探索與 Input Validation 漏洞相關的 CVE,並依公開年份篩選。本清單預設優先展示最新揭露,並支援依 CVSS 與 EPSS 風險分數進一步篩選。
涵蓋最新漏洞揭露與趨勢,協助安全團隊快速識別高風險問題與被利用可能性。
目前為 Input Validation 類型、2012 年公開的 CVE。 檢視完整 CVE 清單
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2011-5251 | Open redirect vulnerability in forum/login.php in vBulletin 4.1.3 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter in a lostpw action. | 5.8 | 0.24% | 2012-12-31 | 2026-04-29 |
| CVE-2012-5445 | The kernel in Cisco Native Unix (CNU) on Cisco Unified IP Phone 7900 series devices (aka TNP phones) with software before 9.3.1-ES10 does not properly validate unspecified system calls, which allows attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a crafted binary. | 6.8 | 0.36% | 2012-12-28 | 2026-04-29 |
| CVE-2012-0741 | IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during use of the Manual Explore Proxy feature, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary certificate. | 5.8 | 0.14% | 2012-12-28 | 2026-04-29 |
| CVE-2012-0738 | IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during scanning, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary certificate. | 5.8 | 0.14% | 2012-12-28 | 2026-04-29 |
| CVE-2012-2669 | The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.4.5, does not validate the origin of Netlink messages, which allows local users to spoof Netlink communication via a crafted connector message. | 2.1 | 0.08% | 2012-12-27 | 2026-04-29 |
| CVE-2012-5643 | Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials. | 5.0 | 33.16% | 2012-12-20 | 2026-04-29 |
| CVE-2012-5968 | The Huawei E585 device does not validate the status of admin sessions, which allows remote attackers to obtain sensitive user information and the session ID, and modify data, by leveraging access to the LAN network. | 4.8 | 0.08% | 2012-12-19 | 2026-04-29 |
| CVE-2012-4348 | The management console in Symantec Endpoint Protection (SEP) 11.0 before RU7-MP3 and 12.1 before RU2, and Symantec Endpoint Protection Small Business Edition 12.x before 12.1 RU2, does not properly validate input for PHP scripts, which allows remote authenticated users to execute arbitrary code via unspecified vectors. | 7.2 | 2.47% | 2012-12-18 | 2026-04-29 |
| CVE-2012-5610 | Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud before 4.0.9 and 4.5.x before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a special crafted name. | 6.5 | 1.09% | 2012-12-18 | 2026-04-29 |
| CVE-2012-5513 | The XENMEM_exchange handler in Xen 4.2 and earlier does not properly check the memory address, which allows local PV guest OS administrators to cause a denial of service (crash) or possibly gain privileges via unspecified vectors that overwrite memory in the hypervisor reserved range. | 6.9 | 0.06% | 2012-12-13 | 2026-04-29 |
| CVE-2012-2549 | The IP-HTTPS server in Windows Server 2008 R2 and R2 SP1 and Server 2012 does not properly validate certificates, which allows remote attackers to bypass intended access restrictions via a revoked certificate, aka "Revoked Certificate Bypass Vulnerability." | 5.8 | 9.14% | 2012-12-12 | 2026-04-29 |
| CVE-2012-6301 | The Browser application in Android 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted market: URI in the SRC attribute of an IFRAME element. | 5.0 | 43.03% | 2012-12-10 | 2026-04-29 |
| CVE-2012-5688 | ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query. | 7.8 | 7.93% | 2012-12-06 | 2026-04-29 |
| CVE-2012-6062 | The dissect_rtcp_app function in epan/dissectors/packet-rtcp.c in the RTCP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | 5.0 | 0.27% | 2012-12-05 | 2026-04-29 |
| CVE-2012-6059 | The dissect_isakmp function in epan/dissectors/packet-isakmp.c in the ISAKMP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 uses an incorrect data structure to determine IKEv2 decryption parameters, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. | 5.0 | 0.73% | 2012-12-05 | 2026-04-29 |
| CVE-2012-4982 | Open redirect vulnerability in assets/login on the Forescout CounterACT NAC device before 7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the a parameter. | 5.8 | 8.92% | 2012-12-05 | 2026-04-29 |
| CVE-2012-4609 | The web interface in EMC RSA NetWitness Informer before 2.0.5.6 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | 4.3 | 0.22% | 2012-12-05 | 2026-04-29 |
| CVE-2012-5534 | The hook_process function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to "shell expansion." | 7.5 | 1.97% | 2012-12-03 | 2026-04-29 |
| CVE-2012-4222 | drivers/gpu/msm/kgsl.c in the Qualcomm Innovation Center (QuIC) Graphics KGSL kernel-mode driver for Android 2.3 through 4.2 allows attackers to cause a denial of service (NULL pointer dereference) via an application that uses crafted arguments in a local kgsl_ioctl call. | 4.3 | 0.22% | 2012-11-30 | 2026-04-29 |
| CVE-2012-5136 | Google Chrome before 23.0.1271.91 does not properly perform a cast of an unspecified variable during handling of the INPUT element, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted HTML document. | 6.8 | 1.25% | 2012-11-28 | 2026-04-29 |