Armis Vulnerability Intelligence Database

By combining AI with human insight, Armis Vulnerability Intelligence Database offers extended coverage for vulnerabilities that matter to you, your industry, and provides you with clear remediation instructions.

CVE Name	Severity Score	Published Date	CISA KEV

New from Armis

Armis Pulse

One CVE. Every day. Curated by Armis researchers and delivered to your inbox or RSS reader.

SUBSCRIBE FREE

Take It Further with the API

Direct API access to the Armis Vulnerability Intelligence Database via AWS Marketplace — integrate real-time data into your stack.

Seamless Integration: Feed contextual data into your existing tools.
Automated Workflows: Automate vulnerability lookups in real-time.

GET THE API

Perspectives, Insights, and News

This Year Vulnerability Management Moves from the Basement to the C-suite

The evolution of cybersecurity practices are reshaping how organizations tackle vulnerabilities.

READ BLOG→

Closing the Loop

Making security everyone's business with prioritization and collaboration.

READ CASE STUDY→

The State of Cyberwarfare

The state of Cyberwarfare

LEARN MORE→

January 2012 CVEs

316 vulnerabilities published in January 2012.

CVE-2007-6751Medium 4.3
Cross-site scripting (XSS) vulnerability in the Movable Type MailForm plugin prior to version 1.20, allowing remote attackers to inject arbitrary JavaScript or HTML via unspecified vectors.
CVE-2012-0026None
This CVE entry, CVE-2012-0026, has been rejected as a duplicate of CVE-2012-0287. Use CVE-2012-0287 for the official vulnerability details and references.
CVE-2011-1386Medium 4.3
IBM Tivoli Federated Identity Manager (TFIM) and TFIMBG suffer from inadequate handling of SAML signature validations for SAML 1.0, 1.1, and 2.0, allowing remote attackers to bypass authentication or …
CVE-2011-3337Medium 6.9
eEye Audit ID 2499 in eEye Digital Security Audits 2406 through 2423 for eEye Retina Network Security Scanner on HP-UX, IRIX, and Solaris allows local users to gain privileges via a Trojan horse gaunt…
CVE-2011-1384Medium 4.0
The invscout.rte components (bin/invscoutClient_VPD_Survey and sbin/invscout_lsvpd) on IBM AIX before 2.2.0.19 allow local users to delete arbitrary files or trigger inventory scout operations on arbi…
CVE-2011-5048Medium 4.3
Multiple cross-site scripting (XSS) vulnerabilities in IBM Web Experience Factory (WEF, formerly WebSphere Portlet Factory) 7.0 and 7.0.1 allow remote attackers to inject arbitrary web script or HTML …
CVE-2011-4197High 7.5
pfSense’s PKI implementation contains an insecure certificate creation flaw in which each X.509 certificate is generated with the CA basic constraint set to true, allowing remote attackers to create s…
CVE-2011-5047Medium 4.3
Cross-site scripting (XSS) vulnerability in pfSense status_rrd_graph.php via the style parameter, affecting pfSense releases before 2.0.1.
CVE-2011-4778Medium 4.3
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.2.x before 4.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors (SPL-44614).
CVE-2011-4644Critical 9.3
Splunk 4.2.5 and earlier with a Free license allows potentially undesired functionality in unauthenticated environments, enabling remote attackers to read arbitrary files via a crafted data source in …
CVE-2011-4643Medium 4.0
Multiple directory traversal vulnerabilities in Splunk 4.x before 4.2.5 allow remote authenticated users to read arbitrary files via a .. (dot dot) in a URI to Splunk Web or the Splunkd HTTP Server, a…
CVE-2011-4642Medium 4.6
mappy.py in Splunk Web in Splunk 4.2.x before 4.2.5 does not properly restrict use of the mappy command to access Python classes, allowing remote authenticated administrators to execute arbitrary code…
CVE-2011-3667Medium 6.8
Remote attackers can exploit a Bugzilla vulnerability in the User.offer_account_by_email WebService to create user accounts by leveraging a token contained in an e-mail message, when createemailregexp…
CVE-2011-3668Medium 6.8
Cross-site request forgery (CSRF) vulnerability in post_bug.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to hijack the authentication of arbitrary users for requests that cr…
CVE-2011-3669Medium 6.8
Cross-site request forgery (CSRF) vulnerability in Bugzilla's attachment.cgi affects Bugzilla 2.x, 3.x, and 4.x prior to 4.2rc1, allowing remote attackers to hijack the authentication of arbitrary use…
CVE-2011-3657Medium 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla when debug mode is enabled, allowing remote attackers to inject arbitrary web script or HTML via (1) tabular reports, (2) graphical repo…