Export limit exceeded: 344333 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 25009 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25009 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-3519 | 1 Tor | 1 Tor | 2025-04-11 | N/A |
| routerlist.c in Tor before 0.2.2.38 uses a different amount of time for relay-list iteration depending on which relay is chosen, which might allow remote attackers to obtain sensitive information about relay selection via a timing side-channel attack. | ||||
| CVE-2012-3525 | 3 Jabber2, Jabberd2, Redhat | 4 Jabberd2, Jabberd2, Network Proxy and 1 more | 2025-04-11 | N/A |
| s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response. | ||||
| CVE-2012-3529 | 1 Typo3 | 1 Typo3 | 2025-04-11 | N/A |
| The configuration module in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to obtain the encryption key via unspecified vectors. | ||||
| CVE-2012-3540 | 2 Openstack, Redhat | 2 Horizon, Openstack | 2025-04-11 | N/A |
| Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by mistake. | ||||
| CVE-2013-2994 | 1 Ibm | 1 Websphere Commerce | 2025-04-11 | N/A |
| IBM WebSphere Commerce 7.0 Feature Pack 4 and Feature Pack 5 incorrectly maintains a valid session after unspecified interaction with REST services, which allows remote attackers to issue REST requests in the context of an arbitrary user's active session via unknown vectors. | ||||
| CVE-2012-3544 | 2 Apache, Redhat | 2 Tomcat, Jboss Enterprise Web Server | 2025-04-11 | N/A |
| Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data. | ||||
| CVE-2012-3556 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera before 11.65 does not properly restrict the opening of a pop-up window in response to the first click of a double-click action, which makes it easier for user-assisted remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary code via a crafted web site. | ||||
| CVE-2012-3572 | 2 Nurul Hidayah Hamazulan, Oscc | 2 Mymesyuarat, Mymeeting | 2025-04-11 | N/A |
| Open Source Competency Center (OSCC) MyMeeting 3.0.1 and earlier, and MyMesyuarat 09b-1, does not properly verify uploaded documents, which allows remote authenticated users to execute arbitrary PHP code via a crafted document. | ||||
| CVE-2012-3581 | 1 Symantec | 1 Messaging Gateway | 2025-04-11 | N/A |
| Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to obtain potentially sensitive information about component versions via unspecified vectors. | ||||
| CVE-2012-3587 | 1 Debian | 1 Advanced Package Tool | 2025-04-11 | N/A |
| APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack. | ||||
| CVE-2012-3650 | 1 Apple | 1 Safari | 2025-04-11 | N/A |
| WebKit in Apple Safari before 6.0 accesses uninitialized memory locations during the rendering of SVG images, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. | ||||
| CVE-2012-3689 | 1 Apple | 1 Safari | 2025-04-11 | N/A |
| WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site. | ||||
| CVE-2012-3691 | 1 Apple | 1 Safari | 2025-04-11 | N/A |
| WebKit in Apple Safari before 6.0 does not properly handle Cascading Style Sheets (CSS) property values, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | ||||
| CVE-2012-3694 | 1 Apple | 1 Safari | 2025-04-11 | N/A |
| WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to obtain sensitive information about full pathnames via a crafted web site. | ||||
| CVE-2012-3696 | 1 Apple | 1 Safari | 2025-04-11 | N/A |
| CRLF injection vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP request splitting attacks via a crafted web site that leverages improper WebSockets URI handling. | ||||
| CVE-2012-3714 | 1 Apple | 1 Safari | 2025-04-11 | N/A |
| The Form Autofill feature in Apple Safari before 6.0.1 does not restrict the filled fields to the set of fields contained in an Autofill popover, which allows remote attackers to obtain the Me card from an Address Book via a crafted web site. | ||||
| CVE-2012-3718 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes. | ||||
| CVE-2012-3719 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| Mail in Apple Mac OS X before 10.7.5 does not properly handle embedded web plugins, which allows remote attackers to execute arbitrary plugin code via an e-mail message that triggers the loading of a third-party plugin. | ||||
| CVE-2012-3724 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| CFNetwork in Apple iOS before 6 does not properly identify the host portion of a URL, which allows remote attackers to obtain sensitive information by leveraging the construction of an HTTP request with an incorrect hostname derived from a malformed URL. | ||||
| CVE-2012-3725 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| The DNAv4 protocol implementation in the DHCP component in Apple iOS before 6 sends Wi-Fi packets containing a MAC address of a host on a previously used network, which might allow remote attackers to obtain sensitive information about previous device locations by sniffing an unencrypted Wi-Fi network for these packets. | ||||