Total
11443 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-0992 | 1 Openemr | 1 Openemr | 2026-06-16 | 8.5 HIGH | N/A |
| interface/fax/fax_dispatch.php in OpenEMR 4.1.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the file parameter. | |||||
| CVE-2012-0960 | 1 Ps Project Management Team | 1 Unity-firefox-extension | 2026-06-16 | 7.5 HIGH | N/A |
| Unity integration extension (unity-firefox-extension) before 2.4.1 for Firefox does not properly handle callbacks, which allows remote attackers to cause a denial of service (Firefox crash) and possibly execute arbitrary code via a crafted request. | |||||
| CVE-2012-0954 | 1 Debian | 1 Advanced Package Tool | 2026-06-16 | 2.6 LOW | N/A |
| APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587. | |||||
| CVE-2012-0867 | 4 Debian, Opensuse Project, Postgresql and 1 more | 11 Debian Linux, Opensuse, Postgresql and 8 more | 2026-06-16 | 4.3 MEDIUM | N/A |
| PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters. | |||||
| CVE-2012-0865 | 1 Cubecart | 1 Cubecart | 2026-06-16 | 5.8 MEDIUM | N/A |
| Multiple open redirect vulnerabilities in CubeCart 3.0.20 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) r parameter to switch.php or (2) goto parameter to admin/login.php. | |||||
| CVE-2012-0862 | 1 Xinetd | 1 Xinetd | 2026-06-16 | 4.3 MEDIUM | N/A |
| builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1. | |||||
| CVE-2012-0853 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2026-06-16 | 6.8 MEDIUM | N/A |
| The decodeTonalComponents function in the Actrac3 codec (atrac3.c) in libavcodec in FFmpeg 0.7.x before 0.7.12, and 0.8.x before 0.8.11; and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (infinite loop and crash) and possibly execute arbitrary code via a large component count in an Atrac 3 file. | |||||
| CVE-2012-0840 | 1 Apache | 1 Portable Runtime | 2026-06-16 | 5.0 MEDIUM | N/A |
| tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. | |||||
| CVE-2012-0839 | 1 Inria | 1 Ocaml | 2026-06-16 | 5.0 MEDIUM | N/A |
| OCaml 3.12.1 and earlier computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. | |||||
| CVE-2012-0838 | 1 Apache | 1 Struts | 2026-06-16 | 10.0 HIGH | N/A |
| Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field. | |||||
| CVE-2012-0831 | 1 Php | 1 Php | 2026-06-16 | 6.8 MEDIUM | N/A |
| PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c. | |||||
| CVE-2012-0823 | 1 Webmproject | 1 Libvpx | 2026-06-16 | 5.0 MEDIUM | N/A |
| VP8 Codec SDK (libvpx) before 1.0.0 "Duclair" allows remote attackers to cause a denial of service (application crash) via (1) unspecified "corrupt input" or (2) by "starting decoding from a P-frame," which triggers an out-of-bounds read, related to "the clamping of motion vectors in SPLITMV blocks". | |||||
| CVE-2012-0801 | 1 Moodle | 1 Moodle | 2026-06-16 | 7.5 HIGH | N/A |
| lib/formslib.php in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 does not properly handle multiple instances of a form element, which has unspecified impact and remote attack vectors. | |||||
| CVE-2012-0795 | 1 Moodle | 1 Moodle | 2026-06-16 | 6.5 MEDIUM | N/A |
| Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 does not validate e-mail address settings, which allows remote authenticated users to have an unspecified impact via a crafted address. | |||||
| CVE-2012-0788 | 1 Php | 1 Php | 2026-06-16 | 5.0 MEDIUM | N/A |
| The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server. | |||||
| CVE-2012-0741 | 1 Ibm | 2 Rational Policy Tester, Security Appscan | 2026-06-16 | 5.8 MEDIUM | N/A |
| IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during use of the Manual Explore Proxy feature, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary certificate. | |||||
| CVE-2012-0738 | 1 Ibm | 2 Rational Policy Tester, Security Appscan | 2026-06-16 | 5.8 MEDIUM | N/A |
| IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during scanning, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary certificate. | |||||
| CVE-2012-0736 | 1 Ibm | 1 Rational Appscan | 2026-06-16 | 9.3 HIGH | N/A |
| IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly create scan jobs, which allows remote attackers to execute arbitrary code via a crafted web site. | |||||
| CVE-2012-0735 | 1 Ibm | 1 Rational Appscan | 2026-06-16 | 7.6 HIGH | N/A |
| IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly scan file: URLs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted URI. | |||||
| CVE-2012-0723 | 1 Ibm | 2 Aix, Vios | 2026-06-16 | 4.9 MEDIUM | N/A |
| The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly implement the dupmsg system call, which allows local users to cause a denial of service (system crash) via a crafted application. | |||||