CVE List by Type: Input Validation (Filtered by Published Year)

Explore CVEs related to Input Validation vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.

Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.

You're viewing Input Validation CVEs published in 2012. View full CVE list

Showing 101120 of 351 results
«« First « Prev Page 6 / 18 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2012-5356 The apt-add-repository tool in Ubuntu Software Properties 0.75.x before 0.75.10.3, 0.80.x before 0.80.9.2, 0.81.x before 0.81.13.5, 0.82.x before 0.82.7.3, and 0.92.x before 0.92.8 does not properly check PPA GPG keys imported from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack. 5.8 1.97% 2012-10-10 2026-06-16
CVE-2012-4463 Midnight Commander (mc) 4.8.5 does not properly handle the (1) MC_EXT_SELECTED or (2) MC_EXT_ONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote attackers to execute arbitrary commands via a crafted file name. 5.1 1.87% 2012-10-10 2026-06-16
CVE-2012-3986 Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code. 4.3 2.51% 2012-10-10 2026-06-16
CVE-2012-3436 OpenTTD 0.6.0 through 1.2.1 does not properly validate requests to clear a water tile, which allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a certain sequence of steps related to "the water/coast aspect of tiles which also have railtracks on one half." 5.0 3.38% 2012-10-09 2026-06-16
CVE-2012-5321 tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka "frame injection." 5.8 13.75% 2012-10-08 2026-06-16
CVE-2012-4824 Open redirect vulnerability in servlet/traveler in IBM Lotus Notes Traveler 8.5.3 before 8.5.3.3 Interim Fix 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirectURL parameter. 5.8 1.13% 2012-10-08 2026-06-16
CVE-2011-4911 Joomla! before 1.5.12 does not perform a JEXEC check in unspecified files, which allows remote attackers to obtain the installation path via unspecified vectors. 5.0 1.51% 2012-10-07 2026-06-16
CVE-2012-3314 IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, 6.2.1, and 6.2.2 allow remote attackers to establish sessions via a crafted message that leverages (1) a signature-validation bypass for SAML messages containing unsigned elements, (2) incorrect validation of XML messages, or (3) a certificate-chain validation bypass for an XML signature element that contains the signing certificate. 5.8 0.84% 2012-10-02 2026-06-16
CVE-2012-5234 Open redirect vulnerability in index.php in ocPortal before 7.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter. 5.8 1.04% 2012-10-01 2026-06-16
CVE-2012-2242 scripts/dget.pl in devscripts before 2.10.73 allows remote attackers to execute arbitrary commands via a crafted (1) .dsc or (2) .changes file, related to "arguments to external commands" that are not properly escaped, a different vulnerability than CVE-2012-2240. 6.8 1.70% 2012-09-30 2026-06-16
CVE-2012-2241 scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to delete arbitrary files via a crafted (1) .dsc or (2) .changes file, probably related to a NULL byte in a filename. 5.0 1.50% 2012-09-30 2026-06-16
CVE-2012-2240 scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to "arguments to external commands." 7.5 3.15% 2012-09-30 2026-06-16
CVE-2012-5049 APIFTP Server in Optimalog Optima PLC 1.5.2 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. 7.8 3.43% 2012-09-28 2026-06-16
CVE-2012-4623 The DHCPv6 server in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x, 3.1.xS before 3.1.4S, 3.1.xSG and 3.2.xSG before 3.2.5SG, 3.2.xS, 3.2.xXO, 3.3.xS, and 3.3.xSG before 3.3.1SG allows remote attackers to cause a denial of service (device reload) via a malformed DHCPv6 packet, aka Bug ID CSCto57723. 7.8 2.77% 2012-09-26 2026-06-16
CVE-2012-4617 The BGP implementation in Cisco IOS 15.2, IOS XE 3.5.xS before 3.5.2S, and IOS XR 4.1.0 through 4.2.2 allows remote attackers to cause a denial of service (multiple connection resets) by leveraging a peer relationship and sending a malformed attribute, aka Bug IDs CSCtt35379, CSCty58300, CSCtz63248, and CSCtz62914. 7.1 2.32% 2012-09-26 2026-06-16
CVE-2012-3949 The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, 8.x before 8.5(1)su4, and 8.6 before 8.6(2a)su1; Cisco IOS 12.2 through 12.4 and 15.0 through 15.2; and Cisco IOS XE 3.3.xSG before 3.3.1SG, 3.4.xS, and 3.5.xS allows remote attackers to cause a denial of service (service crash or device reload) via a crafted SIP message containing an SDP session description, aka Bug IDs CSCtw66721, CSCtj33003, and CSCtw84664. 7.8 3.20% 2012-09-26 2026-06-16
CVE-2012-2882 FFmpeg, as used in Google Chrome before 22.0.1229.79, does not properly handle OGG containers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "wild pointer" issue. 6.8 1.63% 2012-09-26 2026-06-16
CVE-2012-2877 The extension system in Google Chrome before 22.0.1229.79 does not properly handle modal dialogs, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. 5.0 1.28% 2012-09-26 2026-06-16
CVE-2012-1103 emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs interface, allows user-assisted remote attackers to read arbitrary files via crafted MML tags, which are not properly quoted in an email reply cna cause the files to be attached to the message. 4.3 2.32% 2012-09-25 2026-06-16
CVE-2012-4655 The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204. 9.3 4.64% 2012-09-24 2026-06-16
«« First « Prev Page 6 / 18 Next »
cvelogic Threat Intelligence