367 1 Cisco 1 Ios 2026-06-16 5.0 MEDIUM N/A
The MallocLite implementation in Cisco IOS 12.0, 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (Route Processor crash) via a BGP UPDATE message with a modified local-preference (aka LOCAL_PREF) attribute length, aka Bug ID CSCtq06538.
CVE-2012-1366 1 Cisco 10 Asr 1001, Asr 1002, Asr 1002-x and 7 more 2026-06-16 6.1 MEDIUM N/A
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.
CVE-2012-1326 1 Cisco 1 Ironport Web Security Appliance 2026-06-16 5.8 MEDIUM 7.4 HIGH
Cisco IronPort Web Security Appliance up to and including 7.5 does not validate the basic constraints of the certificate authority which could lead to MITM attacks
CVE-2012-1301 1 Umbraco 1 Umbraco Cms 2026-06-16 7.5 HIGH 9.8 CRITICAL
The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the "url" parameter.
CVE-2012-1198 1 Secureideas 1 Basic Analysis And Security Engine 2026-06-16 7.5 HIGH N/A
base_ag_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 allows remote attackers to execute arbitrary code by uploading contents of the file with an executable extension via a create action, then accessing it via a view action.
CVE-2012-1191 1 D.j.bernstein 1 Djbdns 2026-06-16 6.4 MEDIUM N/A
The resolver in dnscache in Daniel J. Bernstein djbdns 1.05 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.
CVE-2012-1177 1 Gnome 1 Libgdata 2026-06-16 5.1 MEDIUM N/A
libgdata before 0.10.2 and 0.11.x before 0.11.1 does not validate SSL certificates, which allows remote attackers to obtain user names and passwords via a man-in-the-middle (MITM) attack with a spoofed certificate.
CVE-2012-1172 1 Php 1 Php 2026-06-16 5.8 MEDIUM N/A
The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions.
CVE-2012-1168 3 Fedoraproject, Moodle, Redhat 3 Fedora, Moodle, Enterprise Linux 2026-06-16 6.4 MEDIUM 8.2 HIGH
Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified.
CVE-2012-1147 2 Apple, Libexpat Project 2 Mac Os X, Libexpat 2026-06-16 4.3 MEDIUM N/A
readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.
CVE-2012-1108 1 Scott Wheeler 1 Taglib 2026-06-16 4.3 MEDIUM N/A
The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted vendorLength field in an ogg file.
CVE-2012-1103 2 Gnu, Notmuchmail 2 Emacs, Notmuch 2026-06-16 4.3 MEDIUM N/A
emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs interface, allows user-assisted remote attackers to read arbitrary files via crafted MML tags, which are not properly quoted in an email reply cna cause the files to be attached to the message.