LiveActive security incident?Get immediate response
CVE archive

February 2012

Browse CVE records published in February 2012, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 424 matching CVEs · Page 1 of 9.

Medium · CVSS 4.9

CVE-2012-0059: Spacewalk-backend: spacewalk-backend: information disclosure via cleartext passwords in error messages

A flaw was found in Spacewalk-backend. This information disclosure vulnerability occurs when a system registration XML-RPC call fails, causing cleartext user passwords to be included in error messages. Remote administrators can exploit this by reading server logs and emails, leading to the unauthorized disclosure of user passwords.

Published Feb 5, 2014 · Updated Apr 2, 2026

High · CVSS 7.8 · CISA KEV

CVE-2012-0754: Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris;...

Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

Published Feb 16, 2012 · Updated Nov 17, 2025

Medium · CVSS 6.1 · CISA KEV

CVE-2012-0767: Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102....

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)," as exploited in the wild in February 2012.

Published Feb 16, 2012 · Updated Oct 22, 2025

Medium · CVSS 6.5

CVE-2012-10008: uakfdotb oneapp sql injection

A vulnerability, which was classified as critical, has been found in uakfdotb oneapp. This issue affects some unknown processing. The manipulation leads to sql injection. The attack may be initiated remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 5413ac804f1b09f9decc46a6c37b08352c49669c. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221483.

Published Feb 20, 2023 · Updated Mar 12, 2025

High · CVSS 7.8

CVE-2012-0014: Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restr...

Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability."

Published Feb 14, 2012 · Updated Jan 21, 2025

Critical · CVSS 9.1

CVE-2012-3363: Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXM...

Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack.

Published Feb 13, 2013 · Updated Jan 16, 2025

Unknown · CVSS Not scored

CVE-2012-1194: The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server...

The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.

Published Feb 17, 2012 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2012-1004: Multiple cross-site scripting (XSS) vulnerabilities in UI/Register.pm in Foswiki before 1.1.5 allow remote...

Multiple cross-site scripting (XSS) vulnerabilities in UI/Register.pm in Foswiki before 1.1.5 allow remote authenticated users with CHANGE privileges to inject arbitrary web script or HTML via the (1) text, (2) FirstName, (3) LastName, (4) OrganisationName, (5) OrganisationUrl, (6) Profession, (7) Country, (8) State, (9) Address, (10) Location, (11) Telephone, (12) VoIP, (13) InstantMessagingIM, (14) Email, (15) HomePage, or (16) Comment parameter. NOTE: some of these details are obtained from third party information.

Published Feb 8, 2012 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2012-0763: The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute ar...

The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0764, and CVE-2012-0766.

Published Feb 15, 2012 · Updated Sep 17, 2024