探索与 Input Validation 漏洞相关的 CVE,并按公开年份筛选。本列表默认优先展示最新披露,并支持按 CVSS 与 EPSS 风险分数进一步筛选。
覆盖最新漏洞披露与趋势,帮助安全团队快速识别高风险问题与被利用可能性。
当前为 Input Validation 类型、2012 年公开的 CVE。 查看完整 CVE 列表
| CVE | 描述 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|
| CVE-2011-5251 | Open redirect vulnerability in forum/login.php in vBulletin 4.1.3 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter in a lostpw action. | 5.8 | 1.53% | 2012-12-31 | 2026-04-29 |
| CVE-2012-5445 | The kernel in Cisco Native Unix (CNU) on Cisco Unified IP Phone 7900 series devices (aka TNP phones) with software before 9.3.1-ES10 does not properly validate unspecified system calls, which allows attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a crafted binary. | 6.8 | 0.36% | 2012-12-28 | 2026-04-29 |
| CVE-2012-0741 | IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during use of the Manual Explore Proxy feature, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary certificate. | 5.8 | 0.59% | 2012-12-28 | 2026-04-29 |
| CVE-2012-0738 | IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during scanning, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary certificate. | 5.8 | 0.59% | 2012-12-28 | 2026-04-29 |
| CVE-2012-2669 | The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.4.5, does not validate the origin of Netlink messages, which allows local users to spoof Netlink communication via a crafted connector message. | 2.1 | 0.35% | 2012-12-27 | 2026-04-29 |
| CVE-2012-5643 | Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials. | 5.0 | 23.18% | 2012-12-20 | 2026-04-29 |
| CVE-2012-5968 | The Huawei E585 device does not validate the status of admin sessions, which allows remote attackers to obtain sensitive user information and the session ID, and modify data, by leveraging access to the LAN network. | 4.8 | 0.43% | 2012-12-19 | 2026-04-29 |
| CVE-2012-4348 | The management console in Symantec Endpoint Protection (SEP) 11.0 before RU7-MP3 and 12.1 before RU2, and Symantec Endpoint Protection Small Business Edition 12.x before 12.1 RU2, does not properly validate input for PHP scripts, which allows remote authenticated users to execute arbitrary code via unspecified vectors. | 7.2 | 1.16% | 2012-12-18 | 2026-04-29 |
| CVE-2012-5610 | Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud before 4.0.9 and 4.5.x before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a special crafted name. | 6.5 | 2.17% | 2012-12-18 | 2026-04-29 |
| CVE-2012-5513 | The XENMEM_exchange handler in Xen 4.2 and earlier does not properly check the memory address, which allows local PV guest OS administrators to cause a denial of service (crash) or possibly gain privileges via unspecified vectors that overwrite memory in the hypervisor reserved range. | 6.9 | 0.41% | 2012-12-13 | 2026-04-29 |
| CVE-2012-2549 | The IP-HTTPS server in Windows Server 2008 R2 and R2 SP1 and Server 2012 does not properly validate certificates, which allows remote attackers to bypass intended access restrictions via a revoked certificate, aka "Revoked Certificate Bypass Vulnerability." | 5.8 | 10.00% | 2012-12-12 | 2026-04-29 |
| CVE-2012-6301 | The Browser application in Android 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted market: URI in the SRC attribute of an IFRAME element. | 5.0 | 6.45% | 2012-12-10 | 2026-04-29 |
| CVE-2012-5688 | ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query. | 7.8 | 10.90% | 2012-12-06 | 2026-04-29 |
| CVE-2012-6062 | The dissect_rtcp_app function in epan/dissectors/packet-rtcp.c in the RTCP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | 5.0 | 2.86% | 2012-12-05 | 2026-04-29 |
| CVE-2012-6059 | The dissect_isakmp function in epan/dissectors/packet-isakmp.c in the ISAKMP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 uses an incorrect data structure to determine IKEv2 decryption parameters, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. | 5.0 | 2.63% | 2012-12-05 | 2026-04-29 |
| CVE-2012-4982 | Open redirect vulnerability in assets/login on the Forescout CounterACT NAC device before 7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the a parameter. | 5.8 | 7.47% | 2012-12-05 | 2026-04-29 |
| CVE-2012-4609 | The web interface in EMC RSA NetWitness Informer before 2.0.5.6 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | 4.3 | 0.96% | 2012-12-05 | 2026-04-29 |
| CVE-2012-5534 | The hook_process function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to "shell expansion." | 7.5 | 4.44% | 2012-12-03 | 2026-04-29 |
| CVE-2012-4222 | drivers/gpu/msm/kgsl.c in the Qualcomm Innovation Center (QuIC) Graphics KGSL kernel-mode driver for Android 2.3 through 4.2 allows attackers to cause a denial of service (NULL pointer dereference) via an application that uses crafted arguments in a local kgsl_ioctl call. | 4.3 | 0.69% | 2012-11-30 | 2026-04-29 |
| CVE-2012-5136 | Google Chrome before 23.0.1271.91 does not properly perform a cast of an unspecified variable during handling of the INPUT element, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted HTML document. | 6.8 | 1.25% | 2012-11-28 | 2026-04-29 |