2012 年に公開された CVE を表示しています。 CVE の一覧へ
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2012-6371 | The WPA2 implementation on the Belkin N900 F9K1104v1 router establishes a WPS PIN based on 6 digits of the LAN/WLAN MAC address, which makes it easier for remote attackers to obtain access to a Wi-Fi network by reading broadcast packets, a different vulnerability than CVE-2012-4366. | 3.3 | 0.12% | 2012-12-31 | 2026-04-29 |
| CVE-2011-5251 | Open redirect vulnerability in forum/login.php in vBulletin 4.1.3 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter in a lostpw action. | 5.8 | 0.24% | 2012-12-31 | 2026-04-29 |
| CVE-2012-6453 | Cross-site scripting (XSS) vulnerability in the RSS Reader extension before 0.2.6 for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a crafted feed. | 4.3 | 0.22% | 2012-12-31 | 2026-04-29 |
| CVE-2012-6339 | Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cerberus FTP Server before 5.0.6.0 allow (1) remote attackers to inject arbitrary web script or HTML via a log entry that is not properly handled within the Log Manager component, and might allow (2) remote authenticated administrators to inject arbitrary web script or HTML via a Messages field to the servermanager program. | 4.3 | 0.25% | 2012-12-31 | 2026-04-29 |
| CVE-2012-6337 | The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices shows the activation of remote tracking, which might allow physically proximate attackers to defeat a product-recovery effort by tampering with this feature or its location data. | 3.3 | 0.07% | 2012-12-31 | 2026-04-29 |
| CVE-2012-6336 | The Missing Device feature in Lookout allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer." | 3.3 | 0.05% | 2012-12-31 | 2026-04-29 |
| CVE-2012-6335 | The Anti-theft service in AVG AntiVirus for Android allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer." | 3.3 | 0.05% | 2012-12-31 | 2026-04-29 |
| CVE-2012-6334 | The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices does not properly implement Location APIs, which allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer." | 2.9 | 0.06% | 2012-12-31 | 2026-04-29 |
| CVE-2012-5642 | server/action.py in Fail2ban before 0.8.8 does not properly handle the content of the matches tag, which might allow remote attackers to trigger unsafe behavior in a custom action file via unspecified symbols in this content. | 7.5 | 1.64% | 2012-12-31 | 2026-04-29 |
| CVE-2012-4688 | The Central application in i-GEN opLYNX before 2.01.9 allows remote attackers to bypass authentication via vectors involving the disabling of browser JavaScript support. | 7.5 | 0.49% | 2012-12-31 | 2026-04-29 |
| CVE-2012-4792 KEV | Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012. | 8.8 | 91.24% | 2012-12-30 | 2026-04-22 |
| CVE-2012-6369 | Cross-site scripting (XSS) vulnerability in the Troubleshooting Reporting System feature in AgileBits 1Password 3.9.9 might allow remote attackers to inject arbitrary web script or HTML via a crafted User-Agent HTTP header that is not properly handled in a View Troubleshooting Report action. | 4.3 | 0.16% | 2012-12-28 | 2026-04-29 |
| CVE-2012-5445 | The kernel in Cisco Native Unix (CNU) on Cisco Unified IP Phone 7900 series devices (aka TNP phones) with software before 9.3.1-ES10 does not properly validate unspecified system calls, which allows attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a crafted binary. | 6.8 | 0.36% | 2012-12-28 | 2026-04-29 |
| CVE-2012-4932 | Multiple cross-site scripting (XSS) vulnerabilities in SimpleInvoices before stable-2012-1-CIS3000 allow remote attackers to inject arbitrary web script or HTML via (1) the having parameter in a manage action to index.php; (2) the Email field in an Add User action; (3) the Customer Name field in an Add Customer action; the (4) Street address, (5) Street address 2, (6) City, (7) Zip code, (8) State, (9) Country, (10) Mobile Phone, (11) Phone, (12) Fax, (13) Email, (14) PayPal business name, (15) | 4.3 | 0.76% | 2012-12-28 | 2026-04-29 |
| CVE-2012-4528 | The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data. | 5.0 | 11.46% | 2012-12-28 | 2026-04-29 |
| CVE-2012-3873 | Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) data/gallery/edit.php, (2) data/guestbook/edit.php, (3) data/file/edit.php, (4) data/htmltext/edit.php, (5) data/publication/edit.php, or (6) data/event/edit.php. | 6.5 | 0.94% | 2012-12-28 | 2026-04-29 |
| CVE-2012-3872 | Multiple cross-site scripting (XSS) vulnerabilities in Open Constructor 3.12.0 allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to data/file/edit.php, (2) the q parameter to confirm.php, or (3) the keyword parameter to users/users.php. | 4.3 | 0.75% | 2012-12-28 | 2026-04-29 |
| CVE-2012-3871 | Cross-site scripting (XSS) vulnerability in data/hybrid/i_hybrid.php in Open Constructor 3.12.0 allows remote authenticated users to inject arbitrary web script or HTML via the header parameter. | 3.5 | 0.16% | 2012-12-28 | 2026-04-29 |
| CVE-2012-3870 | Multiple cross-site scripting (XSS) vulnerabilities in objects/createobject.php in Open Constructor 3.12.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) name or (2) description parameter. | 3.5 | 0.16% | 2012-12-28 | 2026-04-29 |
| CVE-2012-0741 | IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during use of the Manual Explore Proxy feature, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary certificate. | 5.8 | 0.14% | 2012-12-28 | 2026-04-29 |