Total
35752 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-1107 | 1 Scott Wheeler | 1 Taglib | 2026-06-16 | 4.3 MEDIUM | N/A |
| The analyzeCurrent function in ape/apeproperties.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted sampleRate in an ape file, which triggers a divide-by-zero error. | |||||
| CVE-2012-1085 | 1 Typo3 | 2 Beuserswitch, Typo3 | 2026-06-16 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. | |||||
| CVE-2012-1079 | 2 Helmut Hummel, Typo3 | 2 Typo3 Webservice, Typo3 | 2026-06-16 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in the Webservices for TYPO3 (typo3_webservice) extension before 0.3.8 for TYPO3 allows remote authenticated users to execute arbitrary code via unknown vectors. | |||||
| CVE-2012-1031 | 1 Episerver | 1 Episerver Cms | 2026-06-16 | 6.0 MEDIUM | N/A |
| Unspecified vulnerability in EPiServer CMS 5 and 6 through 6R2, in certain configurations using Forms Authentication, allows remote authenticated users to obtain WebAdmins access by leveraging Edit Mode privileges, a different vulnerability than CVE-2011-3416 and CVE-2011-3417. | |||||
| CVE-2012-1009 | 1 Netsarang | 2 Xlpd, Xmanager Enterprise | 2026-06-16 | 5.0 MEDIUM | N/A |
| NetSarang Xlpd 4 Build 0100 and NetSarang Xmanager Enterprise 4 Build 0186 allow remote attackers to cause a denial of service (daemon crash) via a malformed LPD request. | |||||
| CVE-2012-1002 | 1 Zakongroup | 1 Openconf | 2026-06-16 | 10.0 HIGH | N/A |
| SQL injection vulnerability in author/edit.php in OpenConf 4.x before 4.12 allows remote attackers to execute arbitrary SQL commands via the pid parameter. | |||||
| CVE-2012-10016 | 1 Halulu | 1 Simple-download-button-shortcode | 2026-06-16 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic has been found in Halulu simple-download-button-shortcode Plugin 1.0 on WordPress. Affected is an unknown function of the file simple-download-button_dl.php of the component Download Handler. The manipulation of the argument file leads to information disclosure. It is possible to launch the attack remotely. Upgrading to version 1.1 is able to address this issue. The patch is identified as e648a8706818297cf02a665ae0bae1c069dea5f1. It is recommended to upgrade the affected component. VDB-242190 is the identifier assigned to this vulnerability. | |||||
| CVE-2012-0962 | 2 Canonical, Sebastian Heinlein | 2 Ubuntu Linux, Aptdaemon | 2026-06-16 | 4.3 MEDIUM | N/A |
| Aptdaemon 0.43 in Ubuntu 11.10 and 12.04 LTS uses short IDs when importing PPA GPG keys from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack. | |||||
| CVE-2012-0937 | 1 Wordpress | 1 Wordpress | 2026-06-16 | 5.0 MEDIUM | N/A |
| wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not limit the number of MySQL queries sent to external MySQL database servers, which allows remote attackers to use WordPress as a proxy for brute-force attacks or denial of service attacks via the dbhost parameter, a different vulnerability than CVE-2011-4898. NOTE: the vendor disputes the significance of this issue because an incomplete WordPress installation might be present on the network for only a short time | |||||
| CVE-2012-0927 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2026-06-16 | 9.3 HIGH | N/A |
| Unspecified vulnerability in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via vectors involving the coded_frame_size value in a RealAudio audio stream. | |||||
| CVE-2012-0925 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2026-06-16 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the RV40 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted RV40 RealVideo video stream. | |||||
| CVE-2012-0918 | 1 Hitachi | 3 Cobol2002 Net Client Suite, Cobol2002 Net Developer, Cobol2002 Net Server Suite | 2026-06-16 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Hitachi COBOL2002 Net Developer, Net Server Suite, and Net Client Suite 01-00, 01-01 through 01-01-/D, 01-02 through 01-02-/F, 01-03 through 01-03-/F, 02-00 through 02-00-/D, 02-01 through 02-01-/C, and possibly other versions before 02-01-/D allows remote attackers to execute arbitrary code via unknown attack vectors. | |||||
| CVE-2012-0902 | 1 Airties | 1 Air 4450 | 2026-06-16 | 5.0 MEDIUM | N/A |
| AirTies Air 4450 1.1.2.18 allows remote attackers to cause a denial of service (reboot) via a direct request to cgi-bin/loader. | |||||
| CVE-2012-0885 | 1 Asterisk | 1 Open Source | 2026-06-16 | 4.3 MEDIUM | N/A |
| chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and media support is improperly configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted SDP message with a crypto attribute and a (1) video or (2) text media type, as demonstrated by CSipSimple. | |||||
| CVE-2012-0883 | 2 Apache, Opensuse | 2 Http Server, Opensuse | 2026-06-16 | 6.9 MEDIUM | N/A |
| envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl. | |||||
| CVE-2012-0836 | 1 Joomla | 1 Joomla\! | 2026-06-16 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 allows attackers to read the error log via unknown vectors. | |||||
| CVE-2012-0835 | 1 Joomla | 1 Joomla\! | 2026-06-16 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain sensitive information via unknown vectors related to "administrator." | |||||
| CVE-2012-0821 | 1 Joomla | 1 Joomla\! | 2026-06-16 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0819. | |||||
| CVE-2012-0819 | 1 Joomla | 1 Joomla\! | 2026-06-16 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0821. | |||||
| CVE-2012-0787 | 2 Augeas, Redhat | 2 Augeas, Enterprise Linux | 2026-06-16 | 3.7 LOW | N/A |
| The clone_file function in transfer.c in Augeas before 1.0.0, when copy_if_rename_fails is set and EXDEV or EBUSY is returned by the rename function, allows local users to overwrite arbitrary files and obtain sensitive information via a bind mount on the (1) .augsave or (2) destination file when using the backup save option, or (3) .augnew file when using the newfile save option. | |||||
