Search

Search Results (363165 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-3500 2 Devscripts Devel Team, Fedora 2 Devscripts, Rpmdevtools 2025-04-11 N/A
scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file.
CVE-2012-3501 1 Darold 1 Squidclamav 2025-04-11 N/A
The squidclamav_check_preview_handler function in squidclamav.c in SquidClamav 5.x before 5.8 and 6.x before 6.7 passes an unescaped URL to a system command call, which allows remote attackers to cause a denial of service (daemon crash) via a URL with certain characters, as demonstrated using %0D or %0A.
CVE-2012-3502 1 Apache 1 Http Server 2025-04-11 N/A
The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
CVE-2012-3503 4 Cloudforms Systemengine, Redhat, Rhel Sam and 1 more 4 1, Enterprise Linux Server, 1.1 and 1 more 2025-04-11 9.8 Critical
The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary user by creating a cookie using the default secret_token.
CVE-2012-3504 1 Fedoraproject 1 Crypto-utils 2025-04-11 N/A
The nssconfigFound function in genkey.pl in crypto-utils 2.4.1-34 allows local users to overwrite arbitrary files via a symlink attack on the "list" file in the current working directory.
CVE-2012-3505 1 Banu 1 Tinyproxy 2025-04-11 N/A
Tinyproxy 1.8.3 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via (1) a large number of headers or (2) a large number of forged headers that trigger hash collisions predictably. bucket.
CVE-2012-3506 1 Apache 1 Ofbiz 2025-04-11 N/A
Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
CVE-2012-3507 1 Roundcube 1 Webmail 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in program/steps/mail/func.inc in RoundCube Webmail before 0.8.0, when using the Larry skin, allows remote attackers to inject arbitrary web script or HTML via the email message subject.
CVE-2012-3508 1 Roundcube 1 Webmail 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web script or HTML by using "javascript:" in an href attribute in the body of an HTML-formatted email.
CVE-2012-3509 3 Canonical, Debian, Gnu 4 Ubuntu Linux, Debian Linux, Binutils and 1 more 2025-04-11 N/A
Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the "addition of CHUNK_HEADER_SIZE to the length," which triggers a heap-based buffer overflow.
CVE-2012-3510 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-04-11 N/A
Use-after-free vulnerability in the xacct_add_tsk function in kernel/tsacct.c in the Linux kernel before 2.6.19 allows local users to obtain potentially sensitive information from kernel memory or cause a denial of service (system crash) via a taskstats TASKSTATS_CMD_ATTR_PID command.
CVE-2012-3511 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Mrg 2025-04-11 N/A
Multiple race conditions in the madvise_remove function in mm/madvise.c in the Linux kernel before 3.4.5 allow local users to cause a denial of service (use-after-free and system crash) via vectors involving a (1) munmap or (2) close system call.
CVE-2012-3512 1 Munin-monitoring 1 Munin 2025-04-11 N/A
Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin.
CVE-2012-3513 1 Munin-monitoring 1 Munin 2025-04-11 N/A
munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
CVE-2012-3514 1 Nicolas Cannasse 1 Ocaml Xml-light Library 2025-04-11 N/A
OCaml Xml-Light Library before r234 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via unspecified vectors.
CVE-2012-3515 7 Canonical, Debian, Opensuse and 4 more 15 Ubuntu Linux, Debian Linux, Opensuse and 12 more 2025-04-11 N/A
Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space."
CVE-2012-3516 2 Citrix, Xen 2 Xenserver, Xen 2025-04-11 N/A
The GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall in Xen 4.2 and Citrix XenServer 6.0.2 allows local guest kernels or administrators to cause a denial of service (host crash) and possibly gain privileges via a crafted grant reference that triggers a write to an arbitrary hypervisor memory location.
CVE-2012-3517 1 Tor 1 Tor 2025-04-11 N/A
Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might allow remote attackers to cause a denial of service (daemon crash) via vectors related to failed DNS requests.
CVE-2012-3518 1 Tor 1 Tor 2025-04-11 N/A
The networkstatus_parse_vote_from_string function in routerparse.c in Tor before 0.2.2.38 does not properly handle an invalid flavor name, which allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted (1) vote document or (2) consensus document.
CVE-2012-3559 2 Apple, Opera 2 Mac Os X, Opera Browser 2025-04-11 N/A
Unspecified vulnerability in Opera before 12.00 on Mac OS X has unknown impact and attack vectors, related to a "moderate severity issue."